Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_00405E93 FindFirstFileA,FindClose, |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA, |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_00402671 FindFirstFileA, |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_00404A29 FindFirstFileExW, |
Source: Purchase Order PO5351.exe, 00000002.00000002.550115709.0000000002341000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: Purchase Order PO5351.exe, 00000002.00000002.550115709.0000000002341000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: Purchase Order PO5351.exe, 00000002.00000002.550115709.0000000002341000.00000004.00000001.sdmp | String found in binary or memory: http://JydZpq.com |
Source: Purchase Order PO5351.exe, 00000002.00000002.550446128.0000000002694000.00000004.00000001.sdmp | String found in binary or memory: http://appalliser.com |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0 |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0 |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: Purchase Order PO5351.exe, 00000002.00000002.553363264.0000000005930000.00000004.00000001.sdmp | String found in binary or memory: http://cps.letsencrypt.org0 |
Source: Purchase Order PO5351.exe, 00000002.00000002.553363264.0000000005930000.00000004.00000001.sdmp | String found in binary or memory: http://crl.veris |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08 |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00 |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: Purchase Order PO5351.exe, 00000002.00000002.553363264.0000000005930000.00000004.00000001.sdmp | String found in binary or memory: http://ctldl.windowsupdate.com/ |
Source: Purchase Order PO5351.exe, 00000002.00000002.553525383.00000000059A6000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.2.dr | String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: Purchase Order PO5351.exe, 00000002.00000002.553363264.0000000005930000.00000004.00000001.sdmp | String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?1fdd1722a2534 |
Source: Purchase Order PO5351.exe, 00000002.00000002.550446128.0000000002694000.00000004.00000001.sdmp | String found in binary or memory: http://mail.appalliser.com |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://nsis.sf.net/NSIS_Error |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://ocsp.digicert.com0A |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://ocsp.digicert.com0C |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://ocsp.digicert.com0L |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://ocsp.digicert.com0N |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://ocsp.digicert.com0O |
Source: Purchase Order PO5351.exe, 00000002.00000002.553363264.0000000005930000.00000004.00000001.sdmp | String found in binary or memory: http://r3.i.lencr.org/0 |
Source: Purchase Order PO5351.exe, 00000002.00000002.553363264.0000000005930000.00000004.00000001.sdmp | String found in binary or memory: http://r3.o.lencr.org0 |
Source: Purchase Order PO5351.exe | String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: Purchase Order PO5351.exe, 00000002.00000002.553363264.0000000005930000.00000004.00000001.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
Source: Purchase Order PO5351.exe, 00000002.00000002.553363264.0000000005930000.00000004.00000001.sdmp, 2D85F72862B55C4EADD9E66E06947F3D0.2.dr | String found in binary or memory: http://x1.i.lencr.org/ |
Source: Purchase Order PO5351.exe, 00000002.00000002.553363264.0000000005930000.00000004.00000001.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
Source: Purchase Order PO5351.exe, 00000002.00000003.508552580.00000000059BA000.00000004.00000001.sdmp | String found in binary or memory: https://dii.lencr.org/ |
Source: Purchase Order PO5351.exe, 00000002.00000002.550115709.0000000002341000.00000004.00000001.sdmp, Purchase Order PO5351.exe, 00000002.00000003.491025576.0000000000644000.00000004.00000001.sdmp | String found in binary or memory: https://m5KdogWJECP9WFOWfNf.org |
Source: Purchase Order PO5351.exe | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: Purchase Order PO5351.exe | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: Purchase Order PO5351.exe, 00000002.00000002.550115709.0000000002341000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_00404FC2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess, |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_004047D3 |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_004061D4 |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_72F369FA |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_72F36A09 |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_0040A2A5 |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_0075EC80 |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_00756180 |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_0075E288 |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_0075D8A0 |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_008B2D30 |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_008B4A4C |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_008B7E70 |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_008B0040 |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_008BD780 |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_008CC960 |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_008C7250 |
Source: Purchase Order PO5351.exe, 00000000.00000003.283553488.000000000F21F000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order PO5351.exe |
Source: Purchase Order PO5351.exe, 00000000.00000002.293225806.00000000023A0000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamekLkdFlZsZNmHamqDFHmrAA.exe4 vs Purchase Order PO5351.exe |
Source: Purchase Order PO5351.exe | Binary or memory string: OriginalFilename vs Purchase Order PO5351.exe |
Source: Purchase Order PO5351.exe, 00000002.00000002.551186931.0000000004812000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenamekLkdFlZsZNmHamqDFHmrAA.exe4 vs Purchase Order PO5351.exe |
Source: Purchase Order PO5351.exe, 00000002.00000002.548280613.0000000000199000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameUNKNOWN_FILET vs Purchase Order PO5351.exe |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_00405E93 FindFirstFileA,FindClose, |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA, |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_00402671 FindFirstFileA, |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_00404A29 FindFirstFileExW, |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_72F36402 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_72F366C7 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_72F36744 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_72F36616 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_72F36706 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_004035F1 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_00401E1D SetUnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_0040446F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_00401C88 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 2_2_00401F30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: C:\Users\user\Desktop\Purchase Order PO5351.exe | Code function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess, |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.415058.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.3345530.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.3345530.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.4e81b0.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.1.Purchase Order PO5351.exe.415058.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.47c0000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.Purchase Order PO5351.exe.23b1458.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.1.Purchase Order PO5351.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.Purchase Order PO5351.exe.23b1458.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.4810000.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.47c0000.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.Purchase Order PO5351.exe.23a0000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.4e81b0.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.1.Purchase Order PO5351.exe.415058.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.Purchase Order PO5351.exe.23a0000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.415058.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000002.00000002.551186931.0000000004812000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000001.291805615.0000000000414000.00000040.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.550696214.0000000003341000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.548389108.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.550919665.00000000047C0000.00000004.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.293225806.00000000023A0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.548716786.00000000004CB000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.550115709.0000000002341000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: Purchase Order PO5351.exe PID: 492, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: Purchase Order PO5351.exe PID: 5504, type: MEMORYSTR |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.415058.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.3345530.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.3345530.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.4e81b0.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.1.Purchase Order PO5351.exe.415058.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.47c0000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.Purchase Order PO5351.exe.23b1458.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.1.Purchase Order PO5351.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.Purchase Order PO5351.exe.23b1458.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.4810000.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.47c0000.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.Purchase Order PO5351.exe.23a0000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.4e81b0.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.1.Purchase Order PO5351.exe.415058.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.Purchase Order PO5351.exe.23a0000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.Purchase Order PO5351.exe.415058.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000002.00000002.551186931.0000000004812000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000001.291805615.0000000000414000.00000040.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.550696214.0000000003341000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.548389108.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.550919665.00000000047C0000.00000004.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.293225806.00000000023A0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.548716786.00000000004CB000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.550115709.0000000002341000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: Purchase Order PO5351.exe PID: 492, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: Purchase Order PO5351.exe PID: 5504, type: MEMORYSTR |