Source: | Binary string: \??\C:\Users\user\Desktop\Purchase Order.PDB source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.ni.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: System.ni.pdbRSDS source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: n.pdb source: Purchase Order.exe, 00000003.00000002.2204985960.0000000000EF7000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: ydwx.pdbSHA256 source: Purchase Order.exe |
Source: | Binary string: System.Configuration.pdb8S source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: ydwx.pdbs\ydwx.pdbpdbdwx.pdb source: Purchase Order.exe, 00000003.00000002.2204985960.0000000000EF7000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbM source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.ni.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Windows\exe\ydwx.pdbum source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.ni.pdbRSDS source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: nDC:\Users\user\Desktop\ydwx.pdb source: Purchase Order.exe, 00000003.00000002.2204985960.0000000000EF7000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\mscorlib.pdb-m source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\mscorlib.pdbmm source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Windows\ydwx.pdb source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Users\user\Desktop\ydwx.pdbdb source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: System.Xml.ni.pdbRSDS# source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Windows\symbols\exe\ydwx.pdbH source: Purchase Order.exe, 00000003.00000002.2205493610.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Microsoft.VisualBasic.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: System.Core.ni.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: nC:\Users\user\Desktop\ydwx.pdb source: Purchase Order.exe, 00000003.00000002.2204985960.0000000000EF7000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Windows.Forms.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: mscorlib.pdb source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp, WER9980.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb% source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ydwx.pdbon source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\exe\ydwx.pdb source: Purchase Order.exe, 00000003.00000002.2205493610.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.ni.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: System.Core.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: ydwx.pdb source: Purchase Order.exe |
Source: | Binary string: symbols\exe\ydwx.pdb source: Purchase Order.exe, 00000003.00000002.2204985960.0000000000EF7000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\ydwx.pdbpdbdwx.pdb source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n(C:\Windows\ydwx.pdb source: Purchase Order.exe, 00000003.00000002.2204985960.0000000000EF7000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.ni.pdbRSDScUN source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: System.ni.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: System.Core.ni.pdbRSDS source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Windows\exe\ydwx.pdb source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: 0.2.Purchase Order.exe.3d4c3b8.7.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.Purchase Order.exe.3d4c3b8.7.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.Purchase Order.exe.3d4c3b8.7.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.Purchase Order.exe.3d4c3b8.7.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 3.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 3.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.Purchase Order.exe.3d2bb98.9.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.Purchase Order.exe.3d2bb98.9.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.Purchase Order.exe.3d2bb98.9.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.Purchase Order.exe.3d2bb98.9.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.Purchase Order.exe.3d4c3b8.7.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.Purchase Order.exe.3d4c3b8.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.Purchase Order.exe.3d4c3b8.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 0.2.Purchase Order.exe.3d2bb98.9.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.Purchase Order.exe.3d2bb98.9.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.Purchase Order.exe.3d2bb98.9.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000003.00000002.2204842642.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000003.00000002.2204842642.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000000.00000002.2036940365.0000000003C5E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000000.00000002.2036940365.0000000003C5E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: Purchase Order.exe PID: 6368, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: Purchase Order.exe PID: 6368, type: MEMORYSTR | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: Purchase Order.exe PID: 5744, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: Purchase Order.exe PID: 5744, type: MEMORYSTR | Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: dwrite.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: rtutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: 0.2.Purchase Order.exe.3d4c3b8.7.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.Purchase Order.exe.3d4c3b8.7.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.Purchase Order.exe.3d4c3b8.7.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.Purchase Order.exe.3d4c3b8.7.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 3.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 3.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.Purchase Order.exe.3d2bb98.9.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.Purchase Order.exe.3d2bb98.9.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.Purchase Order.exe.3d2bb98.9.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.Purchase Order.exe.3d2bb98.9.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.Purchase Order.exe.3d4c3b8.7.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.Purchase Order.exe.3d4c3b8.7.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.Purchase Order.exe.3d4c3b8.7.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 0.2.Purchase Order.exe.3d2bb98.9.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.Purchase Order.exe.3d2bb98.9.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.Purchase Order.exe.3d2bb98.9.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000003.00000002.2204842642.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000003.00000002.2204842642.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000000.00000002.2036940365.0000000003C5E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.2036940365.0000000003C5E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: Purchase Order.exe PID: 6368, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: Purchase Order.exe PID: 6368, type: MEMORYSTR | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: Purchase Order.exe PID: 5744, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: Purchase Order.exe PID: 5744, type: MEMORYSTR | Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: | Binary string: \??\C:\Users\user\Desktop\Purchase Order.PDB source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.ni.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: System.ni.pdbRSDS source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: n.pdb source: Purchase Order.exe, 00000003.00000002.2204985960.0000000000EF7000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: ydwx.pdbSHA256 source: Purchase Order.exe |
Source: | Binary string: System.Configuration.pdb8S source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: ydwx.pdbs\ydwx.pdbpdbdwx.pdb source: Purchase Order.exe, 00000003.00000002.2204985960.0000000000EF7000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbM source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.ni.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Windows\exe\ydwx.pdbum source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.ni.pdbRSDS source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: nDC:\Users\user\Desktop\ydwx.pdb source: Purchase Order.exe, 00000003.00000002.2204985960.0000000000EF7000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\mscorlib.pdb-m source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\mscorlib.pdbmm source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Windows\ydwx.pdb source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Users\user\Desktop\ydwx.pdbdb source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: System.Xml.ni.pdbRSDS# source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Windows\symbols\exe\ydwx.pdbH source: Purchase Order.exe, 00000003.00000002.2205493610.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Microsoft.VisualBasic.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: System.Core.ni.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: nC:\Users\user\Desktop\ydwx.pdb source: Purchase Order.exe, 00000003.00000002.2204985960.0000000000EF7000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Windows.Forms.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: mscorlib.pdb source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp, WER9980.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb% source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ydwx.pdbon source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\exe\ydwx.pdb source: Purchase Order.exe, 00000003.00000002.2205493610.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.ni.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: System.Core.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: ydwx.pdb source: Purchase Order.exe |
Source: | Binary string: symbols\exe\ydwx.pdb source: Purchase Order.exe, 00000003.00000002.2204985960.0000000000EF7000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\ydwx.pdbpdbdwx.pdb source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n(C:\Windows\ydwx.pdb source: Purchase Order.exe, 00000003.00000002.2204985960.0000000000EF7000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.ni.pdbRSDScUN source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: System.ni.pdb source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: System.Core.ni.pdbRSDS source: WER9980.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Windows\exe\ydwx.pdb source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, NGtW9mR6Cee8uYqSK0.cs | High entropy of concatenated method names: 'fbXp4Gnw3s', 'bTIpX3VQcW', 'niUpRjoXv7', 'a9RpQlQiRj', 'pCQpGbEl8t', 'wKKpnTR70y', 'UvPpVc5VQX', 'cfLpCKfhbj', 'XxBpxXERkY', 'Wp5phDbj4d' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, uoIBHmFPkhUFQerbYn.cs | High entropy of concatenated method names: 'IPvl1OSdbU', 'iv6lAul8sA', 'S5LlrTwXBu', 'V7Ylev95Iv', 'zJllgLV9CA', 'Y1alJuhpQh', 'Qh8l00KHLF', 'idElN1XpTc', 'lFQlPjK4FR', 'CTZlWrKB1b' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, E1vSHmxrHlqTsNUgxd.cs | High entropy of concatenated method names: 'khju8BZm6S', 'QDoupOsxpD', 'neju5gp4nw', 'mVwuDXOurx', 'AP2ucO5ww1', 'GRguK3OTqw', 'WZyudkoDPA', 'r3Yuf2oba9', 'eiIu3tj5To', 'D0wuLrFvON' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, bmPJCkvxRZ0biGsWep.cs | High entropy of concatenated method names: 'CQF5ifFu1O', 'z1r5yTMuSr', 'Jne51G5GsZ', 'qDN5ACnGkE', 'aXa5m4YkqD', 'UIB5SWmRtN', 'kLQ5M8EbIt', 'zk65uthTdn', 'GMd59IoVYH', 'j8k5UAK3FE' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, N6InL94UlvEinA1O1jx.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'yj0U49BKSv', 'v5mUXYyE53', 'aElURRs8GJ', 'BC9UQENkDm', 'EdaUGmhS1w', 'EaLUnDRZLG', 'IVZUVw9SZ8' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, KC1wtZamGsktrMxJHS.cs | High entropy of concatenated method names: 'pn0K8bJKEB', 'EOBK5pPI7d', 'k2bKcpf5mt', 'YbTchGcGyZ', 'h3BczNr3Nu', 'UowKqlDMtE', 'QEOKjqCArh', 'kMtK75PnCB', 'PLAKFTZj3s', 'GBvKBcLiEU' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, YHZGZmtud5qs1b81Hm.cs | High entropy of concatenated method names: 'DTgcHSREws', 'bsNcbntoRV', 'WPqcZCDTS8', 'eB2ciple79', 'PNmcy64RGO', 'SrxcwpRAfn', 'VshcAZXE3r', 'lLtcEBS4PY', 'AW7BNL5uqdj42FSS8YN', 'LRJGFm5e0101PufXTiB' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, xp0TTnCEDMiZTN5mCF.cs | High entropy of concatenated method names: 'y7Q9jNlevm', 'CGe9FYJXIj', 'XaN9BGOJce', 'OWo9892RjW', 'BDK9pq19Ko', 'tNk9DrqBs7', 'cBk9cpg81D', 'SsnuVfEPXK', 'hUhuCEW7dP', 'EZruxC86D9' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, Dm2Aa1KN8NCRa2S116.cs | High entropy of concatenated method names: 'DqWmPgEVvI', 'JFFmTD6Gqt', 'stwm4tJnlB', 'TuvmXMIf2F', 'JGbmergLkt', 'GommtF6Qi6', 'JvOmgoqAOL', 'd1omJ8cZG2', 'v4CmaBHbeY', 'P0Am08FLAx' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, QrapHu4bTYdeWhiBv34.cs | High entropy of concatenated method names: 'MtL9bmEOyB', 'rYN9sVySMn', 'vu59ZQGavL', 'wIH9ijo2Zk', 'hv09Is9hsE', 'NM89yt9heb', 'wOh9w5ZT61', 'QgK91IctX3', 'fVm9AZ8bQt', 'O229Ej1HuM' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, A6MLiKBRyMujdf4xuU.cs | High entropy of concatenated method names: 'fZWjKlvPpC', 'qSkjdKtY9I', 'eX7j3Xgyf6', 'wmdjLK0VKJ', 'EvWjmNeVey', 'J5wjSxR61i', 'YpkW6iFQGX7lA4bpU7', 'hSc09BxJuG4rW8LpYM', 'RUBjj8mj5e', 'iALjF00D7I' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, ddU9BNIepTqiYiDSNe.cs | High entropy of concatenated method names: 'ToString', 'RgsSWurqnc', 'n0ZSeww0Ls', 'FPEStuSK6a', 'CcSSgCT38J', 'EVqSJjRUgb', 'B7bSalfqZ0', 'N7cS0xB4sq', 'mDASN606bI', 'QsrS6L6rCW' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, FyuJ0fZT8QkGKLbO0a.cs | High entropy of concatenated method names: 'MCpF2gwF2Y', 'QMFF83KnJV', 'OcxFp9x8lF', 'C9iF5RrC5r', 'WjoFDckhNi', 'ovlFc68W9Z', 'xr6FK2qnmD', 'k9XFdwKR7s', 'zyuFfnlxlU', 'RiTF3qyEGj' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, M0VWMlW1XLOoXZdsFT.cs | High entropy of concatenated method names: 'LlLM3LIay6', 'IeWMLxlH4M', 'ToString', 'YOnM8OKuFH', 'KXoMpZFTJN', 'cVfM5cmakJ', 'm7lMDD4ifU', 'sbnMc3QUNv', 'unWMK4hXTS', 'CGMMdaD4Ky' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, yHJiJiM1egwcK8Tpms.cs | High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'gel7xVHfat', 'frb7h5Advd', 'NcZ7zGW2qY', 'nkeFqlu1XR', 'pA3Fj3U7ke', 'UHHF7Ccixp', 'QMHFFM3s6b', 'En9uIYKcHWU07GO99rk' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, OjtXevgflriv064PBT.cs | High entropy of concatenated method names: 'tPZMC3O3kO', 'iXuMhrH52F', 'mfXuqnUD1d', 'mYHuj5empF', 'faJMWBPhxG', 'fLaMThJy9E', 'PdiMvm2o04', 'Hv3M4LbtKk', 'QbgMXtoM7Z', 'OErMReRsvY' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, N98lf8z4IoKp8QYGYE.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ueM9lq2ERr', 'Wnl9mFZwyT', 'Lqy9SiMUqR', 'TZ09MAwOjM', 'I4o9ut758p', 'F4V99DWYFC', 'CGv9U4rwfP' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, w5I2yQcLxXelSwIFPi.cs | High entropy of concatenated method names: 'Dispose', 'gPxjxhEliC', 'Ft87eEtsyT', 'vM1OOMEmqN', 'D3hjhAK1OW', 'Umojz1CJPs', 'ProcessDialogKey', 'zpt7qprMtj', 'NjZ7jHvBy1', 'H1e774lvat' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, IalQVsoXW2uguJbXwL.cs | High entropy of concatenated method names: 'UfoZNYu9T', 'LmYiIHLoh', 'EX9y4SqrO', 'xr1wfaOWF', 'BuTANytUO', 'Sx2EMARek', 'UevhZGJSnCMPgTlwcy', 'gwrG7uk1RM5IhjM7Mw', 'lkEuZPa5j', 'FG8Ullk38' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, zm8M94O2ty4UIhePqx.cs | High entropy of concatenated method names: 'prKKbYLagH', 'fc7KsNvH8V', 'xRZKZLUm2t', 'nxOKiO2eEr', 'uH8KIjPl0P', 'FNJKyJt4Ea', 'NuPKwXXeH4', 'y1yK1xsKJp', 'SYEKASAAUn', 'TWcKE8kZGM' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, itB6mEiuYAhrSJUq77.cs | High entropy of concatenated method names: 'WVYurkZDfk', 'kZEueuEPeT', 'iQ3utGpMgM', 'coHugOmDF2', 'ODPu4ZAJmf', 'HfeuJGgpE9', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.Purchase Order.exe.3d97540.8.raw.unpack, cqZD1FH9amU9k1wEc9.cs | High entropy of concatenated method names: 'YyNc2Zm8PF', 'l2KcpOuMZE', 'UwOcDg7ZQV', 'HnycK4dOti', 'XUpcdfgAEa', 'A6eDGhDvtV', 'kNbDnFaP9F', 'dFWDVOvPEu', 'OrqDCPREJ8', 'RFkDx4nTVe' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, NGtW9mR6Cee8uYqSK0.cs | High entropy of concatenated method names: 'fbXp4Gnw3s', 'bTIpX3VQcW', 'niUpRjoXv7', 'a9RpQlQiRj', 'pCQpGbEl8t', 'wKKpnTR70y', 'UvPpVc5VQX', 'cfLpCKfhbj', 'XxBpxXERkY', 'Wp5phDbj4d' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, uoIBHmFPkhUFQerbYn.cs | High entropy of concatenated method names: 'IPvl1OSdbU', 'iv6lAul8sA', 'S5LlrTwXBu', 'V7Ylev95Iv', 'zJllgLV9CA', 'Y1alJuhpQh', 'Qh8l00KHLF', 'idElN1XpTc', 'lFQlPjK4FR', 'CTZlWrKB1b' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, E1vSHmxrHlqTsNUgxd.cs | High entropy of concatenated method names: 'khju8BZm6S', 'QDoupOsxpD', 'neju5gp4nw', 'mVwuDXOurx', 'AP2ucO5ww1', 'GRguK3OTqw', 'WZyudkoDPA', 'r3Yuf2oba9', 'eiIu3tj5To', 'D0wuLrFvON' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, bmPJCkvxRZ0biGsWep.cs | High entropy of concatenated method names: 'CQF5ifFu1O', 'z1r5yTMuSr', 'Jne51G5GsZ', 'qDN5ACnGkE', 'aXa5m4YkqD', 'UIB5SWmRtN', 'kLQ5M8EbIt', 'zk65uthTdn', 'GMd59IoVYH', 'j8k5UAK3FE' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, N6InL94UlvEinA1O1jx.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'yj0U49BKSv', 'v5mUXYyE53', 'aElURRs8GJ', 'BC9UQENkDm', 'EdaUGmhS1w', 'EaLUnDRZLG', 'IVZUVw9SZ8' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, KC1wtZamGsktrMxJHS.cs | High entropy of concatenated method names: 'pn0K8bJKEB', 'EOBK5pPI7d', 'k2bKcpf5mt', 'YbTchGcGyZ', 'h3BczNr3Nu', 'UowKqlDMtE', 'QEOKjqCArh', 'kMtK75PnCB', 'PLAKFTZj3s', 'GBvKBcLiEU' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, YHZGZmtud5qs1b81Hm.cs | High entropy of concatenated method names: 'DTgcHSREws', 'bsNcbntoRV', 'WPqcZCDTS8', 'eB2ciple79', 'PNmcy64RGO', 'SrxcwpRAfn', 'VshcAZXE3r', 'lLtcEBS4PY', 'AW7BNL5uqdj42FSS8YN', 'LRJGFm5e0101PufXTiB' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, xp0TTnCEDMiZTN5mCF.cs | High entropy of concatenated method names: 'y7Q9jNlevm', 'CGe9FYJXIj', 'XaN9BGOJce', 'OWo9892RjW', 'BDK9pq19Ko', 'tNk9DrqBs7', 'cBk9cpg81D', 'SsnuVfEPXK', 'hUhuCEW7dP', 'EZruxC86D9' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, Dm2Aa1KN8NCRa2S116.cs | High entropy of concatenated method names: 'DqWmPgEVvI', 'JFFmTD6Gqt', 'stwm4tJnlB', 'TuvmXMIf2F', 'JGbmergLkt', 'GommtF6Qi6', 'JvOmgoqAOL', 'd1omJ8cZG2', 'v4CmaBHbeY', 'P0Am08FLAx' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, QrapHu4bTYdeWhiBv34.cs | High entropy of concatenated method names: 'MtL9bmEOyB', 'rYN9sVySMn', 'vu59ZQGavL', 'wIH9ijo2Zk', 'hv09Is9hsE', 'NM89yt9heb', 'wOh9w5ZT61', 'QgK91IctX3', 'fVm9AZ8bQt', 'O229Ej1HuM' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, A6MLiKBRyMujdf4xuU.cs | High entropy of concatenated method names: 'fZWjKlvPpC', 'qSkjdKtY9I', 'eX7j3Xgyf6', 'wmdjLK0VKJ', 'EvWjmNeVey', 'J5wjSxR61i', 'YpkW6iFQGX7lA4bpU7', 'hSc09BxJuG4rW8LpYM', 'RUBjj8mj5e', 'iALjF00D7I' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, ddU9BNIepTqiYiDSNe.cs | High entropy of concatenated method names: 'ToString', 'RgsSWurqnc', 'n0ZSeww0Ls', 'FPEStuSK6a', 'CcSSgCT38J', 'EVqSJjRUgb', 'B7bSalfqZ0', 'N7cS0xB4sq', 'mDASN606bI', 'QsrS6L6rCW' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, FyuJ0fZT8QkGKLbO0a.cs | High entropy of concatenated method names: 'MCpF2gwF2Y', 'QMFF83KnJV', 'OcxFp9x8lF', 'C9iF5RrC5r', 'WjoFDckhNi', 'ovlFc68W9Z', 'xr6FK2qnmD', 'k9XFdwKR7s', 'zyuFfnlxlU', 'RiTF3qyEGj' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, M0VWMlW1XLOoXZdsFT.cs | High entropy of concatenated method names: 'LlLM3LIay6', 'IeWMLxlH4M', 'ToString', 'YOnM8OKuFH', 'KXoMpZFTJN', 'cVfM5cmakJ', 'm7lMDD4ifU', 'sbnMc3QUNv', 'unWMK4hXTS', 'CGMMdaD4Ky' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, yHJiJiM1egwcK8Tpms.cs | High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'gel7xVHfat', 'frb7h5Advd', 'NcZ7zGW2qY', 'nkeFqlu1XR', 'pA3Fj3U7ke', 'UHHF7Ccixp', 'QMHFFM3s6b', 'En9uIYKcHWU07GO99rk' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, OjtXevgflriv064PBT.cs | High entropy of concatenated method names: 'tPZMC3O3kO', 'iXuMhrH52F', 'mfXuqnUD1d', 'mYHuj5empF', 'faJMWBPhxG', 'fLaMThJy9E', 'PdiMvm2o04', 'Hv3M4LbtKk', 'QbgMXtoM7Z', 'OErMReRsvY' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, N98lf8z4IoKp8QYGYE.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ueM9lq2ERr', 'Wnl9mFZwyT', 'Lqy9SiMUqR', 'TZ09MAwOjM', 'I4o9ut758p', 'F4V99DWYFC', 'CGv9U4rwfP' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, w5I2yQcLxXelSwIFPi.cs | High entropy of concatenated method names: 'Dispose', 'gPxjxhEliC', 'Ft87eEtsyT', 'vM1OOMEmqN', 'D3hjhAK1OW', 'Umojz1CJPs', 'ProcessDialogKey', 'zpt7qprMtj', 'NjZ7jHvBy1', 'H1e774lvat' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, IalQVsoXW2uguJbXwL.cs | High entropy of concatenated method names: 'UfoZNYu9T', 'LmYiIHLoh', 'EX9y4SqrO', 'xr1wfaOWF', 'BuTANytUO', 'Sx2EMARek', 'UevhZGJSnCMPgTlwcy', 'gwrG7uk1RM5IhjM7Mw', 'lkEuZPa5j', 'FG8Ullk38' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, zm8M94O2ty4UIhePqx.cs | High entropy of concatenated method names: 'prKKbYLagH', 'fc7KsNvH8V', 'xRZKZLUm2t', 'nxOKiO2eEr', 'uH8KIjPl0P', 'FNJKyJt4Ea', 'NuPKwXXeH4', 'y1yK1xsKJp', 'SYEKASAAUn', 'TWcKE8kZGM' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, itB6mEiuYAhrSJUq77.cs | High entropy of concatenated method names: 'WVYurkZDfk', 'kZEueuEPeT', 'iQ3utGpMgM', 'coHugOmDF2', 'ODPu4ZAJmf', 'HfeuJGgpE9', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.Purchase Order.exe.6e80000.12.raw.unpack, cqZD1FH9amU9k1wEc9.cs | High entropy of concatenated method names: 'YyNc2Zm8PF', 'l2KcpOuMZE', 'UwOcDg7ZQV', 'HnycK4dOti', 'XUpcdfgAEa', 'A6eDGhDvtV', 'kNbDnFaP9F', 'dFWDVOvPEu', 'OrqDCPREJ8', 'RFkDx4nTVe' |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: Amcache.hve.6.dr | Binary or memory string: VMware |
Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.6.dr | Binary or memory string: vmci.syshbin |
Source: Amcache.hve.6.dr | Binary or memory string: VMware, Inc. |
Source: Amcache.hve.6.dr | Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.6.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.6.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.6.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.6.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.6.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.6.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.6.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Purchase Order.exe, 00000003.00000002.2205222662.0000000001240000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: Amcache.hve.6.dr | Binary or memory string: vmci.sys |
Source: Amcache.hve.6.dr | Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.6.dr | Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.6.dr | Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.6.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.6.dr | Binary or memory string: VMware20,1 |
Source: Amcache.hve.6.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.6.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.6.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.6.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.6.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.6.dr | Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.6.dr | Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.6.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.6.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |