Source: C:\Users\user\Desktop\invoice.exe |
Code function: 0_2_00406268 FindFirstFileA,FindClose, |
0_2_00406268 |
Source: C:\Users\user\Desktop\invoice.exe |
Code function: 0_2_0040572D GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, |
0_2_0040572D |
Source: C:\Users\user\Desktop\invoice.exe |
Code function: 0_2_004026F8 FindFirstFileA, |
0_2_004026F8 |
Source: C:\Users\user\Desktop\invoice.exe |
File opened: C:\Users\user\AppData\Roaming |
Jump to behavior |
Source: C:\Users\user\Desktop\invoice.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\invoice.exe |
File opened: C:\Users\user |
Jump to behavior |
Source: C:\Users\user\Desktop\invoice.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft |
Jump to behavior |
Source: C:\Users\user\Desktop\invoice.exe |
File opened: C:\Users\user\AppData |
Jump to behavior |
Source: C:\Users\user\Desktop\invoice.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows |
Jump to behavior |
Source: invoice.exe, 00000000.00000002.837716661.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Mss32.dll.0.dr, lang-1059.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: invoice.exe, 00000000.00000002.837716661.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Mss32.dll.0.dr, lang-1059.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: invoice.exe, 00000000.00000002.837716661.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1059.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: invoice.exe |
String found in binary or memory: http://crl.certum.pl/ctnca.crl0k |
Source: invoice.exe |
String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l |
Source: invoice.exe |
String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o |
Source: NMDllHost.exe.0.dr, Mss32.dll.0.dr |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: invoice.exe, 00000000.00000002.837716661.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Mss32.dll.0.dr, lang-1059.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: invoice.exe, 00000000.00000002.837716661.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1059.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: invoice.exe, 00000000.00000002.837716661.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Mss32.dll.0.dr, lang-1059.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: invoice.exe, 00000000.00000002.837716661.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1059.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: invoice.exe, 00000000.00000002.837716661.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Mss32.dll.0.dr, lang-1059.dll.0.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: invoice.exe, 00000000.00000002.837716661.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Mss32.dll.0.dr, lang-1059.dll.0.dr |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L |
Source: invoice.exe, 00000000.00000002.837716661.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1059.dll.0.dr |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: invoice.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_Error |
Source: invoice.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: invoice.exe, 00000000.00000002.837716661.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Mss32.dll.0.dr, lang-1059.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: invoice.exe, 00000000.00000002.837716661.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Mss32.dll.0.dr, lang-1059.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0N |
Source: invoice.exe, 00000000.00000002.837716661.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1059.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: NMDllHost.exe.0.dr, Mss32.dll.0.dr |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: invoice.exe |
String found in binary or memory: http://repository.certum.pl/ctnca.cer09 |
Source: invoice.exe |
String found in binary or memory: http://repository.certum.pl/ctnca2.cer09 |
Source: invoice.exe |
String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0 |
Source: NMDllHost.exe.0.dr |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: NMDllHost.exe.0.dr |
String found in binary or memory: http://s2.symcb.com0 |
Source: SourceCodePro-ExtraLight.otf.0.dr |
String found in binary or memory: http://scripts.sil.org/OFLSource |
Source: invoice.exe |
String found in binary or memory: http://subca.ocsp-certum.com01 |
Source: invoice.exe |
String found in binary or memory: http://subca.ocsp-certum.com02 |
Source: invoice.exe |
String found in binary or memory: http://subca.ocsp-certum.com05 |
Source: NMDllHost.exe.0.dr |
String found in binary or memory: http://sv.symcb.com/sv.crl0f |
Source: NMDllHost.exe.0.dr |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: NMDllHost.exe.0.dr |
String found in binary or memory: http://sv.symcd.com0& |
Source: NMDllHost.exe.0.dr, Mss32.dll.0.dr |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: NMDllHost.exe.0.dr, Mss32.dll.0.dr |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: NMDllHost.exe.0.dr, Mss32.dll.0.dr |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: invoice.exe, 00000000.00000002.837716661.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1059.dll.0.dr |
String found in binary or memory: http://www.avast.com0/ |
Source: invoice.exe |
String found in binary or memory: http://www.certum.pl/CPS0 |
Source: invoice.exe, 00000000.00000002.837716661.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lang-1059.dll.0.dr |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: NMDllHost.exe.0.dr |
String found in binary or memory: http://www.nero.com |
Source: NMDllHost.exe.0.dr |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: NMDllHost.exe.0.dr |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: NMDllHost.exe.0.dr |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: NMDllHost.exe.0.dr |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: invoice.exe, 00000000.00000002.837716661.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Mss32.dll.0.dr, lang-1059.dll.0.dr |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: C:\Users\user\Desktop\invoice.exe |
Code function: 0_2_004051CA GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_004051CA |
Source: NMDllHost.exe.0.dr |
String found in binary or memory: ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ |
Source: NMDllHost.exe.0.dr |
String found in binary or memory: ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ6 |
Source: Mss32.dll.0.dr |
String found in binary or memory: _AIL_unlock@0 |
Source: C:\Users\user\Desktop\invoice.exe |
Code function: 0_2_004031F1 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_004031F1 |
Source: C:\Users\user\Desktop\invoice.exe |
Code function: 0_2_004031F1 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_004031F1 |
Source: C:\Users\user\Desktop\invoice.exe |
Code function: 0_2_00404496 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, |
0_2_00404496 |
Source: C:\Users\user\Desktop\invoice.exe |
Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA, |
0_2_10001A5D |
Source: C:\Users\user\Desktop\invoice.exe |
File created: C:\Users\user\AppData\Local\Temp\nsfE5AA.tmp\System.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\invoice.exe |
File created: C:\Users\user\AppData\Local\Temp\nsfE5AA.tmp\AdvSplash.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\invoice.exe |
File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Antimodernly\trever\Hovedinteressers\lang-1059.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\invoice.exe |
File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Inkshed\NMDllHost.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\invoice.exe |
File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Ath_CoexAgent.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\invoice.exe |
File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Inkshed\Mss32.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\invoice.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Antimodernly\trever\Hovedinteressers\lang-1059.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\invoice.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Inkshed\NMDllHost.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\invoice.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Ath_CoexAgent.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\invoice.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Inkshed\Mss32.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\invoice.exe |
Code function: 0_2_00406268 FindFirstFileA,FindClose, |
0_2_00406268 |
Source: C:\Users\user\Desktop\invoice.exe |
Code function: 0_2_0040572D GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, |
0_2_0040572D |
Source: C:\Users\user\Desktop\invoice.exe |
Code function: 0_2_004026F8 FindFirstFileA, |
0_2_004026F8 |
Source: C:\Users\user\Desktop\invoice.exe |
File opened: C:\Users\user\AppData\Roaming |
Jump to behavior |
Source: C:\Users\user\Desktop\invoice.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\invoice.exe |
File opened: C:\Users\user |
Jump to behavior |
Source: C:\Users\user\Desktop\invoice.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft |
Jump to behavior |
Source: C:\Users\user\Desktop\invoice.exe |
File opened: C:\Users\user\AppData |
Jump to behavior |
Source: C:\Users\user\Desktop\invoice.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows |
Jump to behavior |
Source: C:\Users\user\Desktop\invoice.exe |
Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA, |
0_2_10001A5D |
Source: C:\Users\user\Desktop\invoice.exe |
Code function: 0_2_004031F1 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_004031F1 |