Windows Analysis Report Order List from Dunen Enterprise Corporation.exe

Overview

General Information

Sample Name: Order List from Dunen Enterprise Corporation.exe
Analysis ID: 482788
MD5: 744d832006910318b2826e4cc8db4b11
SHA1: b58f485d5153dc4cb1a608091e1174d6fc966a4a
SHA256: e015835dd69bbd384cb9b347984b648562281ba9e532ca110b6962bce9262251
Tags: exeguloader
Infos:

Most interesting Screenshot:

Detection

GuLoader FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Potential malicious icon found
Yara detected Generic Dropper
Yara detected FormBook
Malicious sample detected (through community Yara rule)
GuLoader behavior detected
Yara detected GuLoader
Hides threads from debuggers
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Yara signature match
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to call native functions
Creates processes with suspicious names
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
Enables debug privileges
Sample file is different than original file name gathered from version info
PE file contains strange resources
Contains functionality to read the PEB
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

AV Detection:

barindex
Found malware configuration
Source: 00000000.00000002.473954904.0000000002880000.00000040.00000001.sdmp Malware Configuration Extractor: GuLoader {"Payload URL": "https://onedrive.live.com/download?cid=3B15BFABEF8C3B9%()"}
Source: 00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmp Malware Configuration Extractor: FormBook {"C2 list": ["www.mx-online-service.xyz/hhse/"], "decoy": ["gujranwala.city", "peinture-san-deco.com", "disvapes.com", "tekst-sanderlei.com", "veryfastsnail.com", "yaqiong.net", "onlinebingocenter.com", "kenttreesurgery.com", "berislavic.com", "ecomemailspack.com", "drgustavoteyssier.com", "mayfieldslodge.com", "qiubaolink.com", "kevinkensik.com", "boatmanagementexpert.com", "dbylkov.com", "griffin-designs.com", "glowlikethis.com", "fuckjules.com", "lxqc6688.com", "cduyechang.com", "jintelcare.com", "abdiscountplumbing.com", "merrilllynchph.com", "yuanxinlv.com", "chinapuma.com", "covertroyalty.com", "grouphall.net", "unikpixls.com", "rbainlaw.com", "bold2x.com", "eventosav.com", "copywritermeg.com", "geeeknozoid.com", "physio-schmid.com", "bankofsavings.com", "xzttzs.com", "water-note.com", "gutter-rutter.com", "wallis-applications.com", "aurora-graphics.com", "justindoorsoccer.com", "drivly.net", "allonot.com", "splashseltzer.com", "sanctuarymarbella.com", "fossickandfind.com", "sari-2.com", "luxedesignsinc.com", "cowlickgin.com", "anothergeorgia.life", "mainstreetmarketlillington.com", "vibe-communications.com", "nextgenrs.net", "kosurvival.com", "uvinq.com", "crenate-throe.info", "weazing.net", "mydreamit.world", "shortandsweetorganizing.com", "24bitpay-trade.com", "qianniaofan.com", "thepccafe.com", "solucionesautomotrices.info"]}
Yara detected FormBook
Source: Yara match File source: 0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000000.735368674.0000000006D25000.00000040.00020000.sdmp, type: MEMORY
Machine Learning detection for sample
Source: Order List from Dunen Enterprise Corporation.exe Joe Sandbox ML: detected

Compliance:

barindex
Uses 32bit PE files
Source: Order List from Dunen Enterprise Corporation.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: Binary string: msdt.pdbGCTL source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.771036580.000000001EA40000.00000040.00020000.sdmp
Source: Binary string: wntdll.pdbUGP source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.769810515.000000001E82F000.00000040.00000001.sdmp
Source: Binary string: wntdll.pdb source: Order List from Dunen Enterprise Corporation.exe
Source: Binary string: msdt.pdb source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.771036580.000000001EA40000.00000040.00020000.sdmp

Networking:

barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: www.mx-online-service.xyz/hhse/
Source: Malware configuration extractor URLs: https://onedrive.live.com/download?cid=3B15BFABEF8C3B9%()
Source: Order List from Dunen Enterprise Corporation.exe String found in binary or memory: http://creativecommons.org/licenses/by-nc-sa/3.0/
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.712601137.000000000088D000.00000004.00000001.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: explorer.exe, 0000001A.00000000.734719256.0000000006870000.00000004.00000001.sdmp String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.712601137.000000000088D000.00000004.00000001.sdmp String found in binary or memory: https://irbzka.bl.files.1drv.com/
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.710798103.0000000000891000.00000004.00000001.sdmp String found in binary or memory: https://irbzka.bl.files.1drv.com/HoH
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.712601137.000000000088D000.00000004.00000001.sdmp String found in binary or memory: https://irbzka.bl.files.1drv.com/jof
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.710798103.0000000000891000.00000004.00000001.sdmp String found in binary or memory: https://irbzka.bl.files.1drv.com/y4m-pJTApnf2X6X8FvkJBc3kwyxkRC7ohCVxKqzJT2oOkOsmFT9MDHML1cgc462m8Ps
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.712601137.000000000088D000.00000004.00000001.sdmp, Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.712985490.000000000086C000.00000004.00000001.sdmp String found in binary or memory: https://irbzka.bl.files.1drv.com/y4mSLbAIYOtMsp6WVEtbpBOKQnS0NMIQaQctk4PpaVN9FNlyx2DdMYUi4sJgBEu1tUY
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.761567848.0000000000828000.00000004.00000020.sdmp String found in binary or memory: https://onedrive.live.com/$R
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.761567848.0000000000828000.00000004.00000020.sdmp String found in binary or memory: https://onedrive.live.com/dS;
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.712985490.000000000086C000.00000004.00000001.sdmp, Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.710798103.0000000000891000.00000004.00000001.sdmp String found in binary or memory: https://onedrive.live.com/download?cid=3B15BFABEF8C3B91&resid=3B15BFABEF8C3B91%21111&authkey=AJvHyIJ
Source: unknown DNS traffic detected: queries for: onedrive.live.com

E-Banking Fraud:

barindex
Yara detected FormBook
Source: Yara match File source: 0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000000.735368674.0000000006D25000.00000040.00020000.sdmp, type: MEMORY

System Summary:

barindex
Potential malicious icon found
Source: initial sample Icon embedded in PE file: bad icon match: 20047c7c70f0e004
Malicious sample detected (through community Yara rule)
Source: 0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000001A.00000000.735368674.0000000006D25000.00000040.00020000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000001A.00000000.735368674.0000000006D25000.00000040.00020000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Initial sample is a PE file and has a suspicious name
Source: initial sample Static PE information: Filename: Order List from Dunen Enterprise Corporation.exe
Uses 32bit PE files
Source: Order List from Dunen Enterprise Corporation.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Yara signature match
Source: 0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000001A.00000000.735368674.0000000006D25000.00000040.00020000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000001A.00000000.735368674.0000000006D25000.00000040.00020000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Detected potential crypto function
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_00401574 0_2_00401574
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886E8F 0_2_02886E8F
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028872D8 0_2_028872D8
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02880E4A 0_2_02880E4A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288124F 0_2_0288124F
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288C025 0_2_0288C025
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288093C 0_2_0288093C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02880688 0_2_02880688
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886288 0_2_02886288
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02881A8B 0_2_02881A8B
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02889A81 0_2_02889A81
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885684 0_2_02885684
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885A86 0_2_02885A86
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02880A9E 0_2_02880A9E
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288A694 0_2_0288A694
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288AEA8 0_2_0288AEA8
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288B2A1 0_2_0288B2A1
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028836C8 0_2_028836C8
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028806C2 0_2_028806C2
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02880ADE 0_2_02880ADE
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288C2D4 0_2_0288C2D4
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028816E4 0_2_028816E4
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028862E4 0_2_028862E4
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288AEE4 0_2_0288AEE4
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02882A0A 0_2_02882A0A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886604 0_2_02886604
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02889A04 0_2_02889A04
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288A618 0_2_0288A618
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288421A 0_2_0288421A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885215 0_2_02885215
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02887A16 0_2_02887A16
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288622B 0_2_0288622B
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288C238 0_2_0288C238
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02883A39 0_2_02883A39
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288AA3D 0_2_0288AA3D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02884A32 0_2_02884A32
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02884E34 0_2_02884E34
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886E48 0_2_02886E48
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02884E48 0_2_02884E48
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288064A 0_2_0288064A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885A4C 0_2_02885A4C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288B242 0_2_0288B242
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885644 0_2_02885644
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288165A 0_2_0288165A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288B652 0_2_0288B652
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288C26B 0_2_0288C26B
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288626C 0_2_0288626C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885E65 0_2_02885E65
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02881278 0_2_02881278
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02883E78 0_2_02883E78
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02889E77 0_2_02889E77
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288038C 0_2_0288038C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02889B85 0_2_02889B85
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886387 0_2_02886387
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02881399 0_2_02881399
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02882FA0 0_2_02882FA0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885FA0 0_2_02885FA0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288AFA0 0_2_0288AFA0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028863A3 0_2_028863A3
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02881BB0 0_2_02881BB0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028853B5 0_2_028853B5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288A7B5 0_2_0288A7B5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028837B6 0_2_028837B6
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885BB6 0_2_02885BB6
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886FCD 0_2_02886FCD
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02883FC0 0_2_02883FC0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02883BDB 0_2_02883BDB
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028813E3 0_2_028813E3
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02883BF8 0_2_02883BF8
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885F08 0_2_02885F08
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288130E 0_2_0288130E
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288AB18 0_2_0288AB18
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02881B18 0_2_02881B18
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288A719 0_2_0288A719
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885B2C 0_2_02885B2C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288572D 0_2_0288572D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02883720 0_2_02883720
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288AB22 0_2_0288AB22
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288633A 0_2_0288633A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288BB30 0_2_0288BB30
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02883F31 0_2_02883F31
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288AF34 0_2_0288AF34
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02880341 0_2_02880341
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288C35D 0_2_0288C35D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885352 0_2_02885352
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02880B6C 0_2_02880B6C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02881778 0_2_02881778
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885778 0_2_02885778
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288AB78 0_2_0288AB78
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288B888 0_2_0288B888
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288B08C 0_2_0288B08C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288C098 0_2_0288C098
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02887895 0_2_02887895
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288A4AE 0_2_0288A4AE
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028858A5 0_2_028858A5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028864BA 0_2_028864BA
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288C0BD 0_2_0288C0BD
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885CC2 0_2_02885CC2
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028814C4 0_2_028814C4
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028878DA 0_2_028878DA
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028848DF 0_2_028848DF
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288A4D7 0_2_0288A4D7
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028860E9 0_2_028860E9
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028838EE 0_2_028838EE
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288C0FC 0_2_0288C0FC
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886409 0_2_02886409
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288180A 0_2_0288180A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288040C 0_2_0288040C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02880C12 0_2_02880C12
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885C13 0_2_02885C13
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885815 0_2_02885815
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288B016 0_2_0288B016
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02881C2E 0_2_02881C2E
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886038 0_2_02886038
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02889843 0_2_02889843
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288C058 0_2_0288C058
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885C5C 0_2_02885C5C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02883866 0_2_02883866
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02884066 0_2_02884066
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02881475 0_2_02881475
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02881876 0_2_02881876
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02883477 0_2_02883477
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288AD8C 0_2_0288AD8C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288A582 0_2_0288A582
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02883990 0_2_02883990
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288C190 0_2_0288C190
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02884996 0_2_02884996
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028861AE 0_2_028861AE
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028815BA 0_2_028815BA
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028829BB 0_2_028829BB
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028841BB 0_2_028841BB
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02883DBC 0_2_02883DBC
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885DBE 0_2_02885DBE
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288B1B5 0_2_0288B1B5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288C1C9 0_2_0288C1C9
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028819CD 0_2_028819CD
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288B5DB 0_2_0288B5DB
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028859E4 0_2_028859E4
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028851F4 0_2_028851F4
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02881908 0_2_02881908
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02882D0E 0_2_02882D0E
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02884100 0_2_02884100
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02884904 0_2_02884904
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288A504 0_2_0288A504
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02883D1C 0_2_02883D1C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288B11D 0_2_0288B11D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288152D 0_2_0288152D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02882D24 0_2_02882D24
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288C14A 0_2_0288C14A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02881943 0_2_02881943
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886544 0_2_02886544
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02884150 0_2_02884150
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885954 0_2_02885954
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288317C 0_2_0288317C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288797C 0_2_0288797C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288AD75 0_2_0288AD75
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E756E30 22_2_1E756E30
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76EBB0 22_2_1E76EBB0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E74841F 22_2_1E74841F
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F1002 22_2_1E7F1002
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7620A0 22_2_1E7620A0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E74B090 22_2_1E74B090
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E730D20 22_2_1E730D20
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E754120 22_2_1E754120
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73F900 22_2_1E73F900
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E74D5E0 22_2_1E74D5E0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E801D55 22_2_1E801D55
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E762581 22_2_1E762581
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: String function: 1E73B150 appears 32 times
Contains functionality to call native functions
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886E8F NtWriteVirtualMemory, 0_2_02886E8F
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288BA80 NtProtectVirtualMemory, 0_2_0288BA80
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028872D8 NtAllocateVirtualMemory, 0_2_028872D8
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02880E4A NtWriteVirtualMemory,LoadLibraryA, 0_2_02880E4A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288124F NtWriteVirtualMemory,TerminateProcess,LoadLibraryA, 0_2_0288124F
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886288 NtWriteVirtualMemory, 0_2_02886288
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02889A81 NtWriteVirtualMemory, 0_2_02889A81
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885684 NtWriteVirtualMemory, 0_2_02885684
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885A86 NtWriteVirtualMemory, 0_2_02885A86
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028866B4 NtWriteVirtualMemory, 0_2_028866B4
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288BADC NtProtectVirtualMemory, 0_2_0288BADC
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028862E4 NtWriteVirtualMemory, 0_2_028862E4
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886604 NtWriteVirtualMemory, 0_2_02886604
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288622B NtWriteVirtualMemory, 0_2_0288622B
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288BA48 NtProtectVirtualMemory, 0_2_0288BA48
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288064A NtWriteVirtualMemory,LoadLibraryA, 0_2_0288064A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885A4C NtWriteVirtualMemory, 0_2_02885A4C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288626C NtWriteVirtualMemory, 0_2_0288626C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885E65 NtWriteVirtualMemory, 0_2_02885E65
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886387 NtWriteVirtualMemory, 0_2_02886387
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885FA0 NtWriteVirtualMemory, 0_2_02885FA0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028863A3 NtWriteVirtualMemory, 0_2_028863A3
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885BB6 NtWriteVirtualMemory, 0_2_02885BB6
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885F08 NtWriteVirtualMemory, 0_2_02885F08
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885B2C NtWriteVirtualMemory, 0_2_02885B2C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288572D NtWriteVirtualMemory, 0_2_0288572D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288633A NtWriteVirtualMemory, 0_2_0288633A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288BB30 NtWriteVirtualMemory, 0_2_0288BB30
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02880341 NtWriteVirtualMemory,LoadLibraryA, 0_2_02880341
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288675A NtWriteVirtualMemory, 0_2_0288675A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02887368 NtAllocateVirtualMemory, 0_2_02887368
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885778 NtWriteVirtualMemory, 0_2_02885778
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288A4AE NtWriteVirtualMemory, 0_2_0288A4AE
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028858A5 NtWriteVirtualMemory, 0_2_028858A5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028864BA NtWriteVirtualMemory, 0_2_028864BA
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028874CC NtAllocateVirtualMemory, 0_2_028874CC
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885CC2 NtWriteVirtualMemory, 0_2_02885CC2
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028848DF NtWriteVirtualMemory, 0_2_028848DF
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028860E9 NtWriteVirtualMemory, 0_2_028860E9
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02887408 NtAllocateVirtualMemory, 0_2_02887408
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886409 NtWriteVirtualMemory, 0_2_02886409
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885C13 NtWriteVirtualMemory, 0_2_02885C13
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885815 NtWriteVirtualMemory, 0_2_02885815
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886038 NtWriteVirtualMemory, 0_2_02886038
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885C5C NtWriteVirtualMemory, 0_2_02885C5C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288745F NtAllocateVirtualMemory, 0_2_0288745F
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028861AE NtWriteVirtualMemory, 0_2_028861AE
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028829BB NtWriteVirtualMemory, 0_2_028829BB
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885DBE NtWriteVirtualMemory, 0_2_02885DBE
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028859E4 NtWriteVirtualMemory, 0_2_028859E4
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886544 NtWriteVirtualMemory, 0_2_02886544
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02885954 NtWriteVirtualMemory, 0_2_02885954
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288AD75 NtWriteVirtualMemory,LoadLibraryA, 0_2_0288AD75
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779660 NtAllocateVirtualMemory,LdrInitializeThunk, 22_2_1E779660
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779A50 NtCreateFile,LdrInitializeThunk, 22_2_1E779A50
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779A00 NtProtectVirtualMemory,LdrInitializeThunk, 22_2_1E779A00
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7796E0 NtFreeVirtualMemory,LdrInitializeThunk, 22_2_1E7796E0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779710 NtQueryInformationToken,LdrInitializeThunk, 22_2_1E779710
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779FE0 NtCreateMutant,LdrInitializeThunk, 22_2_1E779FE0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779780 NtMapViewOfSection,LdrInitializeThunk, 22_2_1E779780
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779860 NtQuerySystemInformation,LdrInitializeThunk, 22_2_1E779860
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779840 NtDelayExecution,LdrInitializeThunk, 22_2_1E779840
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779910 NtAdjustPrivilegesToken,LdrInitializeThunk, 22_2_1E779910
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7799A0 NtCreateSection,LdrInitializeThunk, 22_2_1E7799A0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779670 NtQueryInformationProcess, 22_2_1E779670
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779650 NtQueryValueKey, 22_2_1E779650
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779A20 NtResumeThread, 22_2_1E779A20
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779610 NtEnumerateValueKey, 22_2_1E779610
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779A10 NtQuerySection, 22_2_1E779A10
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7796D0 NtCreateKey, 22_2_1E7796D0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779A80 NtOpenDirectoryObject, 22_2_1E779A80
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779770 NtSetInformationFile, 22_2_1E779770
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E77A770 NtOpenThread, 22_2_1E77A770
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779760 NtOpenProcess, 22_2_1E779760
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779730 NtQueryVirtualMemory, 22_2_1E779730
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E77A710 NtOpenProcessToken, 22_2_1E77A710
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779B00 NtSetValueKey, 22_2_1E779B00
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E77A3B0 NtGetContextThread, 22_2_1E77A3B0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7797A0 NtUnmapViewOfSection, 22_2_1E7797A0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E77B040 NtSuspendThread, 22_2_1E77B040
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779820 NtEnumerateKey, 22_2_1E779820
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7798F0 NtReadVirtualMemory, 22_2_1E7798F0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7798A0 NtWriteVirtualMemory, 22_2_1E7798A0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779560 NtWriteFile, 22_2_1E779560
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779950 NtQueueApcThread, 22_2_1E779950
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779540 NtReadFile, 22_2_1E779540
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E77AD30 NtSetContextThread, 22_2_1E77AD30
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E779520 NtWaitForSingleObject, 22_2_1E779520
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7795F0 NtQueryInformationFile, 22_2_1E7795F0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7799D0 NtCreateProcessEx, 22_2_1E7799D0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7795D0 NtClose, 22_2_1E7795D0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_0056C931 NtProtectVirtualMemory, 22_2_0056C931
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_0056CA61 Sleep,LdrInitializeThunk,NtProtectVirtualMemory, 22_2_0056CA61
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_0056C8E4 NtProtectVirtualMemory, 22_2_0056C8E4
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_0056C925 NtProtectVirtualMemory, 22_2_0056C925
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_0056C989 NtProtectVirtualMemory, 22_2_0056C989
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_0056CAEE NtProtectVirtualMemory, 22_2_0056CAEE
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Process Stats: CPU usage > 98%
Sample file is different than original file name gathered from version info
Source: Order List from Dunen Enterprise Corporation.exe, 00000000.00000000.233689534.000000000041E000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameMiry.exe vs Order List from Dunen Enterprise Corporation.exe
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.769810515.000000001E82F000.00000040.00000001.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Order List from Dunen Enterprise Corporation.exe
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000000.472475635.000000000041E000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameMiry.exe vs Order List from Dunen Enterprise Corporation.exe
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.771036580.000000001EA40000.00000040.00020000.sdmp Binary or memory string: OriginalFilenamemsdt.exej% vs Order List from Dunen Enterprise Corporation.exe
Source: Order List from Dunen Enterprise Corporation.exe Binary or memory string: OriginalFilenameMiry.exe vs Order List from Dunen Enterprise Corporation.exe
PE file contains strange resources
Source: Order List from Dunen Enterprise Corporation.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Order List from Dunen Enterprise Corporation.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe 'C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe'
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Process created: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe 'C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe'
Source: C:\Windows\explorer.exe Process created: C:\Windows\SysWOW64\msdt.exe C:\Windows\SysWOW64\msdt.exe
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Process created: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe 'C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe' Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32 Jump to behavior
Source: classification engine Classification label: mal100.rans.troj.spyw.evad.winEXE@4/0@2/0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: Binary string: msdt.pdbGCTL source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.771036580.000000001EA40000.00000040.00020000.sdmp
Source: Binary string: wntdll.pdbUGP source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.769810515.000000001E82F000.00000040.00000001.sdmp
Source: Binary string: wntdll.pdb source: Order List from Dunen Enterprise Corporation.exe
Source: Binary string: msdt.pdb source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.771036580.000000001EA40000.00000040.00020000.sdmp

Data Obfuscation:

barindex
Yara detected GuLoader
Source: Yara match File source: 00000000.00000002.473954904.0000000002880000.00000040.00000001.sdmp, type: MEMORY
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_00417B70 push dword ptr [edi+000000BCh]; ret 0_2_0041857C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0040646C push es; iretd 0_2_0040646D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_00404C7E push eax; iretd 0_2_00404C89
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_004052CE push ebx; iretd 0_2_004052CF
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_00404CE2 push eax; iretd 0_2_00404C89
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_004038F6 push esi; ret 0_2_004038FD
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_00405D66 push ecx; iretd 0_2_00405D71
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_00403977 push ds; iretd 0_2_004039A8
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0040632C push esi; ret 0_2_00406338
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_00404FEB push ecx; iretd 0_2_00405001
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_004043F9 pushfd ; retf 0_2_004043FB
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_004063A4 push esi; ret 0_2_00406338
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288124F push es; retn 1022h 0_2_028889AF
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028876B4 push es; retf 0_2_028876BC
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02887207 push es; retn 1022h 0_2_028889AF
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028884FF push ebp; retf 0_2_02888500
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E78D0D1 push ecx; ret 22_2_1E78D0E4
Source: initial sample Static PE information: section name: .text entropy: 7.10915094479

Persistence and Installation Behavior:

barindex
Creates processes with suspicious names
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe File created: \order list from dunen enterprise corporation.exe
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe File created: \order list from dunen enterprise corporation.exe Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Tries to detect Any.run
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe File opened: C:\Program Files\Qemu-ga\qemu-ga.exe Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe File opened: C:\Program Files\qga\qga.exe Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe File opened: C:\Program Files\Qemu-ga\qemu-ga.exe Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe File opened: C:\Program Files\qga\qga.exe Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: Order List from Dunen Enterprise Corporation.exe, 00000000.00000002.473946073.0000000002860000.00000004.00000001.sdmp Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
Source: Order List from Dunen Enterprise Corporation.exe, 00000000.00000002.473946073.0000000002860000.00000004.00000001.sdmp Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe RDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe RDTSC instruction interceptor: First address: 000000000040897E second address: 0000000000408984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288A229 rdtsc 0_2_0288A229
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe System information queried: ModuleInformation Jump to behavior
Source: explorer.exe, 0000001A.00000000.751896607.0000000008A32000.00000004.00000001.sdmp Binary or memory string: VMware SATA CD00dRom0
Source: explorer.exe, 0000001A.00000000.751896607.0000000008A32000.00000004.00000001.sdmp Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.761567848.0000000000828000.00000004.00000020.sdmp Binary or memory string: Hyper-V RAWX
Source: explorer.exe, 0000001A.00000000.724097033.0000000008B85000.00000004.00000001.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: Order List from Dunen Enterprise Corporation.exe, 00000000.00000002.473946073.0000000002860000.00000004.00000001.sdmp Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublishershell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
Source: explorer.exe, 0000001A.00000000.724097033.0000000008B85000.00000004.00000001.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}e
Source: explorer.exe, 0000001A.00000000.733051888.00000000048E0000.00000004.00000001.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000001A.00000000.724097033.0000000008B85000.00000004.00000001.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}C
Source: explorer.exe, 0000001A.00000000.737829561.0000000008ACF000.00000004.00000001.sdmp Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000Datc
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.762004945.0000000000874000.00000004.00000001.sdmp Binary or memory string: Hyper-V RAW
Source: explorer.exe, 0000001A.00000000.737829561.0000000008ACF000.00000004.00000001.sdmp Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
Source: explorer.exe, 0000001A.00000000.748324239.00000000069DE000.00000004.00000001.sdmp Binary or memory string: VMware SATA CD002
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.762004945.0000000000874000.00000004.00000001.sdmp Binary or memory string: Hyper-V RAW,
Source: Order List from Dunen Enterprise Corporation.exe, 00000000.00000002.473946073.0000000002860000.00000004.00000001.sdmp Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

Anti Debugging:

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Thread information set: HideFromDebugger Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288A229 rdtsc 0_2_0288A229
Enables debug privileges
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Process token adjusted: Debug Jump to behavior
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288AA3D mov eax, dword ptr fs:[00000030h] 0_2_0288AA3D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02886E48 mov eax, dword ptr fs:[00000030h] 0_2_02886E48
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02883BDB mov eax, dword ptr fs:[00000030h] 0_2_02883BDB
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028894CC mov eax, dword ptr fs:[00000030h] 0_2_028894CC
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028894CE mov eax, dword ptr fs:[00000030h] 0_2_028894CE
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028848DF mov eax, dword ptr fs:[00000030h] 0_2_028848DF
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288AD8C mov eax, dword ptr fs:[00000030h] 0_2_0288AD8C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02889D0C mov eax, dword ptr fs:[00000030h] 0_2_02889D0C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_02884904 mov eax, dword ptr fs:[00000030h] 0_2_02884904
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_0288AD75 mov eax, dword ptr fs:[00000030h] 0_2_0288AD75
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E75AE73 mov eax, dword ptr fs:[00000030h] 22_2_1E75AE73
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E75AE73 mov eax, dword ptr fs:[00000030h] 22_2_1E75AE73
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E75AE73 mov eax, dword ptr fs:[00000030h] 22_2_1E75AE73
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E75AE73 mov eax, dword ptr fs:[00000030h] 22_2_1E75AE73
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E75AE73 mov eax, dword ptr fs:[00000030h] 22_2_1E75AE73
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E77927A mov eax, dword ptr fs:[00000030h] 22_2_1E77927A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E74766D mov eax, dword ptr fs:[00000030h] 22_2_1E74766D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7EB260 mov eax, dword ptr fs:[00000030h] 22_2_1E7EB260
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7EB260 mov eax, dword ptr fs:[00000030h] 22_2_1E7EB260
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E800EA5 mov eax, dword ptr fs:[00000030h] 22_2_1E800EA5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E800EA5 mov eax, dword ptr fs:[00000030h] 22_2_1E800EA5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E800EA5 mov eax, dword ptr fs:[00000030h] 22_2_1E800EA5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7C4257 mov eax, dword ptr fs:[00000030h] 22_2_1E7C4257
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E739240 mov eax, dword ptr fs:[00000030h] 22_2_1E739240
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E739240 mov eax, dword ptr fs:[00000030h] 22_2_1E739240
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E739240 mov eax, dword ptr fs:[00000030h] 22_2_1E739240
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E739240 mov eax, dword ptr fs:[00000030h] 22_2_1E739240
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E747E41 mov eax, dword ptr fs:[00000030h] 22_2_1E747E41
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E747E41 mov eax, dword ptr fs:[00000030h] 22_2_1E747E41
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E747E41 mov eax, dword ptr fs:[00000030h] 22_2_1E747E41
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E747E41 mov eax, dword ptr fs:[00000030h] 22_2_1E747E41
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E747E41 mov eax, dword ptr fs:[00000030h] 22_2_1E747E41
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E747E41 mov eax, dword ptr fs:[00000030h] 22_2_1E747E41
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7EFE3F mov eax, dword ptr fs:[00000030h] 22_2_1E7EFE3F
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73E620 mov eax, dword ptr fs:[00000030h] 22_2_1E73E620
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E808ED6 mov eax, dword ptr fs:[00000030h] 22_2_1E808ED6
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E774A2C mov eax, dword ptr fs:[00000030h] 22_2_1E774A2C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E774A2C mov eax, dword ptr fs:[00000030h] 22_2_1E774A2C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73AA16 mov eax, dword ptr fs:[00000030h] 22_2_1E73AA16
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73AA16 mov eax, dword ptr fs:[00000030h] 22_2_1E73AA16
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E753A1C mov eax, dword ptr fs:[00000030h] 22_2_1E753A1C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76A61C mov eax, dword ptr fs:[00000030h] 22_2_1E76A61C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76A61C mov eax, dword ptr fs:[00000030h] 22_2_1E76A61C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73C600 mov eax, dword ptr fs:[00000030h] 22_2_1E73C600
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73C600 mov eax, dword ptr fs:[00000030h] 22_2_1E73C600
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73C600 mov eax, dword ptr fs:[00000030h] 22_2_1E73C600
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E768E00 mov eax, dword ptr fs:[00000030h] 22_2_1E768E00
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E748A0A mov eax, dword ptr fs:[00000030h] 22_2_1E748A0A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E762AE4 mov eax, dword ptr fs:[00000030h] 22_2_1E762AE4
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7616E0 mov ecx, dword ptr fs:[00000030h] 22_2_1E7616E0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7476E2 mov eax, dword ptr fs:[00000030h] 22_2_1E7476E2
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E778EC7 mov eax, dword ptr fs:[00000030h] 22_2_1E778EC7
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7636CC mov eax, dword ptr fs:[00000030h] 22_2_1E7636CC
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E762ACB mov eax, dword ptr fs:[00000030h] 22_2_1E762ACB
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7EFEC0 mov eax, dword ptr fs:[00000030h] 22_2_1E7EFEC0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E74AAB0 mov eax, dword ptr fs:[00000030h] 22_2_1E74AAB0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E74AAB0 mov eax, dword ptr fs:[00000030h] 22_2_1E74AAB0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76FAB0 mov eax, dword ptr fs:[00000030h] 22_2_1E76FAB0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7352A5 mov eax, dword ptr fs:[00000030h] 22_2_1E7352A5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7352A5 mov eax, dword ptr fs:[00000030h] 22_2_1E7352A5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7352A5 mov eax, dword ptr fs:[00000030h] 22_2_1E7352A5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7352A5 mov eax, dword ptr fs:[00000030h] 22_2_1E7352A5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7352A5 mov eax, dword ptr fs:[00000030h] 22_2_1E7352A5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B46A7 mov eax, dword ptr fs:[00000030h] 22_2_1E7B46A7
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76D294 mov eax, dword ptr fs:[00000030h] 22_2_1E76D294
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76D294 mov eax, dword ptr fs:[00000030h] 22_2_1E76D294
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E808A62 mov eax, dword ptr fs:[00000030h] 22_2_1E808A62
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7CFE87 mov eax, dword ptr fs:[00000030h] 22_2_1E7CFE87
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E763B7A mov eax, dword ptr fs:[00000030h] 22_2_1E763B7A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E763B7A mov eax, dword ptr fs:[00000030h] 22_2_1E763B7A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73DB60 mov ecx, dword ptr fs:[00000030h] 22_2_1E73DB60
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E74FF60 mov eax, dword ptr fs:[00000030h] 22_2_1E74FF60
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E805BA5 mov eax, dword ptr fs:[00000030h] 22_2_1E805BA5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73F358 mov eax, dword ptr fs:[00000030h] 22_2_1E73F358
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73DB40 mov eax, dword ptr fs:[00000030h] 22_2_1E73DB40
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E74EF40 mov eax, dword ptr fs:[00000030h] 22_2_1E74EF40
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76E730 mov eax, dword ptr fs:[00000030h] 22_2_1E76E730
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E734F2E mov eax, dword ptr fs:[00000030h] 22_2_1E734F2E
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E734F2E mov eax, dword ptr fs:[00000030h] 22_2_1E734F2E
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E75F716 mov eax, dword ptr fs:[00000030h] 22_2_1E75F716
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F131B mov eax, dword ptr fs:[00000030h] 22_2_1E7F131B
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7CFF10 mov eax, dword ptr fs:[00000030h] 22_2_1E7CFF10
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7CFF10 mov eax, dword ptr fs:[00000030h] 22_2_1E7CFF10
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76A70E mov eax, dword ptr fs:[00000030h] 22_2_1E76A70E
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76A70E mov eax, dword ptr fs:[00000030h] 22_2_1E76A70E
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7737F5 mov eax, dword ptr fs:[00000030h] 22_2_1E7737F5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E80070D mov eax, dword ptr fs:[00000030h] 22_2_1E80070D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E80070D mov eax, dword ptr fs:[00000030h] 22_2_1E80070D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7603E2 mov eax, dword ptr fs:[00000030h] 22_2_1E7603E2
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7603E2 mov eax, dword ptr fs:[00000030h] 22_2_1E7603E2
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7603E2 mov eax, dword ptr fs:[00000030h] 22_2_1E7603E2
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7603E2 mov eax, dword ptr fs:[00000030h] 22_2_1E7603E2
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7603E2 mov eax, dword ptr fs:[00000030h] 22_2_1E7603E2
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7603E2 mov eax, dword ptr fs:[00000030h] 22_2_1E7603E2
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B53CA mov eax, dword ptr fs:[00000030h] 22_2_1E7B53CA
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B53CA mov eax, dword ptr fs:[00000030h] 22_2_1E7B53CA
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E808B58 mov eax, dword ptr fs:[00000030h] 22_2_1E808B58
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E764BAD mov eax, dword ptr fs:[00000030h] 22_2_1E764BAD
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E764BAD mov eax, dword ptr fs:[00000030h] 22_2_1E764BAD
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E764BAD mov eax, dword ptr fs:[00000030h] 22_2_1E764BAD
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E748794 mov eax, dword ptr fs:[00000030h] 22_2_1E748794
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E762397 mov eax, dword ptr fs:[00000030h] 22_2_1E762397
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76B390 mov eax, dword ptr fs:[00000030h] 22_2_1E76B390
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E808F6A mov eax, dword ptr fs:[00000030h] 22_2_1E808F6A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B7794 mov eax, dword ptr fs:[00000030h] 22_2_1E7B7794
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B7794 mov eax, dword ptr fs:[00000030h] 22_2_1E7B7794
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B7794 mov eax, dword ptr fs:[00000030h] 22_2_1E7B7794
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F138A mov eax, dword ptr fs:[00000030h] 22_2_1E7F138A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E741B8F mov eax, dword ptr fs:[00000030h] 22_2_1E741B8F
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E741B8F mov eax, dword ptr fs:[00000030h] 22_2_1E741B8F
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7ED380 mov ecx, dword ptr fs:[00000030h] 22_2_1E7ED380
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F2073 mov eax, dword ptr fs:[00000030h] 22_2_1E7F2073
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E75746D mov eax, dword ptr fs:[00000030h] 22_2_1E75746D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E750050 mov eax, dword ptr fs:[00000030h] 22_2_1E750050
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E750050 mov eax, dword ptr fs:[00000030h] 22_2_1E750050
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7CC450 mov eax, dword ptr fs:[00000030h] 22_2_1E7CC450
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7CC450 mov eax, dword ptr fs:[00000030h] 22_2_1E7CC450
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76A44B mov eax, dword ptr fs:[00000030h] 22_2_1E76A44B
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E808CD6 mov eax, dword ptr fs:[00000030h] 22_2_1E808CD6
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76BC2C mov eax, dword ptr fs:[00000030h] 22_2_1E76BC2C
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76002D mov eax, dword ptr fs:[00000030h] 22_2_1E76002D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76002D mov eax, dword ptr fs:[00000030h] 22_2_1E76002D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76002D mov eax, dword ptr fs:[00000030h] 22_2_1E76002D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76002D mov eax, dword ptr fs:[00000030h] 22_2_1E76002D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76002D mov eax, dword ptr fs:[00000030h] 22_2_1E76002D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E74B02A mov eax, dword ptr fs:[00000030h] 22_2_1E74B02A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E74B02A mov eax, dword ptr fs:[00000030h] 22_2_1E74B02A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E74B02A mov eax, dword ptr fs:[00000030h] 22_2_1E74B02A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E74B02A mov eax, dword ptr fs:[00000030h] 22_2_1E74B02A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B7016 mov eax, dword ptr fs:[00000030h] 22_2_1E7B7016
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B7016 mov eax, dword ptr fs:[00000030h] 22_2_1E7B7016
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B7016 mov eax, dword ptr fs:[00000030h] 22_2_1E7B7016
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B6C0A mov eax, dword ptr fs:[00000030h] 22_2_1E7B6C0A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B6C0A mov eax, dword ptr fs:[00000030h] 22_2_1E7B6C0A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B6C0A mov eax, dword ptr fs:[00000030h] 22_2_1E7B6C0A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B6C0A mov eax, dword ptr fs:[00000030h] 22_2_1E7B6C0A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h] 22_2_1E7F1C06
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h] 22_2_1E7F1C06
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h] 22_2_1E7F1C06
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h] 22_2_1E7F1C06
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h] 22_2_1E7F1C06
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h] 22_2_1E7F1C06
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h] 22_2_1E7F1C06
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h] 22_2_1E7F1C06
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h] 22_2_1E7F1C06
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h] 22_2_1E7F1C06
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h] 22_2_1E7F1C06
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h] 22_2_1E7F1C06
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h] 22_2_1E7F1C06
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h] 22_2_1E7F1C06
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7F14FB mov eax, dword ptr fs:[00000030h] 22_2_1E7F14FB
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B6CF0 mov eax, dword ptr fs:[00000030h] 22_2_1E7B6CF0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B6CF0 mov eax, dword ptr fs:[00000030h] 22_2_1E7B6CF0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B6CF0 mov eax, dword ptr fs:[00000030h] 22_2_1E7B6CF0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E80740D mov eax, dword ptr fs:[00000030h] 22_2_1E80740D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E80740D mov eax, dword ptr fs:[00000030h] 22_2_1E80740D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E80740D mov eax, dword ptr fs:[00000030h] 22_2_1E80740D
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E804015 mov eax, dword ptr fs:[00000030h] 22_2_1E804015
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E804015 mov eax, dword ptr fs:[00000030h] 22_2_1E804015
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7358EC mov eax, dword ptr fs:[00000030h] 22_2_1E7358EC
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7CB8D0 mov eax, dword ptr fs:[00000030h] 22_2_1E7CB8D0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7CB8D0 mov ecx, dword ptr fs:[00000030h] 22_2_1E7CB8D0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7CB8D0 mov eax, dword ptr fs:[00000030h] 22_2_1E7CB8D0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7CB8D0 mov eax, dword ptr fs:[00000030h] 22_2_1E7CB8D0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7CB8D0 mov eax, dword ptr fs:[00000030h] 22_2_1E7CB8D0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7CB8D0 mov eax, dword ptr fs:[00000030h] 22_2_1E7CB8D0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76F0BF mov ecx, dword ptr fs:[00000030h] 22_2_1E76F0BF
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76F0BF mov eax, dword ptr fs:[00000030h] 22_2_1E76F0BF
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76F0BF mov eax, dword ptr fs:[00000030h] 22_2_1E76F0BF
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7620A0 mov eax, dword ptr fs:[00000030h] 22_2_1E7620A0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7620A0 mov eax, dword ptr fs:[00000030h] 22_2_1E7620A0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7620A0 mov eax, dword ptr fs:[00000030h] 22_2_1E7620A0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7620A0 mov eax, dword ptr fs:[00000030h] 22_2_1E7620A0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7620A0 mov eax, dword ptr fs:[00000030h] 22_2_1E7620A0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7620A0 mov eax, dword ptr fs:[00000030h] 22_2_1E7620A0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7790AF mov eax, dword ptr fs:[00000030h] 22_2_1E7790AF
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E74849B mov eax, dword ptr fs:[00000030h] 22_2_1E74849B
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E739080 mov eax, dword ptr fs:[00000030h] 22_2_1E739080
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E801074 mov eax, dword ptr fs:[00000030h] 22_2_1E801074
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B3884 mov eax, dword ptr fs:[00000030h] 22_2_1E7B3884
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B3884 mov eax, dword ptr fs:[00000030h] 22_2_1E7B3884
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73B171 mov eax, dword ptr fs:[00000030h] 22_2_1E73B171
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73B171 mov eax, dword ptr fs:[00000030h] 22_2_1E73B171
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E75C577 mov eax, dword ptr fs:[00000030h] 22_2_1E75C577
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E75C577 mov eax, dword ptr fs:[00000030h] 22_2_1E75C577
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73C962 mov eax, dword ptr fs:[00000030h] 22_2_1E73C962
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E757D50 mov eax, dword ptr fs:[00000030h] 22_2_1E757D50
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E75B944 mov eax, dword ptr fs:[00000030h] 22_2_1E75B944
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E75B944 mov eax, dword ptr fs:[00000030h] 22_2_1E75B944
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E773D43 mov eax, dword ptr fs:[00000030h] 22_2_1E773D43
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B3540 mov eax, dword ptr fs:[00000030h] 22_2_1E7B3540
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h] 22_2_1E743D34
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h] 22_2_1E743D34
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h] 22_2_1E743D34
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h] 22_2_1E743D34
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h] 22_2_1E743D34
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h] 22_2_1E743D34
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h] 22_2_1E743D34
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h] 22_2_1E743D34
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h] 22_2_1E743D34
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h] 22_2_1E743D34
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h] 22_2_1E743D34
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h] 22_2_1E743D34
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h] 22_2_1E743D34
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73AD30 mov eax, dword ptr fs:[00000030h] 22_2_1E73AD30
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76513A mov eax, dword ptr fs:[00000030h] 22_2_1E76513A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76513A mov eax, dword ptr fs:[00000030h] 22_2_1E76513A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7BA537 mov eax, dword ptr fs:[00000030h] 22_2_1E7BA537
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E764D3B mov eax, dword ptr fs:[00000030h] 22_2_1E764D3B
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E764D3B mov eax, dword ptr fs:[00000030h] 22_2_1E764D3B
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E764D3B mov eax, dword ptr fs:[00000030h] 22_2_1E764D3B
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E754120 mov eax, dword ptr fs:[00000030h] 22_2_1E754120
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E754120 mov eax, dword ptr fs:[00000030h] 22_2_1E754120
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E754120 mov eax, dword ptr fs:[00000030h] 22_2_1E754120
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E754120 mov eax, dword ptr fs:[00000030h] 22_2_1E754120
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E754120 mov ecx, dword ptr fs:[00000030h] 22_2_1E754120
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E739100 mov eax, dword ptr fs:[00000030h] 22_2_1E739100
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E739100 mov eax, dword ptr fs:[00000030h] 22_2_1E739100
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E739100 mov eax, dword ptr fs:[00000030h] 22_2_1E739100
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7E8DF1 mov eax, dword ptr fs:[00000030h] 22_2_1E7E8DF1
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73B1E1 mov eax, dword ptr fs:[00000030h] 22_2_1E73B1E1
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73B1E1 mov eax, dword ptr fs:[00000030h] 22_2_1E73B1E1
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E73B1E1 mov eax, dword ptr fs:[00000030h] 22_2_1E73B1E1
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7C41E8 mov eax, dword ptr fs:[00000030h] 22_2_1E7C41E8
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E74D5E0 mov eax, dword ptr fs:[00000030h] 22_2_1E74D5E0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E74D5E0 mov eax, dword ptr fs:[00000030h] 22_2_1E74D5E0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E808D34 mov eax, dword ptr fs:[00000030h] 22_2_1E808D34
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E761DB5 mov eax, dword ptr fs:[00000030h] 22_2_1E761DB5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E761DB5 mov eax, dword ptr fs:[00000030h] 22_2_1E761DB5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E761DB5 mov eax, dword ptr fs:[00000030h] 22_2_1E761DB5
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B51BE mov eax, dword ptr fs:[00000030h] 22_2_1E7B51BE
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B51BE mov eax, dword ptr fs:[00000030h] 22_2_1E7B51BE
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B51BE mov eax, dword ptr fs:[00000030h] 22_2_1E7B51BE
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B51BE mov eax, dword ptr fs:[00000030h] 22_2_1E7B51BE
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7661A0 mov eax, dword ptr fs:[00000030h] 22_2_1E7661A0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7661A0 mov eax, dword ptr fs:[00000030h] 22_2_1E7661A0
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7635A1 mov eax, dword ptr fs:[00000030h] 22_2_1E7635A1
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E7B69A6 mov eax, dword ptr fs:[00000030h] 22_2_1E7B69A6
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E762990 mov eax, dword ptr fs:[00000030h] 22_2_1E762990
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76FD9B mov eax, dword ptr fs:[00000030h] 22_2_1E76FD9B
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76FD9B mov eax, dword ptr fs:[00000030h] 22_2_1E76FD9B
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E76A185 mov eax, dword ptr fs:[00000030h] 22_2_1E76A185
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E75C182 mov eax, dword ptr fs:[00000030h] 22_2_1E75C182
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E762581 mov eax, dword ptr fs:[00000030h] 22_2_1E762581
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E762581 mov eax, dword ptr fs:[00000030h] 22_2_1E762581
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E762581 mov eax, dword ptr fs:[00000030h] 22_2_1E762581
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E762581 mov eax, dword ptr fs:[00000030h] 22_2_1E762581
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E732D8A mov eax, dword ptr fs:[00000030h] 22_2_1E732D8A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E732D8A mov eax, dword ptr fs:[00000030h] 22_2_1E732D8A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E732D8A mov eax, dword ptr fs:[00000030h] 22_2_1E732D8A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E732D8A mov eax, dword ptr fs:[00000030h] 22_2_1E732D8A
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 22_2_1E732D8A mov eax, dword ptr fs:[00000030h] 22_2_1E732D8A
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Process queried: DebugPort Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Code function: 0_2_028883F0 LdrInitializeThunk, 0_2_028883F0

HIPS / PFW / Operating System Protection Evasion:

barindex
Maps a DLL or memory area into another process
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write Jump to behavior
Queues an APC in another process (thread injection)
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Thread APC queued: target process: C:\Windows\explorer.exe Jump to behavior
Modifies the context of a thread in another process (thread injection)
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Thread register set: target process: 3292 Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe Process created: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe 'C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe' Jump to behavior
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.764018786.0000000000EB0000.00000002.00020000.sdmp, explorer.exe, 0000001A.00000002.764271707.0000000001400000.00000002.00020000.sdmp Binary or memory string: uProgram Manager
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.764018786.0000000000EB0000.00000002.00020000.sdmp, explorer.exe, 0000001A.00000002.764271707.0000000001400000.00000002.00020000.sdmp Binary or memory string: Shell_TrayWnd
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.764018786.0000000000EB0000.00000002.00020000.sdmp, explorer.exe, 0000001A.00000002.764271707.0000000001400000.00000002.00020000.sdmp Binary or memory string: Progman
Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.764018786.0000000000EB0000.00000002.00020000.sdmp, explorer.exe, 0000001A.00000002.764271707.0000000001400000.00000002.00020000.sdmp Binary or memory string: Progmanlock
Source: explorer.exe, 0000001A.00000000.717213239.0000000000EB8000.00000004.00000020.sdmp Binary or memory string: ProgmanX
Source: explorer.exe, 0000001A.00000000.737829561.0000000008ACF000.00000004.00000001.sdmp Binary or memory string: Shell_TrayWndAj

Stealing of Sensitive Information:

barindex
Yara detected Generic Dropper
Source: Yara match File source: Process Memory Space: Order List from Dunen Enterprise Corporation.exe PID: 5796, type: MEMORYSTR
Yara detected FormBook
Source: Yara match File source: 0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000000.735368674.0000000006D25000.00000040.00020000.sdmp, type: MEMORY
GuLoader behavior detected
Source: Initial file Signature Results: GuLoader behavior

Remote Access Functionality:

barindex
Yara detected FormBook
Source: Yara match File source: 0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000000.735368674.0000000006D25000.00000040.00020000.sdmp, type: MEMORY
No contacted IP infos