Source: Purchase_Order-Documents.exe, 00000006.00000002.499561789.0000000003231000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: Purchase_Order-Documents.exe, 00000006.00000002.499561789.0000000003231000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: Purchase_Order-Documents.exe, 00000006.00000002.501834551.00000000034E9000.00000004.00000001.sdmp |
String found in binary or memory: http://mail.cuulongcorp.com.vn |
Source: Purchase_Order-Documents.exe, 00000001.00000002.242382284.0000000002C31000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Purchase_Order-Documents.exe, 00000006.00000002.499561789.0000000003231000.00000004.00000001.sdmp |
String found in binary or memory: http://vfhLbj.com |
Source: Purchase_Order-Documents.exe, 00000006.00000002.499561789.0000000003231000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.orgGETMozilla/5.0 |
Source: Purchase_Order-Documents.exe, 00000001.00000002.243729384.0000000003C8B000.00000004.00000001.sdmp, Purchase_Order-Documents.exe, 00000006.00000002.496530839.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://api.telegram.org/bot%telegramapi%/ |
Source: Purchase_Order-Documents.exe, 00000006.00000002.499561789.0000000003231000.00000004.00000001.sdmp |
String found in binary or memory: https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x |
Source: Purchase_Order-Documents.exe, 00000006.00000002.499561789.0000000003231000.00000004.00000001.sdmp, Purchase_Order-Documents.exe, 00000006.00000002.501881878.00000000034F8000.00000004.00000001.sdmp |
String found in binary or memory: https://fMYs0MG0mK9Y4AIBA2r.org |
Source: Purchase_Order-Documents.exe, 00000001.00000002.243391572.0000000003062000.00000004.00000001.sdmp |
String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: Purchase_Order-Documents.exe, 00000001.00000002.243729384.0000000003C8B000.00000004.00000001.sdmp, Purchase_Order-Documents.exe, 00000006.00000002.496530839.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: Purchase_Order-Documents.exe, 00000006.00000002.499561789.0000000003231000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007ED21B |
1_2_007ED21B |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_01240478 |
1_2_01240478 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_01241191 |
1_2_01241191 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_0124C0B0 |
1_2_0124C0B0 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_0124EA90 |
1_2_0124EA90 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_0E88CC73 |
1_2_0E88CC73 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_0E880007 |
1_2_0E880007 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_0E880040 |
1_2_0E880040 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_0E883902 |
1_2_0E883902 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007E38AA |
1_2_007E38AA |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007EDD0A |
1_2_007EDD0A |
Source: Purchase_Order-Documents.exe |
Binary or memory string: OriginalFilename vs Purchase_Order-Documents.exe |
Source: Purchase_Order-Documents.exe, 00000001.00000002.247747965.000000000A2F0000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameAsyncState.dllF vs Purchase_Order-Documents.exe |
Source: Purchase_Order-Documents.exe, 00000001.00000000.227945843.00000000007E2000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameValueCollection.exeF vs Purchase_Order-Documents.exe |
Source: Purchase_Order-Documents.exe, 00000001.00000002.248975157.000000000E740000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameLegacyPathHandling.dllN vs Purchase_Order-Documents.exe |
Source: Purchase_Order-Documents.exe, 00000001.00000002.250389729.000000000F000000.00000002.00000001.sdmp |
Binary or memory string: originalfilename vs Purchase_Order-Documents.exe |
Source: Purchase_Order-Documents.exe, 00000001.00000002.250389729.000000000F000000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs Purchase_Order-Documents.exe |
Source: Purchase_Order-Documents.exe, 00000001.00000002.243729384.0000000003C8B000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenamePmfeIdaSFDCkBULKXtdgtBb.exe4 vs Purchase_Order-Documents.exe |
Source: Purchase_Order-Documents.exe, 00000001.00000002.249765193.000000000EF10000.00000002.00000001.sdmp |
Binary or memory string: System.OriginalFileName vs Purchase_Order-Documents.exe |
Source: Purchase_Order-Documents.exe, 00000006.00000002.504526509.00000000064B0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemscorrc.dllT vs Purchase_Order-Documents.exe |
Source: Purchase_Order-Documents.exe, 00000006.00000002.496530839.0000000000402000.00000040.00000001.sdmp |
Binary or memory string: OriginalFilenamePmfeIdaSFDCkBULKXtdgtBb.exe4 vs Purchase_Order-Documents.exe |
Source: Purchase_Order-Documents.exe, 00000006.00000002.497290648.0000000001138000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameUNKNOWN_FILET vs Purchase_Order-Documents.exe |
Source: Purchase_Order-Documents.exe, 00000006.00000002.496848788.0000000000CD2000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameValueCollection.exeF vs Purchase_Order-Documents.exe |
Source: Purchase_Order-Documents.exe |
Binary or memory string: OriginalFilenameValueCollection.exeF vs Purchase_Order-Documents.exe |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F42CE push cs; retf |
1_2_007F431A |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F42BC push cs; retf |
1_2_007F42CC |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F42A4 push cs; retf |
1_2_007F42B4 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F3B7E push es; retf |
1_2_007F3D8C |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F477E push ss; retf |
1_2_007F4788 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F3D7C push es; retf |
1_2_007F3D8C |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F4772 push ss; retf |
1_2_007F477C |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F4760 push ss; retf |
1_2_007F4770 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F475A push ss; retf |
1_2_007F475E |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F431C push cs; retf |
1_2_007F4320 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F4B14 push ds; retf |
1_2_007F4BCC |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F3DE8 push es; retf |
1_2_007F3E2E |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F47D2 push ss; retf |
1_2_007F47E8 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F4BCE push ds; retf |
1_2_007F4BD2 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F3DC4 push es; retf |
1_2_007F3DE6 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F4BB6 push ds; retf |
1_2_007F4BCC |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F4BB0 push ds; retf |
1_2_007F4BB4 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F3DA6 push es; retf |
1_2_007F3DC2 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F479C push ss; retf |
1_2_007F47D0 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F3D8E push es; retf |
1_2_007F3DA4 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_007F478A push ss; retf |
1_2_007F479A |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_0E885645 push cs; ret |
1_2_0E88564C |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Code function: 1_2_0E8870BB push edi; iretd |
1_2_0E8870D6 |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Purchase_Order-Documents.exe, 00000001.00000002.243391572.0000000003062000.00000004.00000001.sdmp |
Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Purchase_Order-Documents.exe, 00000001.00000002.243391572.0000000003062000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: Purchase_Order-Documents.exe, 00000001.00000002.249504544.000000000E898000.00000004.00000001.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_&B |
Source: Purchase_Order-Documents.exe, 00000001.00000002.243391572.0000000003062000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II |
Source: Purchase_Order-Documents.exe, 00000006.00000003.456966772.0000000001454000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: Purchase_Order-Documents.exe, 00000001.00000002.243391572.0000000003062000.00000004.00000001.sdmp |
Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Users\user\Desktop\Purchase_Order-Documents.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Users\user\Desktop\Purchase_Order-Documents.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase_Order-Documents.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 00000006.00000002.496530839.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000006.00000002.499561789.0000000003231000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.243729384.0000000003C8B000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Purchase_Order-Documents.exe PID: 6732, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Purchase_Order-Documents.exe PID: 6536, type: MEMORY |
Source: Yara match |
File source: 1.2.Purchase_Order-Documents.exe.3f47870.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 6.2.Purchase_Order-Documents.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.Purchase_Order-Documents.exe.3f47870.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.Purchase_Order-Documents.exe.3e493c0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.Purchase_Order-Documents.exe.3ded5a0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000006.00000002.496530839.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000006.00000002.499561789.0000000003231000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.243729384.0000000003C8B000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Purchase_Order-Documents.exe PID: 6732, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Purchase_Order-Documents.exe PID: 6536, type: MEMORY |
Source: Yara match |
File source: 1.2.Purchase_Order-Documents.exe.3f47870.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 6.2.Purchase_Order-Documents.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.Purchase_Order-Documents.exe.3f47870.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.Purchase_Order-Documents.exe.3e493c0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.Purchase_Order-Documents.exe.3ded5a0.3.raw.unpack, type: UNPACKEDPE |