Loading ...

Play interactive tourEdit tour

Windows Analysis Report Order List from Dunen Enterprise Corporation.exe

Overview

General Information

Sample Name:Order List from Dunen Enterprise Corporation.exe
Analysis ID:482788
MD5:744d832006910318b2826e4cc8db4b11
SHA1:b58f485d5153dc4cb1a608091e1174d6fc966a4a
SHA256:e015835dd69bbd384cb9b347984b648562281ba9e532ca110b6962bce9262251
Tags:exeguloader
Infos:

Most interesting Screenshot:

Detection

GuLoader FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Potential malicious icon found
Yara detected Generic Dropper
Yara detected FormBook
Malicious sample detected (through community Yara rule)
GuLoader behavior detected
Yara detected GuLoader
Hides threads from debuggers
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Yara signature match
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to call native functions
Creates processes with suspicious names
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
Enables debug privileges
Sample file is different than original file name gathered from version info
PE file contains strange resources
Contains functionality to read the PEB
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.mx-online-service.xyz/hhse/"], "decoy": ["gujranwala.city", "peinture-san-deco.com", "disvapes.com", "tekst-sanderlei.com", "veryfastsnail.com", "yaqiong.net", "onlinebingocenter.com", "kenttreesurgery.com", "berislavic.com", "ecomemailspack.com", "drgustavoteyssier.com", "mayfieldslodge.com", "qiubaolink.com", "kevinkensik.com", "boatmanagementexpert.com", "dbylkov.com", "griffin-designs.com", "glowlikethis.com", "fuckjules.com", "lxqc6688.com", "cduyechang.com", "jintelcare.com", "abdiscountplumbing.com", "merrilllynchph.com", "yuanxinlv.com", "chinapuma.com", "covertroyalty.com", "grouphall.net", "unikpixls.com", "rbainlaw.com", "bold2x.com", "eventosav.com", "copywritermeg.com", "geeeknozoid.com", "physio-schmid.com", "bankofsavings.com", "xzttzs.com", "water-note.com", "gutter-rutter.com", "wallis-applications.com", "aurora-graphics.com", "justindoorsoccer.com", "drivly.net", "allonot.com", "splashseltzer.com", "sanctuarymarbella.com", "fossickandfind.com", "sari-2.com", "luxedesignsinc.com", "cowlickgin.com", "anothergeorgia.life", "mainstreetmarketlillington.com", "vibe-communications.com", "nextgenrs.net", "kosurvival.com", "uvinq.com", "crenate-throe.info", "weazing.net", "mydreamit.world", "shortandsweetorganizing.com", "24bitpay-trade.com", "qianniaofan.com", "thepccafe.com", "solucionesautomotrices.info"]}

Threatname: GuLoader

{"Payload URL": "https://onedrive.live.com/download?cid=3B15BFABEF8C3B9%()"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x5695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x5181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x5797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x590f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x43fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa787:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0xb82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x76b9:$sqlite3step: 68 34 1C 7B E1
    • 0x77cc:$sqlite3step: 68 34 1C 7B E1
    • 0x76e8:$sqlite3text: 68 38 2A 90 C5
    • 0x780d:$sqlite3text: 68 38 2A 90 C5
    • 0x76fb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x7823:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000002.473954904.0000000002880000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
        Click to see the 6 entries

        Sigma Overview

        System Summary:

        barindex
        Sigma detected: Possible Applocker BypassShow sources
        Source: Process startedAuthor: juju4: Data: Command: C:\Windows\SysWOW64\msdt.exe, CommandLine: C:\Windows\SysWOW64\msdt.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\msdt.exe, NewProcessName: C:\Windows\SysWOW64\msdt.exe, OriginalFileName: C:\Windows\SysWOW64\msdt.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3292, ProcessCommandLine: C:\Windows\SysWOW64\msdt.exe, ProcessId: 4780

        Jbx Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 00000000.00000002.473954904.0000000002880000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://onedrive.live.com/download?cid=3B15BFABEF8C3B9%()"}
        Source: 00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.mx-online-service.xyz/hhse/"], "decoy": ["gujranwala.city", "peinture-san-deco.com", "disvapes.com", "tekst-sanderlei.com", "veryfastsnail.com", "yaqiong.net", "onlinebingocenter.com", "kenttreesurgery.com", "berislavic.com", "ecomemailspack.com", "drgustavoteyssier.com", "mayfieldslodge.com", "qiubaolink.com", "kevinkensik.com", "boatmanagementexpert.com", "dbylkov.com", "griffin-designs.com", "glowlikethis.com", "fuckjules.com", "lxqc6688.com", "cduyechang.com", "jintelcare.com", "abdiscountplumbing.com", "merrilllynchph.com", "yuanxinlv.com", "chinapuma.com", "covertroyalty.com", "grouphall.net", "unikpixls.com", "rbainlaw.com", "bold2x.com", "eventosav.com", "copywritermeg.com", "geeeknozoid.com", "physio-schmid.com", "bankofsavings.com", "xzttzs.com", "water-note.com", "gutter-rutter.com", "wallis-applications.com", "aurora-graphics.com", "justindoorsoccer.com", "drivly.net", "allonot.com", "splashseltzer.com", "sanctuarymarbella.com", "fossickandfind.com", "sari-2.com", "luxedesignsinc.com", "cowlickgin.com", "anothergeorgia.life", "mainstreetmarketlillington.com", "vibe-communications.com", "nextgenrs.net", "kosurvival.com", "uvinq.com", "crenate-throe.info", "weazing.net", "mydreamit.world", "shortandsweetorganizing.com", "24bitpay-trade.com", "qianniaofan.com", "thepccafe.com", "solucionesautomotrices.info"]}
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000000.735368674.0000000006D25000.00000040.00020000.sdmp, type: MEMORY
        Machine Learning detection for sampleShow sources
        Source: Order List from Dunen Enterprise Corporation.exeJoe Sandbox ML: detected
        Source: Order List from Dunen Enterprise Corporation.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
        Source: Binary string: msdt.pdbGCTL source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.771036580.000000001EA40000.00000040.00020000.sdmp
        Source: Binary string: wntdll.pdbUGP source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.769810515.000000001E82F000.00000040.00000001.sdmp
        Source: Binary string: wntdll.pdb source: Order List from Dunen Enterprise Corporation.exe
        Source: Binary string: msdt.pdb source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.771036580.000000001EA40000.00000040.00020000.sdmp

        Networking:

        barindex
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs: www.mx-online-service.xyz/hhse/
        Source: Malware configuration extractorURLs: https://onedrive.live.com/download?cid=3B15BFABEF8C3B9%()
        Source: Order List from Dunen Enterprise Corporation.exeString found in binary or memory: http://creativecommons.org/licenses/by-nc-sa/3.0/
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.712601137.000000000088D000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: explorer.exe, 0000001A.00000000.734719256.0000000006870000.00000004.00000001.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.712601137.000000000088D000.00000004.00000001.sdmpString found in binary or memory: https://irbzka.bl.files.1drv.com/
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.710798103.0000000000891000.00000004.00000001.sdmpString found in binary or memory: https://irbzka.bl.files.1drv.com/HoH
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.712601137.000000000088D000.00000004.00000001.sdmpString found in binary or memory: https://irbzka.bl.files.1drv.com/jof
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.710798103.0000000000891000.00000004.00000001.sdmpString found in binary or memory: https://irbzka.bl.files.1drv.com/y4m-pJTApnf2X6X8FvkJBc3kwyxkRC7ohCVxKqzJT2oOkOsmFT9MDHML1cgc462m8Ps
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.712601137.000000000088D000.00000004.00000001.sdmp, Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.712985490.000000000086C000.00000004.00000001.sdmpString found in binary or memory: https://irbzka.bl.files.1drv.com/y4mSLbAIYOtMsp6WVEtbpBOKQnS0NMIQaQctk4PpaVN9FNlyx2DdMYUi4sJgBEu1tUY
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.761567848.0000000000828000.00000004.00000020.sdmpString found in binary or memory: https://onedrive.live.com/$R
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.761567848.0000000000828000.00000004.00000020.sdmpString found in binary or memory: https://onedrive.live.com/dS;
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.712985490.000000000086C000.00000004.00000001.sdmp, Order List from Dunen Enterprise Corporation.exe, 00000016.00000003.710798103.0000000000891000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.com/download?cid=3B15BFABEF8C3B91&resid=3B15BFABEF8C3B91%21111&authkey=AJvHyIJ
        Source: unknownDNS traffic detected: queries for: onedrive.live.com

        E-Banking Fraud:

        barindex
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000000.735368674.0000000006D25000.00000040.00020000.sdmp, type: MEMORY

        System Summary:

        barindex
        Potential malicious icon foundShow sources
        Source: initial sampleIcon embedded in PE file: bad icon match: 20047c7c70f0e004
        Malicious sample detected (through community Yara rule)Show sources
        Source: 0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000001A.00000000.735368674.0000000006D25000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000001A.00000000.735368674.0000000006D25000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Initial sample is a PE file and has a suspicious nameShow sources
        Source: initial sampleStatic PE information: Filename: Order List from Dunen Enterprise Corporation.exe
        Source: Order List from Dunen Enterprise Corporation.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
        Source: 0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000001A.00000000.748909950.0000000006D25000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000016.00000002.768114646.000000001E3D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000001A.00000000.735368674.0000000006D25000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000001A.00000000.735368674.0000000006D25000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_004015740_2_00401574
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02886E8F0_2_02886E8F
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028872D80_2_028872D8
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02880E4A0_2_02880E4A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288124F0_2_0288124F
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288C0250_2_0288C025
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288093C0_2_0288093C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028806880_2_02880688
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028862880_2_02886288
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02881A8B0_2_02881A8B
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02889A810_2_02889A81
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028856840_2_02885684
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885A860_2_02885A86
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02880A9E0_2_02880A9E
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288A6940_2_0288A694
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288AEA80_2_0288AEA8
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288B2A10_2_0288B2A1
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028836C80_2_028836C8
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028806C20_2_028806C2
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02880ADE0_2_02880ADE
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288C2D40_2_0288C2D4
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028816E40_2_028816E4
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028862E40_2_028862E4
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288AEE40_2_0288AEE4
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02882A0A0_2_02882A0A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028866040_2_02886604
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02889A040_2_02889A04
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288A6180_2_0288A618
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288421A0_2_0288421A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028852150_2_02885215
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02887A160_2_02887A16
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288622B0_2_0288622B
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288C2380_2_0288C238
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02883A390_2_02883A39
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288AA3D0_2_0288AA3D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02884A320_2_02884A32
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02884E340_2_02884E34
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02886E480_2_02886E48
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02884E480_2_02884E48
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288064A0_2_0288064A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885A4C0_2_02885A4C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288B2420_2_0288B242
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028856440_2_02885644
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288165A0_2_0288165A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288B6520_2_0288B652
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288C26B0_2_0288C26B
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288626C0_2_0288626C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885E650_2_02885E65
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028812780_2_02881278
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02883E780_2_02883E78
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02889E770_2_02889E77
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288038C0_2_0288038C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02889B850_2_02889B85
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028863870_2_02886387
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028813990_2_02881399
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02882FA00_2_02882FA0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885FA00_2_02885FA0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288AFA00_2_0288AFA0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028863A30_2_028863A3
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02881BB00_2_02881BB0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028853B50_2_028853B5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288A7B50_2_0288A7B5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028837B60_2_028837B6
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885BB60_2_02885BB6
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02886FCD0_2_02886FCD
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02883FC00_2_02883FC0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02883BDB0_2_02883BDB
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028813E30_2_028813E3
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02883BF80_2_02883BF8
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885F080_2_02885F08
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288130E0_2_0288130E
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288AB180_2_0288AB18
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02881B180_2_02881B18
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288A7190_2_0288A719
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885B2C0_2_02885B2C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288572D0_2_0288572D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028837200_2_02883720
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288AB220_2_0288AB22
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288633A0_2_0288633A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288BB300_2_0288BB30
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02883F310_2_02883F31
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288AF340_2_0288AF34
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028803410_2_02880341
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288C35D0_2_0288C35D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028853520_2_02885352
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02880B6C0_2_02880B6C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028817780_2_02881778
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028857780_2_02885778
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288AB780_2_0288AB78
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288B8880_2_0288B888
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288B08C0_2_0288B08C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288C0980_2_0288C098
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028878950_2_02887895
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288A4AE0_2_0288A4AE
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028858A50_2_028858A5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028864BA0_2_028864BA
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288C0BD0_2_0288C0BD
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885CC20_2_02885CC2
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028814C40_2_028814C4
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028878DA0_2_028878DA
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028848DF0_2_028848DF
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288A4D70_2_0288A4D7
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028860E90_2_028860E9
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028838EE0_2_028838EE
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288C0FC0_2_0288C0FC
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028864090_2_02886409
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288180A0_2_0288180A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288040C0_2_0288040C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02880C120_2_02880C12
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885C130_2_02885C13
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028858150_2_02885815
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288B0160_2_0288B016
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02881C2E0_2_02881C2E
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028860380_2_02886038
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028898430_2_02889843
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288C0580_2_0288C058
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885C5C0_2_02885C5C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028838660_2_02883866
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028840660_2_02884066
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028814750_2_02881475
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028818760_2_02881876
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028834770_2_02883477
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288AD8C0_2_0288AD8C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288A5820_2_0288A582
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028839900_2_02883990
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288C1900_2_0288C190
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028849960_2_02884996
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028861AE0_2_028861AE
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028815BA0_2_028815BA
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028829BB0_2_028829BB
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028841BB0_2_028841BB
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02883DBC0_2_02883DBC
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885DBE0_2_02885DBE
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288B1B50_2_0288B1B5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288C1C90_2_0288C1C9
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028819CD0_2_028819CD
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288B5DB0_2_0288B5DB
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028859E40_2_028859E4
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028851F40_2_028851F4
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028819080_2_02881908
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02882D0E0_2_02882D0E
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028841000_2_02884100
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028849040_2_02884904
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288A5040_2_0288A504
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02883D1C0_2_02883D1C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288B11D0_2_0288B11D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288152D0_2_0288152D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02882D240_2_02882D24
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288C14A0_2_0288C14A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028819430_2_02881943
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028865440_2_02886544
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028841500_2_02884150
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028859540_2_02885954
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288317C0_2_0288317C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288797C0_2_0288797C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288AD750_2_0288AD75
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E756E3022_2_1E756E30
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76EBB022_2_1E76EBB0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E74841F22_2_1E74841F
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F100222_2_1E7F1002
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7620A022_2_1E7620A0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E74B09022_2_1E74B090
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E730D2022_2_1E730D20
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E75412022_2_1E754120
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73F90022_2_1E73F900
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E74D5E022_2_1E74D5E0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E801D5522_2_1E801D55
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76258122_2_1E762581
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: String function: 1E73B150 appears 32 times
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02886E8F NtWriteVirtualMemory,0_2_02886E8F
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288BA80 NtProtectVirtualMemory,0_2_0288BA80
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028872D8 NtAllocateVirtualMemory,0_2_028872D8
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02880E4A NtWriteVirtualMemory,LoadLibraryA,0_2_02880E4A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288124F NtWriteVirtualMemory,TerminateProcess,LoadLibraryA,0_2_0288124F
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02886288 NtWriteVirtualMemory,0_2_02886288
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02889A81 NtWriteVirtualMemory,0_2_02889A81
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885684 NtWriteVirtualMemory,0_2_02885684
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885A86 NtWriteVirtualMemory,0_2_02885A86
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028866B4 NtWriteVirtualMemory,0_2_028866B4
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288BADC NtProtectVirtualMemory,0_2_0288BADC
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028862E4 NtWriteVirtualMemory,0_2_028862E4
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02886604 NtWriteVirtualMemory,0_2_02886604
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288622B NtWriteVirtualMemory,0_2_0288622B
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288BA48 NtProtectVirtualMemory,0_2_0288BA48
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288064A NtWriteVirtualMemory,LoadLibraryA,0_2_0288064A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885A4C NtWriteVirtualMemory,0_2_02885A4C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288626C NtWriteVirtualMemory,0_2_0288626C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885E65 NtWriteVirtualMemory,0_2_02885E65
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02886387 NtWriteVirtualMemory,0_2_02886387
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885FA0 NtWriteVirtualMemory,0_2_02885FA0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028863A3 NtWriteVirtualMemory,0_2_028863A3
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885BB6 NtWriteVirtualMemory,0_2_02885BB6
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885F08 NtWriteVirtualMemory,0_2_02885F08
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885B2C NtWriteVirtualMemory,0_2_02885B2C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288572D NtWriteVirtualMemory,0_2_0288572D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288633A NtWriteVirtualMemory,0_2_0288633A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288BB30 NtWriteVirtualMemory,0_2_0288BB30
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02880341 NtWriteVirtualMemory,LoadLibraryA,0_2_02880341
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288675A NtWriteVirtualMemory,0_2_0288675A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02887368 NtAllocateVirtualMemory,0_2_02887368
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885778 NtWriteVirtualMemory,0_2_02885778
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288A4AE NtWriteVirtualMemory,0_2_0288A4AE
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028858A5 NtWriteVirtualMemory,0_2_028858A5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028864BA NtWriteVirtualMemory,0_2_028864BA
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028874CC NtAllocateVirtualMemory,0_2_028874CC
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885CC2 NtWriteVirtualMemory,0_2_02885CC2
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028848DF NtWriteVirtualMemory,0_2_028848DF
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028860E9 NtWriteVirtualMemory,0_2_028860E9
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02887408 NtAllocateVirtualMemory,0_2_02887408
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02886409 NtWriteVirtualMemory,0_2_02886409
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885C13 NtWriteVirtualMemory,0_2_02885C13
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885815 NtWriteVirtualMemory,0_2_02885815
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02886038 NtWriteVirtualMemory,0_2_02886038
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885C5C NtWriteVirtualMemory,0_2_02885C5C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288745F NtAllocateVirtualMemory,0_2_0288745F
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028861AE NtWriteVirtualMemory,0_2_028861AE
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028829BB NtWriteVirtualMemory,0_2_028829BB
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885DBE NtWriteVirtualMemory,0_2_02885DBE
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028859E4 NtWriteVirtualMemory,0_2_028859E4
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02886544 NtWriteVirtualMemory,0_2_02886544
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02885954 NtWriteVirtualMemory,0_2_02885954
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288AD75 NtWriteVirtualMemory,LoadLibraryA,0_2_0288AD75
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779660 NtAllocateVirtualMemory,LdrInitializeThunk,22_2_1E779660
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779A50 NtCreateFile,LdrInitializeThunk,22_2_1E779A50
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779A00 NtProtectVirtualMemory,LdrInitializeThunk,22_2_1E779A00
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7796E0 NtFreeVirtualMemory,LdrInitializeThunk,22_2_1E7796E0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779710 NtQueryInformationToken,LdrInitializeThunk,22_2_1E779710
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779FE0 NtCreateMutant,LdrInitializeThunk,22_2_1E779FE0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779780 NtMapViewOfSection,LdrInitializeThunk,22_2_1E779780
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779860 NtQuerySystemInformation,LdrInitializeThunk,22_2_1E779860
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779840 NtDelayExecution,LdrInitializeThunk,22_2_1E779840
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779910 NtAdjustPrivilegesToken,LdrInitializeThunk,22_2_1E779910
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7799A0 NtCreateSection,LdrInitializeThunk,22_2_1E7799A0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779670 NtQueryInformationProcess,22_2_1E779670
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779650 NtQueryValueKey,22_2_1E779650
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779A20 NtResumeThread,22_2_1E779A20
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779610 NtEnumerateValueKey,22_2_1E779610
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779A10 NtQuerySection,22_2_1E779A10
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7796D0 NtCreateKey,22_2_1E7796D0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779A80 NtOpenDirectoryObject,22_2_1E779A80
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779770 NtSetInformationFile,22_2_1E779770
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E77A770 NtOpenThread,22_2_1E77A770
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779760 NtOpenProcess,22_2_1E779760
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779730 NtQueryVirtualMemory,22_2_1E779730
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E77A710 NtOpenProcessToken,22_2_1E77A710
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779B00 NtSetValueKey,22_2_1E779B00
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E77A3B0 NtGetContextThread,22_2_1E77A3B0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7797A0 NtUnmapViewOfSection,22_2_1E7797A0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E77B040 NtSuspendThread,22_2_1E77B040
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779820 NtEnumerateKey,22_2_1E779820
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7798F0 NtReadVirtualMemory,22_2_1E7798F0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7798A0 NtWriteVirtualMemory,22_2_1E7798A0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779560 NtWriteFile,22_2_1E779560
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779950 NtQueueApcThread,22_2_1E779950
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779540 NtReadFile,22_2_1E779540
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E77AD30 NtSetContextThread,22_2_1E77AD30
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E779520 NtWaitForSingleObject,22_2_1E779520
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7795F0 NtQueryInformationFile,22_2_1E7795F0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7799D0 NtCreateProcessEx,22_2_1E7799D0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7795D0 NtClose,22_2_1E7795D0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_0056C931 NtProtectVirtualMemory,22_2_0056C931
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_0056CA61 Sleep,LdrInitializeThunk,NtProtectVirtualMemory,22_2_0056CA61
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_0056C8E4 NtProtectVirtualMemory,22_2_0056C8E4
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_0056C925 NtProtectVirtualMemory,22_2_0056C925
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_0056C989 NtProtectVirtualMemory,22_2_0056C989
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_0056CAEE NtProtectVirtualMemory,22_2_0056CAEE
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeProcess Stats: CPU usage > 98%
        Source: Order List from Dunen Enterprise Corporation.exe, 00000000.00000000.233689534.000000000041E000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameMiry.exe vs Order List from Dunen Enterprise Corporation.exe
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.769810515.000000001E82F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Order List from Dunen Enterprise Corporation.exe
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000000.472475635.000000000041E000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameMiry.exe vs Order List from Dunen Enterprise Corporation.exe
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.771036580.000000001EA40000.00000040.00020000.sdmpBinary or memory string: OriginalFilenamemsdt.exej% vs Order List from Dunen Enterprise Corporation.exe
        Source: Order List from Dunen Enterprise Corporation.exeBinary or memory string: OriginalFilenameMiry.exe vs Order List from Dunen Enterprise Corporation.exe
        Source: Order List from Dunen Enterprise Corporation.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: Order List from Dunen Enterprise Corporation.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe 'C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe'
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeProcess created: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe 'C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe'
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\SysWOW64\msdt.exe
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeProcess created: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe 'C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe' Jump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
        Source: classification engineClassification label: mal100.rans.troj.spyw.evad.winEXE@4/0@2/0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: Binary string: msdt.pdbGCTL source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.771036580.000000001EA40000.00000040.00020000.sdmp
        Source: Binary string: wntdll.pdbUGP source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.769810515.000000001E82F000.00000040.00000001.sdmp
        Source: Binary string: wntdll.pdb source: Order List from Dunen Enterprise Corporation.exe
        Source: Binary string: msdt.pdb source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.771036580.000000001EA40000.00000040.00020000.sdmp

        Data Obfuscation:

        barindex
        Yara detected GuLoaderShow sources
        Source: Yara matchFile source: 00000000.00000002.473954904.0000000002880000.00000040.00000001.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_00417B70 push dword ptr [edi+000000BCh]; ret 0_2_0041857C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0040646C push es; iretd 0_2_0040646D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_00404C7E push eax; iretd 0_2_00404C89
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_004052CE push ebx; iretd 0_2_004052CF
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_00404CE2 push eax; iretd 0_2_00404C89
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_004038F6 push esi; ret 0_2_004038FD
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_00405D66 push ecx; iretd 0_2_00405D71
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_00403977 push ds; iretd 0_2_004039A8
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0040632C push esi; ret 0_2_00406338
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_00404FEB push ecx; iretd 0_2_00405001
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_004043F9 pushfd ; retf 0_2_004043FB
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_004063A4 push esi; ret 0_2_00406338
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288124F push es; retn 1022h0_2_028889AF
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028876B4 push es; retf 0_2_028876BC
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02887207 push es; retn 1022h0_2_028889AF
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028884FF push ebp; retf 0_2_02888500
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E78D0D1 push ecx; ret 22_2_1E78D0E4
        Source: initial sampleStatic PE information: section name: .text entropy: 7.10915094479
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeFile created: \order list from dunen enterprise corporation.exe
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeFile created: \order list from dunen enterprise corporation.exeJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion:

        barindex
        Tries to detect Any.runShow sources
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
        Source: Order List from Dunen Enterprise Corporation.exe, 00000000.00000002.473946073.0000000002860000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
        Source: Order List from Dunen Enterprise Corporation.exe, 00000000.00000002.473946073.0000000002860000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
        Tries to detect virtualization through RDTSC time measurementsShow sources
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeRDTSC instruction interceptor: First address: 000000000040897E second address: 0000000000408984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288A229 rdtsc 0_2_0288A229
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeSystem information queried: ModuleInformationJump to behavior
        Source: explorer.exe, 0000001A.00000000.751896607.0000000008A32000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
        Source: explorer.exe, 0000001A.00000000.751896607.0000000008A32000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.761567848.0000000000828000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWX
        Source: explorer.exe, 0000001A.00000000.724097033.0000000008B85000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
        Source: Order List from Dunen Enterprise Corporation.exe, 00000000.00000002.473946073.0000000002860000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublishershell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
        Source: explorer.exe, 0000001A.00000000.724097033.0000000008B85000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}e
        Source: explorer.exe, 0000001A.00000000.733051888.00000000048E0000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: explorer.exe, 0000001A.00000000.724097033.0000000008B85000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}C
        Source: explorer.exe, 0000001A.00000000.737829561.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000Datc
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.762004945.0000000000874000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
        Source: explorer.exe, 0000001A.00000000.737829561.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
        Source: explorer.exe, 0000001A.00000000.748324239.00000000069DE000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD002
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.762004945.0000000000874000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW,
        Source: Order List from Dunen Enterprise Corporation.exe, 00000000.00000002.473946073.0000000002860000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

        Anti Debugging:

        barindex
        Hides threads from debuggersShow sources
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288A229 rdtsc 0_2_0288A229
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288AA3D mov eax, dword ptr fs:[00000030h]0_2_0288AA3D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02886E48 mov eax, dword ptr fs:[00000030h]0_2_02886E48
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02883BDB mov eax, dword ptr fs:[00000030h]0_2_02883BDB
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028894CC mov eax, dword ptr fs:[00000030h]0_2_028894CC
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028894CE mov eax, dword ptr fs:[00000030h]0_2_028894CE
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028848DF mov eax, dword ptr fs:[00000030h]0_2_028848DF
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288AD8C mov eax, dword ptr fs:[00000030h]0_2_0288AD8C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02889D0C mov eax, dword ptr fs:[00000030h]0_2_02889D0C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_02884904 mov eax, dword ptr fs:[00000030h]0_2_02884904
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_0288AD75 mov eax, dword ptr fs:[00000030h]0_2_0288AD75
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E75AE73 mov eax, dword ptr fs:[00000030h]22_2_1E75AE73
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E75AE73 mov eax, dword ptr fs:[00000030h]22_2_1E75AE73
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E75AE73 mov eax, dword ptr fs:[00000030h]22_2_1E75AE73
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E75AE73 mov eax, dword ptr fs:[00000030h]22_2_1E75AE73
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E75AE73 mov eax, dword ptr fs:[00000030h]22_2_1E75AE73
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E77927A mov eax, dword ptr fs:[00000030h]22_2_1E77927A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E74766D mov eax, dword ptr fs:[00000030h]22_2_1E74766D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7EB260 mov eax, dword ptr fs:[00000030h]22_2_1E7EB260
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7EB260 mov eax, dword ptr fs:[00000030h]22_2_1E7EB260
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E800EA5 mov eax, dword ptr fs:[00000030h]22_2_1E800EA5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E800EA5 mov eax, dword ptr fs:[00000030h]22_2_1E800EA5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E800EA5 mov eax, dword ptr fs:[00000030h]22_2_1E800EA5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7C4257 mov eax, dword ptr fs:[00000030h]22_2_1E7C4257
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E739240 mov eax, dword ptr fs:[00000030h]22_2_1E739240
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E739240 mov eax, dword ptr fs:[00000030h]22_2_1E739240
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E739240 mov eax, dword ptr fs:[00000030h]22_2_1E739240
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E739240 mov eax, dword ptr fs:[00000030h]22_2_1E739240
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E747E41 mov eax, dword ptr fs:[00000030h]22_2_1E747E41
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E747E41 mov eax, dword ptr fs:[00000030h]22_2_1E747E41
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E747E41 mov eax, dword ptr fs:[00000030h]22_2_1E747E41
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E747E41 mov eax, dword ptr fs:[00000030h]22_2_1E747E41
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E747E41 mov eax, dword ptr fs:[00000030h]22_2_1E747E41
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E747E41 mov eax, dword ptr fs:[00000030h]22_2_1E747E41
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7EFE3F mov eax, dword ptr fs:[00000030h]22_2_1E7EFE3F
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73E620 mov eax, dword ptr fs:[00000030h]22_2_1E73E620
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E808ED6 mov eax, dword ptr fs:[00000030h]22_2_1E808ED6
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E774A2C mov eax, dword ptr fs:[00000030h]22_2_1E774A2C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E774A2C mov eax, dword ptr fs:[00000030h]22_2_1E774A2C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73AA16 mov eax, dword ptr fs:[00000030h]22_2_1E73AA16
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73AA16 mov eax, dword ptr fs:[00000030h]22_2_1E73AA16
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E753A1C mov eax, dword ptr fs:[00000030h]22_2_1E753A1C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76A61C mov eax, dword ptr fs:[00000030h]22_2_1E76A61C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76A61C mov eax, dword ptr fs:[00000030h]22_2_1E76A61C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73C600 mov eax, dword ptr fs:[00000030h]22_2_1E73C600
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73C600 mov eax, dword ptr fs:[00000030h]22_2_1E73C600
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73C600 mov eax, dword ptr fs:[00000030h]22_2_1E73C600
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E768E00 mov eax, dword ptr fs:[00000030h]22_2_1E768E00
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E748A0A mov eax, dword ptr fs:[00000030h]22_2_1E748A0A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E762AE4 mov eax, dword ptr fs:[00000030h]22_2_1E762AE4
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7616E0 mov ecx, dword ptr fs:[00000030h]22_2_1E7616E0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7476E2 mov eax, dword ptr fs:[00000030h]22_2_1E7476E2
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E778EC7 mov eax, dword ptr fs:[00000030h]22_2_1E778EC7
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7636CC mov eax, dword ptr fs:[00000030h]22_2_1E7636CC
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E762ACB mov eax, dword ptr fs:[00000030h]22_2_1E762ACB
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7EFEC0 mov eax, dword ptr fs:[00000030h]22_2_1E7EFEC0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E74AAB0 mov eax, dword ptr fs:[00000030h]22_2_1E74AAB0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E74AAB0 mov eax, dword ptr fs:[00000030h]22_2_1E74AAB0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76FAB0 mov eax, dword ptr fs:[00000030h]22_2_1E76FAB0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7352A5 mov eax, dword ptr fs:[00000030h]22_2_1E7352A5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7352A5 mov eax, dword ptr fs:[00000030h]22_2_1E7352A5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7352A5 mov eax, dword ptr fs:[00000030h]22_2_1E7352A5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7352A5 mov eax, dword ptr fs:[00000030h]22_2_1E7352A5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7352A5 mov eax, dword ptr fs:[00000030h]22_2_1E7352A5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B46A7 mov eax, dword ptr fs:[00000030h]22_2_1E7B46A7
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76D294 mov eax, dword ptr fs:[00000030h]22_2_1E76D294
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76D294 mov eax, dword ptr fs:[00000030h]22_2_1E76D294
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E808A62 mov eax, dword ptr fs:[00000030h]22_2_1E808A62
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7CFE87 mov eax, dword ptr fs:[00000030h]22_2_1E7CFE87
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E763B7A mov eax, dword ptr fs:[00000030h]22_2_1E763B7A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E763B7A mov eax, dword ptr fs:[00000030h]22_2_1E763B7A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73DB60 mov ecx, dword ptr fs:[00000030h]22_2_1E73DB60
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E74FF60 mov eax, dword ptr fs:[00000030h]22_2_1E74FF60
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E805BA5 mov eax, dword ptr fs:[00000030h]22_2_1E805BA5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73F358 mov eax, dword ptr fs:[00000030h]22_2_1E73F358
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73DB40 mov eax, dword ptr fs:[00000030h]22_2_1E73DB40
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E74EF40 mov eax, dword ptr fs:[00000030h]22_2_1E74EF40
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76E730 mov eax, dword ptr fs:[00000030h]22_2_1E76E730
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E734F2E mov eax, dword ptr fs:[00000030h]22_2_1E734F2E
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E734F2E mov eax, dword ptr fs:[00000030h]22_2_1E734F2E
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E75F716 mov eax, dword ptr fs:[00000030h]22_2_1E75F716
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F131B mov eax, dword ptr fs:[00000030h]22_2_1E7F131B
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7CFF10 mov eax, dword ptr fs:[00000030h]22_2_1E7CFF10
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7CFF10 mov eax, dword ptr fs:[00000030h]22_2_1E7CFF10
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76A70E mov eax, dword ptr fs:[00000030h]22_2_1E76A70E
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76A70E mov eax, dword ptr fs:[00000030h]22_2_1E76A70E
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7737F5 mov eax, dword ptr fs:[00000030h]22_2_1E7737F5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E80070D mov eax, dword ptr fs:[00000030h]22_2_1E80070D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E80070D mov eax, dword ptr fs:[00000030h]22_2_1E80070D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7603E2 mov eax, dword ptr fs:[00000030h]22_2_1E7603E2
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7603E2 mov eax, dword ptr fs:[00000030h]22_2_1E7603E2
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7603E2 mov eax, dword ptr fs:[00000030h]22_2_1E7603E2
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7603E2 mov eax, dword ptr fs:[00000030h]22_2_1E7603E2
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7603E2 mov eax, dword ptr fs:[00000030h]22_2_1E7603E2
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7603E2 mov eax, dword ptr fs:[00000030h]22_2_1E7603E2
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B53CA mov eax, dword ptr fs:[00000030h]22_2_1E7B53CA
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B53CA mov eax, dword ptr fs:[00000030h]22_2_1E7B53CA
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E808B58 mov eax, dword ptr fs:[00000030h]22_2_1E808B58
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E764BAD mov eax, dword ptr fs:[00000030h]22_2_1E764BAD
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E764BAD mov eax, dword ptr fs:[00000030h]22_2_1E764BAD
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E764BAD mov eax, dword ptr fs:[00000030h]22_2_1E764BAD
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E748794 mov eax, dword ptr fs:[00000030h]22_2_1E748794
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E762397 mov eax, dword ptr fs:[00000030h]22_2_1E762397
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76B390 mov eax, dword ptr fs:[00000030h]22_2_1E76B390
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E808F6A mov eax, dword ptr fs:[00000030h]22_2_1E808F6A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B7794 mov eax, dword ptr fs:[00000030h]22_2_1E7B7794
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B7794 mov eax, dword ptr fs:[00000030h]22_2_1E7B7794
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B7794 mov eax, dword ptr fs:[00000030h]22_2_1E7B7794
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F138A mov eax, dword ptr fs:[00000030h]22_2_1E7F138A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E741B8F mov eax, dword ptr fs:[00000030h]22_2_1E741B8F
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E741B8F mov eax, dword ptr fs:[00000030h]22_2_1E741B8F
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7ED380 mov ecx, dword ptr fs:[00000030h]22_2_1E7ED380
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F2073 mov eax, dword ptr fs:[00000030h]22_2_1E7F2073
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E75746D mov eax, dword ptr fs:[00000030h]22_2_1E75746D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E750050 mov eax, dword ptr fs:[00000030h]22_2_1E750050
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E750050 mov eax, dword ptr fs:[00000030h]22_2_1E750050
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7CC450 mov eax, dword ptr fs:[00000030h]22_2_1E7CC450
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7CC450 mov eax, dword ptr fs:[00000030h]22_2_1E7CC450
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76A44B mov eax, dword ptr fs:[00000030h]22_2_1E76A44B
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E808CD6 mov eax, dword ptr fs:[00000030h]22_2_1E808CD6
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76BC2C mov eax, dword ptr fs:[00000030h]22_2_1E76BC2C
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76002D mov eax, dword ptr fs:[00000030h]22_2_1E76002D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76002D mov eax, dword ptr fs:[00000030h]22_2_1E76002D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76002D mov eax, dword ptr fs:[00000030h]22_2_1E76002D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76002D mov eax, dword ptr fs:[00000030h]22_2_1E76002D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76002D mov eax, dword ptr fs:[00000030h]22_2_1E76002D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E74B02A mov eax, dword ptr fs:[00000030h]22_2_1E74B02A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E74B02A mov eax, dword ptr fs:[00000030h]22_2_1E74B02A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E74B02A mov eax, dword ptr fs:[00000030h]22_2_1E74B02A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E74B02A mov eax, dword ptr fs:[00000030h]22_2_1E74B02A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B7016 mov eax, dword ptr fs:[00000030h]22_2_1E7B7016
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B7016 mov eax, dword ptr fs:[00000030h]22_2_1E7B7016
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B7016 mov eax, dword ptr fs:[00000030h]22_2_1E7B7016
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B6C0A mov eax, dword ptr fs:[00000030h]22_2_1E7B6C0A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B6C0A mov eax, dword ptr fs:[00000030h]22_2_1E7B6C0A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B6C0A mov eax, dword ptr fs:[00000030h]22_2_1E7B6C0A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B6C0A mov eax, dword ptr fs:[00000030h]22_2_1E7B6C0A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h]22_2_1E7F1C06
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h]22_2_1E7F1C06
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h]22_2_1E7F1C06
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h]22_2_1E7F1C06
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h]22_2_1E7F1C06
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h]22_2_1E7F1C06
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h]22_2_1E7F1C06
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h]22_2_1E7F1C06
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h]22_2_1E7F1C06
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h]22_2_1E7F1C06
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h]22_2_1E7F1C06
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h]22_2_1E7F1C06
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h]22_2_1E7F1C06
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F1C06 mov eax, dword ptr fs:[00000030h]22_2_1E7F1C06
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7F14FB mov eax, dword ptr fs:[00000030h]22_2_1E7F14FB
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B6CF0 mov eax, dword ptr fs:[00000030h]22_2_1E7B6CF0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B6CF0 mov eax, dword ptr fs:[00000030h]22_2_1E7B6CF0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B6CF0 mov eax, dword ptr fs:[00000030h]22_2_1E7B6CF0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E80740D mov eax, dword ptr fs:[00000030h]22_2_1E80740D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E80740D mov eax, dword ptr fs:[00000030h]22_2_1E80740D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E80740D mov eax, dword ptr fs:[00000030h]22_2_1E80740D
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E804015 mov eax, dword ptr fs:[00000030h]22_2_1E804015
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E804015 mov eax, dword ptr fs:[00000030h]22_2_1E804015
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7358EC mov eax, dword ptr fs:[00000030h]22_2_1E7358EC
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7CB8D0 mov eax, dword ptr fs:[00000030h]22_2_1E7CB8D0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7CB8D0 mov ecx, dword ptr fs:[00000030h]22_2_1E7CB8D0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7CB8D0 mov eax, dword ptr fs:[00000030h]22_2_1E7CB8D0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7CB8D0 mov eax, dword ptr fs:[00000030h]22_2_1E7CB8D0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7CB8D0 mov eax, dword ptr fs:[00000030h]22_2_1E7CB8D0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7CB8D0 mov eax, dword ptr fs:[00000030h]22_2_1E7CB8D0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76F0BF mov ecx, dword ptr fs:[00000030h]22_2_1E76F0BF
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76F0BF mov eax, dword ptr fs:[00000030h]22_2_1E76F0BF
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76F0BF mov eax, dword ptr fs:[00000030h]22_2_1E76F0BF
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7620A0 mov eax, dword ptr fs:[00000030h]22_2_1E7620A0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7620A0 mov eax, dword ptr fs:[00000030h]22_2_1E7620A0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7620A0 mov eax, dword ptr fs:[00000030h]22_2_1E7620A0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7620A0 mov eax, dword ptr fs:[00000030h]22_2_1E7620A0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7620A0 mov eax, dword ptr fs:[00000030h]22_2_1E7620A0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7620A0 mov eax, dword ptr fs:[00000030h]22_2_1E7620A0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7790AF mov eax, dword ptr fs:[00000030h]22_2_1E7790AF
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E74849B mov eax, dword ptr fs:[00000030h]22_2_1E74849B
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E739080 mov eax, dword ptr fs:[00000030h]22_2_1E739080
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E801074 mov eax, dword ptr fs:[00000030h]22_2_1E801074
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B3884 mov eax, dword ptr fs:[00000030h]22_2_1E7B3884
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B3884 mov eax, dword ptr fs:[00000030h]22_2_1E7B3884
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73B171 mov eax, dword ptr fs:[00000030h]22_2_1E73B171
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73B171 mov eax, dword ptr fs:[00000030h]22_2_1E73B171
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E75C577 mov eax, dword ptr fs:[00000030h]22_2_1E75C577
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E75C577 mov eax, dword ptr fs:[00000030h]22_2_1E75C577
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73C962 mov eax, dword ptr fs:[00000030h]22_2_1E73C962
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E757D50 mov eax, dword ptr fs:[00000030h]22_2_1E757D50
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E75B944 mov eax, dword ptr fs:[00000030h]22_2_1E75B944
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E75B944 mov eax, dword ptr fs:[00000030h]22_2_1E75B944
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E773D43 mov eax, dword ptr fs:[00000030h]22_2_1E773D43
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B3540 mov eax, dword ptr fs:[00000030h]22_2_1E7B3540
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h]22_2_1E743D34
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h]22_2_1E743D34
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h]22_2_1E743D34
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h]22_2_1E743D34
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h]22_2_1E743D34
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h]22_2_1E743D34
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h]22_2_1E743D34
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h]22_2_1E743D34
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h]22_2_1E743D34
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h]22_2_1E743D34
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h]22_2_1E743D34
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h]22_2_1E743D34
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E743D34 mov eax, dword ptr fs:[00000030h]22_2_1E743D34
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73AD30 mov eax, dword ptr fs:[00000030h]22_2_1E73AD30
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76513A mov eax, dword ptr fs:[00000030h]22_2_1E76513A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76513A mov eax, dword ptr fs:[00000030h]22_2_1E76513A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7BA537 mov eax, dword ptr fs:[00000030h]22_2_1E7BA537
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E764D3B mov eax, dword ptr fs:[00000030h]22_2_1E764D3B
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E764D3B mov eax, dword ptr fs:[00000030h]22_2_1E764D3B
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E764D3B mov eax, dword ptr fs:[00000030h]22_2_1E764D3B
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E754120 mov eax, dword ptr fs:[00000030h]22_2_1E754120
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E754120 mov eax, dword ptr fs:[00000030h]22_2_1E754120
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E754120 mov eax, dword ptr fs:[00000030h]22_2_1E754120
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E754120 mov eax, dword ptr fs:[00000030h]22_2_1E754120
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E754120 mov ecx, dword ptr fs:[00000030h]22_2_1E754120
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E739100 mov eax, dword ptr fs:[00000030h]22_2_1E739100
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E739100 mov eax, dword ptr fs:[00000030h]22_2_1E739100
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E739100 mov eax, dword ptr fs:[00000030h]22_2_1E739100
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7E8DF1 mov eax, dword ptr fs:[00000030h]22_2_1E7E8DF1
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73B1E1 mov eax, dword ptr fs:[00000030h]22_2_1E73B1E1
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73B1E1 mov eax, dword ptr fs:[00000030h]22_2_1E73B1E1
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E73B1E1 mov eax, dword ptr fs:[00000030h]22_2_1E73B1E1
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7C41E8 mov eax, dword ptr fs:[00000030h]22_2_1E7C41E8
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E74D5E0 mov eax, dword ptr fs:[00000030h]22_2_1E74D5E0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E74D5E0 mov eax, dword ptr fs:[00000030h]22_2_1E74D5E0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E808D34 mov eax, dword ptr fs:[00000030h]22_2_1E808D34
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E761DB5 mov eax, dword ptr fs:[00000030h]22_2_1E761DB5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E761DB5 mov eax, dword ptr fs:[00000030h]22_2_1E761DB5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E761DB5 mov eax, dword ptr fs:[00000030h]22_2_1E761DB5
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B51BE mov eax, dword ptr fs:[00000030h]22_2_1E7B51BE
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B51BE mov eax, dword ptr fs:[00000030h]22_2_1E7B51BE
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B51BE mov eax, dword ptr fs:[00000030h]22_2_1E7B51BE
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B51BE mov eax, dword ptr fs:[00000030h]22_2_1E7B51BE
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7661A0 mov eax, dword ptr fs:[00000030h]22_2_1E7661A0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7661A0 mov eax, dword ptr fs:[00000030h]22_2_1E7661A0
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7635A1 mov eax, dword ptr fs:[00000030h]22_2_1E7635A1
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E7B69A6 mov eax, dword ptr fs:[00000030h]22_2_1E7B69A6
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E762990 mov eax, dword ptr fs:[00000030h]22_2_1E762990
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76FD9B mov eax, dword ptr fs:[00000030h]22_2_1E76FD9B
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76FD9B mov eax, dword ptr fs:[00000030h]22_2_1E76FD9B
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E76A185 mov eax, dword ptr fs:[00000030h]22_2_1E76A185
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E75C182 mov eax, dword ptr fs:[00000030h]22_2_1E75C182
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E762581 mov eax, dword ptr fs:[00000030h]22_2_1E762581
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E762581 mov eax, dword ptr fs:[00000030h]22_2_1E762581
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E762581 mov eax, dword ptr fs:[00000030h]22_2_1E762581
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E762581 mov eax, dword ptr fs:[00000030h]22_2_1E762581
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E732D8A mov eax, dword ptr fs:[00000030h]22_2_1E732D8A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E732D8A mov eax, dword ptr fs:[00000030h]22_2_1E732D8A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E732D8A mov eax, dword ptr fs:[00000030h]22_2_1E732D8A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E732D8A mov eax, dword ptr fs:[00000030h]22_2_1E732D8A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 22_2_1E732D8A mov eax, dword ptr fs:[00000030h]22_2_1E732D8A
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeCode function: 0_2_028883F0 LdrInitializeThunk,0_2_028883F0

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Maps a DLL or memory area into another processShow sources
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
        Queues an APC in another process (thread injection)Show sources
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
        Modifies the context of a thread in another process (thread injection)Show sources
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeThread register set: target process: 3292Jump to behavior
        Source: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exeProcess created: C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe 'C:\Users\user\Desktop\Order List from Dunen Enterprise Corporation.exe' Jump to behavior
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.764018786.0000000000EB0000.00000002.00020000.sdmp, explorer.exe, 0000001A.00000002.764271707.0000000001400000.00000002.00020000.sdmpBinary or memory string: uProgram Manager
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.764018786.0000000000EB0000.00000002.00020000.sdmp, explorer.exe, 0000001A.00000002.764271707.0000000001400000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.764018786.0000000000EB0000.00000002.00020000.sdmp, explorer.exe, 0000001A.00000002.764271707.0000000001400000.00000002.00020000.sdmpBinary or memory string: Progman
        Source: Order List from Dunen Enterprise Corporation.exe, 00000016.00000002.764018786.0000000000EB0000.00000002.00020000.sdmp, explorer.exe, 0000001A.00000002.764271707.0000000001400000.00000002.00020000.sdmpBinary or memory string: Progmanlock
        Source: explorer.exe, 0000001A.00000000.717213239.0000000000EB8000.00000004.00000020.sdmpBinary or memory string: ProgmanX
        Source: explorer.exe, 0000001A.00000000.737829561.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWndAj

        Stealing of Sensitive Information:

        barindex
        Yara detected Generic DropperShow sources
        Source: Yara matchFile source: Process Memory Space: Order List from Dunen Enterprise Corporation.exe PID: 5796, type: MEMORYSTR