Source: C:\Users\user\Desktop\EPAYMENT.exe | Code function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Users\user\Desktop\EPAYMENT.exe | Code function: 0_2_0040699E FindFirstFileW,FindClose, |
Source: C:\Users\user\Desktop\EPAYMENT.exe | Code function: 0_2_0040290B FindFirstFileW, |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: audio-x-generic.png.0.dr | String found in binary or memory: http://creativecommons.org/licenses/by-sa/4.0/ |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: http://crl.globalsign.com/gsextendcodesignsha2g3.crl0 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: http://crl.globalsign.com/root-r3.crl0b |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: http://crl.globalsign.com/root.crl0G |
Source: EPAYMENT.exe | String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: EPAYMENT.exe | String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# |
Source: EPAYMENT.exe | String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: http://ocsp.digicert.com0C |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: http://ocsp.digicert.com0O |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: http://ocsp.globalsign.com/rootr103 |
Source: EPAYMENT.exe | String found in binary or memory: http://ocsp.sectigo.com0 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://ocsp.thawte.com0 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: http://ocsp2.globalsign.com/gsextendcodesignsha2g30U |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: http://ocsp2.globalsign.com/rootr306 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://s.symcd.com06 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://s2.symcb.com0 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://sv.symcb.com/sv.crl0f |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://sv.symcd.com0& |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: NeroCmd.exe.0.dr | String found in binary or memory: http://www.nero.com |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://www.symauth.com/cps0( |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: http://www.symauth.com/rpa00 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: https://d.symcb.com/cps0% |
Source: NeroCmd.exe.0.dr | String found in binary or memory: https://d.symcb.com/rpa0 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, NeroCmd.exe.0.dr | String found in binary or memory: https://d.symcb.com/rpa0. |
Source: EPAYMENT.exe | String found in binary or memory: https://sectigo.com/CPS0D |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: EPAYMENT.exe, 00000000.00000002.772633935.000000000299F000.00000004.00000800.00020000.00000000.sdmp, ArmouryCrate.AppServiceBridge.exe.0.dr | String found in binary or memory: https://www.globalsign.com/repository/0 |
Source: C:\Users\user\Desktop\EPAYMENT.exe | Code function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, |
Source: C:\Users\user\Desktop\EPAYMENT.exe | Code function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
Source: C:\Users\user\Desktop\EPAYMENT.exe | Code function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
Source: NeroCmd.exe.0.dr | Static PE information: section name: .shared |
Source: libtclsqlite3.dll.0.dr | Static PE information: section name: .xdata |
Source: libtclsqlite3.dll.0.dr | Static PE information: section name: /4 |
Source: libtclsqlite3.dll.0.dr | Static PE information: section name: /19 |
Source: libtclsqlite3.dll.0.dr | Static PE information: section name: /31 |
Source: libtclsqlite3.dll.0.dr | Static PE information: section name: /45 |
Source: libtclsqlite3.dll.0.dr | Static PE information: section name: /57 |
Source: libtclsqlite3.dll.0.dr | Static PE information: section name: /70 |
Source: libtclsqlite3.dll.0.dr | Static PE information: section name: /81 |
Source: libtclsqlite3.dll.0.dr | Static PE information: section name: /92 |
Source: C:\Users\user\Desktop\EPAYMENT.exe | Code function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
Source: C:\Users\user\Desktop\EPAYMENT.exe | Code function: 0_2_0040699E FindFirstFileW,FindClose, |
Source: C:\Users\user\Desktop\EPAYMENT.exe | Code function: 0_2_0040290B FindFirstFileW, |
Source: C:\Users\user\Desktop\EPAYMENT.exe | Code function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |