Source: New PO #0164522433 JAN 2021.gz.exe, 00000002.00000002.578256610.00000000033F1000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000002.00000002.578256610.00000000033F1000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000002.00000002.578256610.00000000033F1000.00000004.00000001.sdmp | String found in binary or memory: http://mWLzHd.com |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000002.00000002.578256610.00000000033F1000.00000004.00000001.sdmp | String found in binary or memory: https://api.ipify.org% |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000002.00000002.578256610.00000000033F1000.00000004.00000001.sdmp | String found in binary or memory: https://api.ipify.org%GETMozilla/5.0 |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000001.00000002.226167520.0000000004179000.00000004.00000001.sdmp, New PO #0164522433 JAN 2021.gz.exe, 00000002.00000002.572261277.0000000000402000.00000040.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000002.00000002.578256610.00000000033F1000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Code function: 1_2_00BA9013 | 1_2_00BA9013 |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Code function: 1_2_030EC62C | 1_2_030EC62C |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Code function: 1_2_030EE890 | 1_2_030EE890 |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Code function: 1_2_030EE8A0 | 1_2_030EE8A0 |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Code function: 2_2_00F09013 | 2_2_00F09013 |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Code function: 2_2_0149094E | 2_2_0149094E |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Code function: 2_2_01490F80 | 2_2_01490F80 |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Code function: 2_2_0149A602 | 2_2_0149A602 |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Code function: 2_2_0149A2D0 | 2_2_0149A2D0 |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Code function: 2_2_014C4100 | 2_2_014C4100 |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Code function: 2_2_014C62D0 | 2_2_014C62D0 |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Code function: 2_2_014C0668 | 2_2_014C0668 |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Code function: 2_2_014C19B8 | 2_2_014C19B8 |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Code function: 2_2_014C8A48 | 2_2_014C8A48 |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Code function: 2_2_01506068 | 2_2_01506068 |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Code function: 2_2_01501500 | 2_2_01501500 |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000001.00000002.223605162.0000000000C6C000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameEventSourceException.exe@ vs New PO #0164522433 JAN 2021.gz.exe |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000001.00000002.224369060.0000000003171000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameSoapName.dll2 vs New PO #0164522433 JAN 2021.gz.exe |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000001.00000002.224369060.0000000003171000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameDEBppvHXdgcoxrhnKZalEBYtvqYaM.exe4 vs New PO #0164522433 JAN 2021.gz.exe |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000001.00000002.226167520.0000000004179000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamePositiveSign.dll< vs New PO #0164522433 JAN 2021.gz.exe |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000001.00000002.223823052.000000000132B000.00000004.00000020.sdmp | Binary or memory string: OriginalFilenameclr.dllT vs New PO #0164522433 JAN 2021.gz.exe |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000002.00000000.222934806.0000000000FCC000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameEventSourceException.exe@ vs New PO #0164522433 JAN 2021.gz.exe |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000002.00000002.573629913.0000000001358000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameUNKNOWN_FILET vs New PO #0164522433 JAN 2021.gz.exe |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000002.00000002.572733398.0000000000438000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenameDEBppvHXdgcoxrhnKZalEBYtvqYaM.exe4 vs New PO #0164522433 JAN 2021.gz.exe |
Source: New PO #0164522433 JAN 2021.gz.exe | Binary or memory string: OriginalFilenameEventSourceException.exe@ vs New PO #0164522433 JAN 2021.gz.exe |
Source: New PO #0164522433 JAN 2021.gz.exe, LoaderInformation.cs | .Net Code: SafeFileMappingHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 1.2.New PO #0164522433 JAN 2021.gz.exe.ba0000.0.unpack, LoaderInformation.cs | .Net Code: SafeFileMappingHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 1.0.New PO #0164522433 JAN 2021.gz.exe.ba0000.0.unpack, LoaderInformation.cs | .Net Code: SafeFileMappingHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 2.0.New PO #0164522433 JAN 2021.gz.exe.f00000.0.unpack, LoaderInformation.cs | .Net Code: SafeFileMappingHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 2.2.New PO #0164522433 JAN 2021.gz.exe.f00000.1.unpack, LoaderInformation.cs | .Net Code: SafeFileMappingHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000001.00000002.224369060.0000000003171000.00000004.00000001.sdmp | Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000001.00000002.224369060.0000000003171000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000001.00000002.224369060.0000000003171000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000001.00000002.224369060.0000000003171000.00000004.00000001.sdmp | Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000002.00000002.577700823.0000000001DF0000.00000002.00000001.sdmp | Binary or memory string: Program Manager |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000002.00000002.577700823.0000000001DF0000.00000002.00000001.sdmp | Binary or memory string: Shell_TrayWnd |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000002.00000002.577700823.0000000001DF0000.00000002.00000001.sdmp | Binary or memory string: Progman |
Source: New PO #0164522433 JAN 2021.gz.exe, 00000002.00000002.577700823.0000000001DF0000.00000002.00000001.sdmp | Binary or memory string: Progmanlock |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Queries volume information: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Queries volume information: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\New PO #0164522433 JAN 2021.gz.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: Yara match | File source: 00000002.00000002.578500355.0000000003443000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.572261277.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.226167520.0000000004179000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: New PO #0164522433 JAN 2021.gz.exe PID: 1288, type: MEMORY |
Source: Yara match | File source: Process Memory Space: New PO #0164522433 JAN 2021.gz.exe PID: 6120, type: MEMORY |
Source: Yara match | File source: 2.2.New PO #0164522433 JAN 2021.gz.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000002.00000002.578500355.0000000003443000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.572261277.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.226167520.0000000004179000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: New PO #0164522433 JAN 2021.gz.exe PID: 1288, type: MEMORY |
Source: Yara match | File source: Process Memory Space: New PO #0164522433 JAN 2021.gz.exe PID: 6120, type: MEMORY |
Source: Yara match | File source: 2.2.New PO #0164522433 JAN 2021.gz.exe.400000.0.unpack, type: UNPACKEDPE |