Windows Analysis Report
EXPORT INVOICE.pdf.scr

Overview

General Information

Sample Name: EXPORT INVOICE.pdf.scr (renamed file extension from scr to exe)
Analysis ID: 625078
MD5: 2cf09341b87d20404a6d824305ea5419
SHA1: ec9de894d7cb09ed3940db31dfc7a39cc1280acd
SHA256: 2b21885c68cf8bcee3be7e08574372130a42c74a047b1f962cc5e270bb7b543e
Tags: exe
Infos:

Detection

Score: 68
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Initial sample is a PE file and has a suspicious name
Uses an obfuscated file name to hide its real file extension (double extension)
Machine Learning detection for sample
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
One or more processes crash
PE file contains strange resources
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Checks if the current process is being debugged
Detected potential crypto function

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: EXPORT INVOICE.pdf.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: EXPORT INVOICE.pdf.exe Virustotal: Detection: 37% Perma Link
Source: EXPORT INVOICE.pdf.exe ReversingLabs: Detection: 34%
Machine Learning detection for sample
Source: EXPORT INVOICE.pdf.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: EXPORT INVOICE.pdf.exe Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: EXPORT INVOICE.pdf.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: System.Core.ni.pdbRSDSD source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.Xml.ni.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: Accessibility.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.ni.pdbRSDS source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: .pdb08 source: EXPORT INVOICE.pdf.exe, 00000001.00000002.431660195.0000000001357000.00000004.00000010.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000000.413234649.0000000001357000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Configuration.ni.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: mscorlib.ni.pdbRSDS source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.Configuration.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: EXPORT INVOICE.pdf.PDB source: EXPORT INVOICE.pdf.exe, 00000001.00000002.431660195.0000000001357000.00000004.00000010.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000000.413234649.0000000001357000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Xml.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: (P5oLC:\Windows\Microsoft.VisualBasic.pdb source: EXPORT INVOICE.pdf.exe, 00000001.00000002.431660195.0000000001357000.00000004.00000010.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000000.413234649.0000000001357000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Drawing.pdbH source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.Core.ni.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: Microsoft.VisualBasic.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.Windows.Forms.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: Microsoft.VisualBasic.pdb4" source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: mscorlib.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: np@oVisualBasic.pdb source: EXPORT INVOICE.pdf.exe, 00000001.00000002.431660195.0000000001357000.00000004.00000010.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000000.413234649.0000000001357000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Drawing.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: mscorlib.ni.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.Core.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: C:\Users\user\Desktop\EXPORT INVOICE.pdf.PDB source: EXPORT INVOICE.pdf.exe, 00000001.00000002.431660195.0000000001357000.00000004.00000010.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000000.413234649.0000000001357000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Xml.ni.pdbRSDS source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.ni.pdb source: WERC3FE.tmp.dmp.7.dr
Source: EXPORT INVOICE.pdf.exe, 00000001.00000003.370373493.000000000867D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://en.wM
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fontfabrik.com
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.415970243.0000000008640000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.coma
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.415970243.0000000008640000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comionm
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.415970243.0000000008640000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.como
Source: EXPORT INVOICE.pdf.exe, 00000001.00000003.371092907.000000000867D000.00000004.00000800.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000003.371122582.000000000867D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: EXPORT INVOICE.pdf.exe, 00000001.00000003.371092907.000000000867D000.00000004.00000800.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000003.371043084.000000000867D000.00000004.00000800.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000003.371122582.000000000867D000.00000004.00000800.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000003.371160843.000000000867D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com;
Source: EXPORT INVOICE.pdf.exe, 00000001.00000003.371043084.000000000867D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.comW
Source: EXPORT INVOICE.pdf.exe, 00000001.00000003.371122582.000000000867D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.comWT
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000003.376953483.0000000008647000.00000004.00000800.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000003.377031607.0000000008648000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: EXPORT INVOICE.pdf.exe, 00000001.00000003.376953483.0000000008647000.00000004.00000800.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000003.377031607.0000000008648000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: EXPORT INVOICE.pdf.exe, 00000001.00000003.376953483.0000000008647000.00000004.00000800.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000003.377031607.0000000008648000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cnD
Source: EXPORT INVOICE.pdf.exe, 00000001.00000003.376953483.0000000008647000.00000004.00000800.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000003.377031607.0000000008648000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cndnl
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: EXPORT INVOICE.pdf.exe, 00000001.00000003.379986920.000000000864D000.00000004.00000800.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000003.379854422.000000000864E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.comrmW
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: EXPORT INVOICE.pdf.exe, 00000001.00000003.371908716.0000000008647000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.net
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: EXPORT INVOICE.pdf.exe, 00000001.00000003.373268434.0000000008648000.00000004.00000800.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000003.373229768.0000000008647000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netr
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412177175.0000000009852000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn

System Summary
barindex
Initial sample is a PE file and has a suspicious name
Source: initial sample Static PE information: Filename: EXPORT INVOICE.pdf.exe
Source: initial sample Static PE information: Filename: EXPORT INVOICE.pdf.exe
Uses 32bit PE files
Source: EXPORT INVOICE.pdf.exe Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Sample file is different than original file name gathered from version info
Source: EXPORT INVOICE.pdf.exe Binary or memory string: OriginalFilename vs EXPORT INVOICE.pdf.exe
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.364000331.0000000000FB2000.00000002.00000001.01000000.00000005.sdmp Binary or memory string: OriginalFilenameIRuntimeEvidenceFact.exe< vs EXPORT INVOICE.pdf.exe
Source: EXPORT INVOICE.pdf.exe, 00000001.00000000.412654077.000000000A0E0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameFort.dll" vs EXPORT INVOICE.pdf.exe
Source: EXPORT INVOICE.pdf.exe, 00000001.00000002.432550901.000000000329A000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFort.dll" vs EXPORT INVOICE.pdf.exe
Source: EXPORT INVOICE.pdf.exe Binary or memory string: OriginalFilenameIRuntimeEvidenceFact.exe< vs EXPORT INVOICE.pdf.exe
One or more processes crash
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 1280
PE file contains strange resources
Source: EXPORT INVOICE.pdf.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Detected potential crypto function
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_0327216B 1_2_0327216B
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_03271768 1_2_03271768
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_0327B52C 1_2_0327B52C
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_032704D0 1_2_032704D0
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_03270FD8 1_2_03270FD8
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_03273313 1_2_03273313
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_032753E8 1_2_032753E8
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_032753F8 1_2_032753F8
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_03273205 1_2_03273205
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_03273120 1_2_03273120
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_032751B1 1_2_032751B1
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_03273184 1_2_03273184
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_032751C0 1_2_032751C0
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_03273070 1_2_03273070
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_03275629 1_2_03275629
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_03275638 1_2_03275638
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_0327352C 1_2_0327352C
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_032734AF 1_2_032734AF
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_03274B38 1_2_03274B38
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_03274B48 1_2_03274B48
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_0327580B 1_2_0327580B
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_03272F79 1_2_03272F79
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_03273FB1 1_2_03273FB1
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_03270F92 1_2_03270F92
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_03273FC0 1_2_03273FC0
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_0A0C8A90 1_2_0A0C8A90
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_0A0CEFC0 1_2_0A0CEFC0
Source: EXPORT INVOICE.pdf.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: EXPORT INVOICE.pdf.exe Virustotal: Detection: 37%
Source: EXPORT INVOICE.pdf.exe ReversingLabs: Detection: 34%
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe File read: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Jump to behavior
Source: EXPORT INVOICE.pdf.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe "C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe"
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 1280
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7108
Source: C:\Windows\SysWOW64\WerFault.exe File created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERC3FE.tmp Jump to behavior
Source: classification engine Classification label: mal68.evad.winEXE@2/4@0/0
Source: C:\Windows\SysWOW64\WerFault.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: EXPORT INVOICE.pdf.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: EXPORT INVOICE.pdf.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: System.Core.ni.pdbRSDSD source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.Xml.ni.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: Accessibility.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.ni.pdbRSDS source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: .pdb08 source: EXPORT INVOICE.pdf.exe, 00000001.00000002.431660195.0000000001357000.00000004.00000010.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000000.413234649.0000000001357000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Configuration.ni.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: mscorlib.ni.pdbRSDS source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.Configuration.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: EXPORT INVOICE.pdf.PDB source: EXPORT INVOICE.pdf.exe, 00000001.00000002.431660195.0000000001357000.00000004.00000010.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000000.413234649.0000000001357000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Xml.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: (P5oLC:\Windows\Microsoft.VisualBasic.pdb source: EXPORT INVOICE.pdf.exe, 00000001.00000002.431660195.0000000001357000.00000004.00000010.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000000.413234649.0000000001357000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Drawing.pdbH source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.Core.ni.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: Microsoft.VisualBasic.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.Windows.Forms.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: Microsoft.VisualBasic.pdb4" source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: mscorlib.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: np@oVisualBasic.pdb source: EXPORT INVOICE.pdf.exe, 00000001.00000002.431660195.0000000001357000.00000004.00000010.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000000.413234649.0000000001357000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Drawing.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: mscorlib.ni.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.Core.pdb source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: C:\Users\user\Desktop\EXPORT INVOICE.pdf.PDB source: EXPORT INVOICE.pdf.exe, 00000001.00000002.431660195.0000000001357000.00000004.00000010.00020000.00000000.sdmp, EXPORT INVOICE.pdf.exe, 00000001.00000000.413234649.0000000001357000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.Xml.ni.pdbRSDS source: WERC3FE.tmp.dmp.7.dr
Source: Binary string: System.ni.pdb source: WERC3FE.tmp.dmp.7.dr
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_00EF23FC push esp; ret 1_2_00EF23FE
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Code function: 1_2_00EF2418 push cs; retf 1_2_00EF2422
Source: initial sample Static PE information: section name: .text entropy: 7.63374734815

Hooking and other Techniques for Hiding and Protection
barindex
Uses an obfuscated file name to hide its real file extension (double extension)
Source: Possible double extension: pdf.exe Static PE information: EXPORT INVOICE.pdf.exe
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe TID: 7112 Thread sleep time: -45733s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Thread delayed: delay time: 45733 Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Memory allocated: page read and write | page guard Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Fonts\GILSANUB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\EXPORT INVOICE.pdf.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 625078 Sample: EXPORT INVOICE.pdf.scr Startdate: 12/05/2022 Architecture: WINDOWS Score: 68 10 Antivirus / Scanner detection for submitted sample 2->10 12 Multi AV Scanner detection for submitted file 2->12 14 Uses an obfuscated file name to hide its real file extension (double extension) 2->14 16 2 other signatures 2->16 6 EXPORT INVOICE.pdf.exe 2 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started       
No contacted IP infos