Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.924388701.0000000002AB1000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.924388701.0000000002AB1000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.924388701.0000000002AB1000.00000004.00000001.sdmp |
String found in binary or memory: http://oTGuDm.com |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.924388701.0000000002AB1000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.924894293.0000000002E30000.00000004.00000001.sdmp |
String found in binary or memory: http://smtp.divasvalves.com |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.924894293.0000000002E30000.00000004.00000001.sdmp |
String found in binary or memory: http://us2.smtp.mailhostbox.com |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.924874628.0000000002E2A000.00000004.00000001.sdmp, New Inquiry015 02-12-2020.exe, 00000001.00000002.924894293.0000000002E30000.00000004.00000001.sdmp, New Inquiry015 02-12-2020.exe, 00000001.00000002.924919189.0000000002E3B000.00000004.00000001.sdmp |
String found in binary or memory: https://K10aXlbvtt.com |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.924388701.0000000002AB1000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.924388701.0000000002AB1000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org/ |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.924388701.0000000002AB1000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.orgGETMozilla/5.0 |
Source: New Inquiry015 02-12-2020.exe, 00000000.00000002.664540986.00000000041B9000.00000004.00000001.sdmp, New Inquiry015 02-12-2020.exe, 00000001.00000002.922075853.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://api.telegram.org/bot%telegramapi%/ |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.924388701.0000000002AB1000.00000004.00000001.sdmp |
String found in binary or memory: https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x |
Source: New Inquiry015 02-12-2020.exe, 00000000.00000002.664540986.00000000041B9000.00000004.00000001.sdmp, New Inquiry015 02-12-2020.exe, 00000001.00000002.922075853.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.924388701.0000000002AB1000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 0_2_0186A458 |
0_2_0186A458 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 0_2_0186A908 |
0_2_0186A908 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 0_2_01869CF0 |
0_2_01869CF0 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 0_2_01867F70 |
0_2_01867F70 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 0_2_018669F8 |
0_2_018669F8 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 0_2_01867F7F |
0_2_01867F7F |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 0_2_00E8AFE1 |
0_2_00E8AFE1 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_3_00F059E8 |
1_3_00F059E8 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_3_00F059E8 |
1_3_00F059E8 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_3_00F07A6D |
1_3_00F07A6D |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_3_00F07A6D |
1_3_00F07A6D |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_3_00F059E8 |
1_3_00F059E8 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_3_00F059E8 |
1_3_00F059E8 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_3_00F07A6D |
1_3_00F07A6D |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_3_00F07A6D |
1_3_00F07A6D |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_2_01074860 |
1_2_01074860 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_2_0107479C |
1_2_0107479C |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_2_0107DBE0 |
1_2_0107DBE0 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_2_0066AFE1 |
1_2_0066AFE1 |
Source: New Inquiry015 02-12-2020.exe, 00000000.00000002.664540986.00000000041B9000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameGlaxoSmithKline.dll@ vs New Inquiry015 02-12-2020.exe |
Source: New Inquiry015 02-12-2020.exe, 00000000.00000002.664540986.00000000041B9000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameWIYmGNmapMQZHggtdqutGY.exe4 vs New Inquiry015 02-12-2020.exe |
Source: New Inquiry015 02-12-2020.exe, 00000000.00000002.663286315.0000000000F26000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameComparison.exe@ vs New Inquiry015 02-12-2020.exe |
Source: New Inquiry015 02-12-2020.exe, 00000000.00000002.670641867.0000000026FC0000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameNT1.dll, vs New Inquiry015 02-12-2020.exe |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.922245030.0000000000706000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameComparison.exe@ vs New Inquiry015 02-12-2020.exe |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.922075853.0000000000402000.00000040.00000001.sdmp |
Binary or memory string: OriginalFilenameWIYmGNmapMQZHggtdqutGY.exe4 vs New Inquiry015 02-12-2020.exe |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.922937289.0000000000E1A000.00000004.00000020.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs New Inquiry015 02-12-2020.exe |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.929285312.0000000006000000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamewshom.ocx vs New Inquiry015 02-12-2020.exe |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.929035704.0000000005BA0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamewshom.ocx.mui vs New Inquiry015 02-12-2020.exe |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.922306655.0000000000AF8000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameUNKNOWN_FILET vs New Inquiry015 02-12-2020.exe |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.929737664.0000000006960000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemscorrc.dllT vs New Inquiry015 02-12-2020.exe |
Source: New Inquiry015 02-12-2020.exe |
Binary or memory string: OriginalFilenameComparison.exe@ vs New Inquiry015 02-12-2020.exe |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 0_2_0186C870 push esp; retf |
0_2_0186C871 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_3_00F0C8D5 pushad ; iretd |
1_3_00F0C8D6 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_3_00F0C8D5 pushad ; iretd |
1_3_00F0C8D6 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_3_00F09715 pushad ; iretd |
1_3_00F09716 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_3_00F09715 pushad ; iretd |
1_3_00F09716 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_3_00F0C8D5 pushad ; iretd |
1_3_00F0C8D6 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_3_00F0C8D5 pushad ; iretd |
1_3_00F0C8D6 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_3_00F09715 pushad ; iretd |
1_3_00F09716 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Code function: 1_3_00F09715 pushad ; iretd |
1_3_00F09716 |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: New Inquiry015 02-12-2020.exe, 00000000.00000002.664139555.00000000031B1000.00000004.00000001.sdmp |
Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: New Inquiry015 02-12-2020.exe, 00000000.00000002.664139555.00000000031B1000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: New Inquiry015 02-12-2020.exe, 00000000.00000002.664139555.00000000031B1000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II |
Source: New Inquiry015 02-12-2020.exe, 00000001.00000002.923060743.0000000000E94000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: New Inquiry015 02-12-2020.exe, 00000000.00000002.664139555.00000000031B1000.00000004.00000001.sdmp |
Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Queries volume information: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Queries volume information: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\New Inquiry015 02-12-2020.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |