Loading ...

Play interactive tourEdit tour

Analysis Report pd9EeXdsQtNb3dQ.exe

Overview

General Information

Sample Name:pd9EeXdsQtNb3dQ.exe
Analysis ID:404170
MD5:3dad3d4918e28ded77c3e2e93a42665f
SHA1:8b16dba4992b75a303f63a09d8a41ac99f28ce5c
SHA256:1b61b157db50652678e1e288cfce86f6c74e40f50a468f6d04d0010c84235210
Tags:AgentTeslaexe
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
Injects a PE file into a foreign processes
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Antivirus or Machine Learning detection for unpacked file
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • pd9EeXdsQtNb3dQ.exe (PID: 6472 cmdline: 'C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exe' MD5: 3DAD3D4918E28DED77C3E2E93A42665F)
    • pd9EeXdsQtNb3dQ.exe (PID: 6620 cmdline: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exe MD5: 3DAD3D4918E28DED77C3E2E93A42665F)
    • pd9EeXdsQtNb3dQ.exe (PID: 6636 cmdline: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exe MD5: 3DAD3D4918E28DED77C3E2E93A42665F)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "office5@iykmoreentrprise.orgrwkWCM328mail.iykmoreentrprise.org"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.587167948.0000000003031000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000003.00000002.587167948.0000000003031000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000000.00000002.333313035.00000000037F9000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000003.00000002.582976077.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000000.00000002.332108343.0000000002848000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.pd9EeXdsQtNb3dQ.exe.390c790.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              3.2.pd9EeXdsQtNb3dQ.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                0.2.pd9EeXdsQtNb3dQ.exe.390c790.3.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

                  Sigma Overview

                  No Sigma rule has matched

                  Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Found malware configurationShow sources
                  Source: 3.2.pd9EeXdsQtNb3dQ.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "office5@iykmoreentrprise.orgrwkWCM328mail.iykmoreentrprise.org"}
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: pd9EeXdsQtNb3dQ.exeVirustotal: Detection: 14%Perma Link
                  Source: pd9EeXdsQtNb3dQ.exeReversingLabs: Detection: 51%
                  Source: 3.2.pd9EeXdsQtNb3dQ.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                  Source: pd9EeXdsQtNb3dQ.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                  Source: pd9EeXdsQtNb3dQ.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                  Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\megrKadQRn\src\obj\Debug\IMethodMessage.pdb source: pd9EeXdsQtNb3dQ.exe
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_059ED9A0
                  Source: global trafficTCP traffic: 192.168.2.6:49749 -> 66.70.204.222:587
                  Source: Joe Sandbox ViewIP Address: 66.70.204.222 66.70.204.222
                  Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
                  Source: global trafficTCP traffic: 192.168.2.6:49749 -> 66.70.204.222:587
                  Source: unknownDNS traffic detected: queries for: mail.iykmoreentrprise.org
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.587167948.0000000003031000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.587167948.0000000003031000.00000004.00000001.sdmpString found in binary or memory: http://DXvqav.com
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.587167948.0000000003031000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.588712219.0000000003398000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.588755539.00000000033A6000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.588712219.0000000003398000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.588712219.0000000003398000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.588712219.0000000003398000.00000004.00000001.sdmpString found in binary or memory: http://iykmoreentrprise.org
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.588712219.0000000003398000.00000004.00000001.sdmpString found in binary or memory: http://mail.iykmoreentrprise.org
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.588755539.00000000033A6000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.588755539.00000000033A6000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.org0
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.331949813.00000000027F1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: pd9EeXdsQtNb3dQ.exeString found in binary or memory: http://tempuri.org/Shops_DBDataSet.xsd
                  Source: pd9EeXdsQtNb3dQ.exeString found in binary or memory: http://tempuri.org/Shops_DBDataSet.xsd9WinForms_RecursiveFormCreate5WinForms_SeeInnerExceptionGPrope
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.587167948.0000000003031000.00000004.00000001.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000002.588834930.00000000033C6000.00000004.00000001.sdmpString found in binary or memory: https://NtZtA8FE2WmoFQd.com
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.587167948.0000000003031000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%$
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.587167948.0000000003031000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.332108343.0000000002848000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.333313035.00000000037F9000.00000004.00000001.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000002.582976077.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.587167948.0000000003031000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_0533F9680_2_0533F968
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_0533E0480_2_0533E048
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_0533EA680_2_0533EA68
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_0533E5200_2_0533E520
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_05338DC00_2_05338DC0
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_0533CC400_2_0533CC40
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_0533D7E00_2_0533D7E0
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_053329B00_2_053329B0
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_053329A00_2_053329A0
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_053331F80_2_053331F8
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E21C80_2_059E21C8
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E2D680_2_059E2D68
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059EE3D80_2_059EE3D8
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E21BA0_2_059E21BA
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E69F50_2_059E69F5
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E09080_2_059E0908
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E09060_2_059E0906
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E1D380_2_059E1D38
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E1D280_2_059E1D28
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E2CB90_2_059E2CB9
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E78080_2_059E7808
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E63CD0_2_059E63CD
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E77F90_2_059E77F9
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E93F00_2_059E93F0
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E73100_2_059E7310
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E1B300_2_059E1B30
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E73200_2_059E7320
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E1B200_2_059E1B20
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E7AE80_2_059E7AE8
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_0135B9983_2_0135B998
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_0135972D3_2_0135972D
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_013557003_2_01355700
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_013569603_2_01356960
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_013C20203_2_013C2020
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_013CAB703_2_013CAB70
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_013C2F6D3_2_013C2F6D
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_013C26183_2_013C2618
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_013CB6683_2_013CB668
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_013CF1173_2_013CF117
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_013CDBF83_2_013CDBF8
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_014183883_2_01418388
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_01413A783_2_01413A78
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_014162883_2_01416288
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_014194603_2_01419460
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_0141E6503_2_0141E650
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_0141613A3_2_0141613A
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_0141E2603_2_0141E260
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_014156203_2_01415620
                  Source: pd9EeXdsQtNb3dQ.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.333313035.00000000037F9000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamekwwXmjSlWzClvYrsuIIfArLMqOg.exe4 vs pd9EeXdsQtNb3dQ.exe
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.333313035.00000000037F9000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDSASignature.dll@ vs pd9EeXdsQtNb3dQ.exe
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.331949813.00000000027F1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSimpleUI.dll( vs pd9EeXdsQtNb3dQ.exe
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000000.317330341.0000000000568000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameIMethodMessage.exe: vs pd9EeXdsQtNb3dQ.exe
                  Source: pd9EeXdsQtNb3dQ.exe, 00000002.00000002.327814127.0000000000568000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameIMethodMessage.exe: vs pd9EeXdsQtNb3dQ.exe
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328988968.0000000000CC8000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameIMethodMessage.exe: vs pd9EeXdsQtNb3dQ.exe
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.584799956.0000000001420000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs pd9EeXdsQtNb3dQ.exe
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.585395067.00000000014F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs pd9EeXdsQtNb3dQ.exe
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.582976077.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamekwwXmjSlWzClvYrsuIIfArLMqOg.exe4 vs pd9EeXdsQtNb3dQ.exe
                  Source: pd9EeXdsQtNb3dQ.exe, 00000003.00000002.583993167.00000000010F8000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs pd9EeXdsQtNb3dQ.exe
                  Source: pd9EeXdsQtNb3dQ.exeBinary or memory string: OriginalFilenameIMethodMessage.exe: vs pd9EeXdsQtNb3dQ.exe
                  Source: pd9EeXdsQtNb3dQ.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@2/1
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\pd9EeXdsQtNb3dQ.exe.logJump to behavior
                  Source: pd9EeXdsQtNb3dQ.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [dbo].[categories] ([CateryName], [Description], [Picture]) VALUES (@CateryName, @Description, @Picture);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: UPDATE [creditors] SET [OrderID] = @OrderID, [SupplierID] = @SupplierID, [EmployeeID] = @EmployeeID, [AmountDue] = @AmountDue, [CompletePayments] = @CompletePayments WHERE (([OrderID] = @Original_OrderID) AND ([SupplierID] = @Original_SupplierID) AND ([EmployeeID] = @Original_EmployeeID) AND ([AmountDue] = @Original_AmountDue) AND ([CompletePayments] = @Original_CompletePayments));
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: UPDATE [ExpenseType] SET [TypeName] = @TypeName, [Description] = @Description, [CreatedBy] = @CreatedBy, [CreatedDate] = @CreatedDate, [ModifiedBy] = @ModifiedBy, [ModifiedDate] = @ModifiedDate WHERE (([Id] = @Original_Id) AND ([TypeName] = @Original_TypeName) AND ((@IsNull_Description = 1 AND [Description] IS NULL) OR ([Description] = @Original_Description)) AND ((@IsNull_CreatedBy = 1 AND [CreatedBy] IS NULL) OR ([CreatedBy] = @Original_CreatedBy)) AND ((@IsNull_CreatedDate = 1 AND [CreatedDate] IS NULL) OR ([CreatedDate] = @Original_CreatedDate)) AND ((@IsNull_ModifiedBy = 1 AND [ModifiedBy] IS NULL) OR ([ModifiedBy] = @Original_ModifiedBy)) AND ((@IsNull_ModifiedDate = 1 AND [ModifiedDate] IS NULL) OR ([ModifiedDate] = @Original_ModifiedDate)));
                  Source: pd9EeXdsQtNb3dQ.exeBinary or memory string: INSERT INTO [usergroups] ([GroupName], [Description], [GroupMenus]) VALUES (@GroupName, @Description, @GroupMenus); SELECT GroupID
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.332108343.0000000002848000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE id=@id;
                  Source: pd9EeXdsQtNb3dQ.exeBinary or memory string: INSERT INTO [dbo].[tblMenu] ([menuName], [menuText]) VALUES (@menuName, @menuText); SELECT menuID, menuName, menuText FROM tblMenu
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [products] ([ProductCode], [ProductName], [CategoryID], [UnitPrice], [UnitsInStock], [ReorderLevel], [Discontinued], [Description], [LocationID], [Discount], [WHUnitPrice], [AvgCost]) VALUES (@ProductCode, @ProductName, @CategoryID, @UnitPrice, @UnitsInStock, @ReorderLevel, @Discontinued, @Description, @LocationID, @Discount, @WHUnitPrice, @AvgCost);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: UPDATE [ExpiryDates] SET [ProductID] = @ProductID, [Quantity] = @Quantity, [ExpiryDate] = @ExpiryDate, [OrderDetailsID] = @OrderDetailsID WHERE (([ExpiryDateID] = @Original_ExpiryDateID) AND ([ProductID] = @Original_ProductID) AND ([Quantity] = @Original_Quantity) AND ([ExpiryDate] = @Original_ExpiryDate) AND ([OrderDetailsID] = @Original_OrderDetailsID));
                  Source: pd9EeXdsQtNb3dQ.exeBinary or memory string: INSERT INTO [dbo].[userstbl] ([Userid], [Passwd], [EmployeeID], [GroupID]) VALUES (@Userid, @Passwd, @EmployeeID, @GroupID); SELEC
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [sales] ([CustomerID], [EmployeeID], [SalesDate], [SalesTime], [PaymentType], [TotalAmount], [PriceOffset], [SaleType]) VALUES (@CustomerID, @EmployeeID, @SalesDate, @SalesTime, @PaymentType, @TotalAmount, @PriceOffset, @SaleType);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.332108343.0000000002848000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [dbo].[Employees] ([LastName], [FirstName], [Sex], [JobID], [BirthDate], [HireDate], [Address], [PhoneNo], [Country], [EmailAddress], [Picture]) VALUES (@LastName, @FirstName, @Sex, @JobID, @BirthDate, @HireDate, @Address, @PhoneNo, @Country, @EmailAddress, @Picture);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: UPDATE [usergroups] SET [GroupName] = @GroupName, [Description] = @Description, [GroupMenus] = @GroupMenus WHERE (([GroupID] = @Original_GroupID) AND ([GroupName] = @Original_GroupName) AND ((@IsNull_Description = 1 AND [Description] IS NULL) OR ([Description] = @Original_Description)));
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.332108343.0000000002848000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: UPDATE [products] SET [ProductCode] = @ProductCode, [ProductName] = @ProductName, [CategoryID] = @CategoryID, [UnitPrice] = @UnitPrice, [UnitsInStock] = @UnitsInStock, [ReorderLevel] = @ReorderLevel, [Discontinued] = @Discontinued, [Description] = @Description, [LocationID] = @LocationID, [Discount] = @Discount, [WHUnitPrice] = @WHUnitPrice, [AvgCost] = @AvgCost WHERE (([ProductID] = @Original_ProductID) AND ((@IsNull_ProductCode = 1 AND [ProductCode] IS NULL) OR ([ProductCode] = @Original_ProductCode)) AND ([ProductName] = @Original_ProductName) AND ([CategoryID] = @Original_CategoryID) AND ([UnitPrice] = @Original_UnitPrice) AND ([UnitsInStock] = @Original_UnitsInStock) AND ((@IsNull_ReorderLevel = 1 AND [ReorderLevel] IS NULL) OR ([ReorderLevel] = @Original_ReorderLevel)) AND ((@IsNull_Discontinued = 1 AND [Discontinued] IS NULL) OR ([Discontinued] = @Original_Discontinued)) AND ((@IsNull_Description = 1 AND [Description] IS NULL) OR ([Description] = @Original_Description)) AND ((@IsNull_LocationID = 1 AND [LocationID] IS NULL) OR ([LocationID] = @Original_LocationID)) AND ([Discount] = @Original_Discount) AND ((@IsNull_WHUnitPrice = 1 AND [WHUnitPrice] IS NULL) OR ([WHUnitPrice] = @Original_WHUnitPrice)) AND ((@IsNull_AvgCost = 1 AND [AvgCost] IS NULL) OR ([AvgCost] = @Original_AvgCost)));
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: UPDATE [dbo].[orderdetails] SET [OrderID] = @OrderID, [ProductID] = @ProductID, [UnitPrice] = @UnitPrice, [Quantity] = @Quantity, [Discount] = @Discount, [ExpiryDate] = @ExpiryDate WHERE (([OrderID] = @Original_OrderID) AND ([ProductID] = @Original_ProductID) AND ([UnitPrice] = @Original_UnitPrice) AND ([Quantity] = @Original_Quantity) AND ([Discount] = @Original_Discount) AND ((@IsNull_ExpiryDate = 1 AND [ExpiryDate] IS NULL) OR ([ExpiryDate] = @Original_ExpiryDate)));
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [dbo].[userstbl] ([Userid], [Passwd], [EmployeeID], [GroupID]) VALUES (@Userid, @Passwd, @EmployeeID, @GroupID);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: UPDATE [dbo].[categories] SET [CateryName] = @CateryName, [Description] = @Description, [Picture] = @Picture WHERE (([CategoryID] = @Original_CategoryID) AND ((@IsNull_CateryName = 1 AND [CateryName] IS NULL) OR ([CateryName] = @Original_CateryName)) AND ((@IsNull_Description = 1 AND [Description] IS NULL) OR ([Description] = @Original_Description)));
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [dbo].[customers] ([CompanyName], [ContactName], [ContactTitle], [Address], [Country], [PhoneNo], [EmailAddress]) VALUES (@CompanyName, @ContactName, @ContactTitle, @Address, @Country, @PhoneNo, @EmailAddress);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.332108343.0000000002848000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.332108343.0000000002848000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: UPDATE [Debtors] SET [SalesID] = @SalesID, [CustomerID] = @CustomerID, [EmployeeID] = @EmployeeID, [AmountDue] = @AmountDue, [CompletePayments] = @CompletePayments WHERE (([SalesID] = @Original_SalesID) AND ((@IsNull_CustomerID = 1 AND [CustomerID] IS NULL) OR ([CustomerID] = @Original_CustomerID)) AND ((@IsNull_EmployeeID = 1 AND [EmployeeID] IS NULL) OR ([EmployeeID] = @Original_EmployeeID)) AND ((@IsNull_AmountDue = 1 AND [AmountDue] IS NULL) OR ([AmountDue] = @Original_AmountDue)) AND ((@IsNull_CompletePayments = 1 AND [CompletePayments] IS NULL) OR ([CompletePayments] = @Original_CompletePayments)));
                  Source: pd9EeXdsQtNb3dQ.exeBinary or memory string: INSERT INTO [dbo].[Jobs] ([JobName], [Description]) VALUES (@JobName, @Description); SELECT JobID, JobName, Description FROM Jobs
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: UPDATE [dbo].[Employees] SET [LastName] = @LastName, [FirstName] = @FirstName, [Sex] = @Sex, [JobID] = @JobID, [BirthDate] = @BirthDate, [HireDate] = @HireDate, [Address] = @Address, [PhoneNo] = @PhoneNo, [Country] = @Country, [EmailAddress] = @EmailAddress, [Picture] = @Picture WHERE (([EmployeeID] = @Original_EmployeeID) AND ([LastName] = @Original_LastName) AND ([FirstName] = @Original_FirstName) AND ((@IsNull_Sex = 1 AND [Sex] IS NULL) OR ([Sex] = @Original_Sex)) AND ((@IsNull_JobID = 1 AND [JobID] IS NULL) OR ([JobID] = @Original_JobID)) AND ((@IsNull_BirthDate = 1 AND [BirthDate] IS NULL) OR ([BirthDate] = @Original_BirthDate)) AND ((@IsNull_HireDate = 1 AND [HireDate] IS NULL) OR ([HireDate] = @Original_HireDate)) AND ((@IsNull_Address = 1 AND [Address] IS NULL) OR ([Address] = @Original_Address)) AND ((@IsNull_PhoneNo = 1 AND [PhoneNo] IS NULL) OR ([PhoneNo] = @Original_PhoneNo)) AND ((@IsNull_Country = 1 AND [Country] IS NULL) OR ([Country] = @Original_Country)) AND ((@IsNull_EmailAddress = 1 AND [EmailAddress] IS NULL) OR ([EmailAddress] = @Original_EmailAddress)));
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [dbo].[tblMenu] ([menuName], [menuText]) VALUES (@menuName, @menuText);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: UPDATE [ShopInfo] SET [ShopName] = @ShopName, [Telephone] = @Telephone, [OwnerName] = @OwnerName, [Location] = @Location, [Email] = @Email, [CreatedBy] = @CreatedBy, [CreatedDate] = @CreatedDate, [ModifiedBy] = @ModifiedBy, [ModifiedDate] = @ModifiedDate WHERE (([Id] = @Original_Id) AND ([ShopName] = @Original_ShopName) AND ([Telephone] = @Original_Telephone) AND ((@IsNull_OwnerName = 1 AND [OwnerName] IS NULL) OR ([OwnerName] = @Original_OwnerName)) AND ([Location] = @Original_Location) AND ((@IsNull_Email = 1 AND [Email] IS NULL) OR ([Email] = @Original_Email)) AND ((@IsNull_CreatedBy = 1 AND [CreatedBy] IS NULL) OR ([CreatedBy] = @Original_CreatedBy)) AND ((@IsNull_CreatedDate = 1 AND [CreatedDate] IS NULL) OR ([CreatedDate] = @Original_CreatedDate)) AND ((@IsNull_ModifiedBy = 1 AND [ModifiedBy] IS NULL) OR ([ModifiedBy] = @Original_ModifiedBy)) AND ((@IsNull_ModifiedDate = 1 AND [ModifiedDate] IS NULL) OR ([ModifiedDate] = @Original_ModifiedDate)));
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [ExpiryDates] ([ProductID], [Quantity], [ExpiryDate], [OrderDetailsID]) VALUES (@ProductID, @Quantity, @ExpiryDate, @OrderDetailsID);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: UPDATE [sales] SET [CustomerID] = @CustomerID, [EmployeeID] = @EmployeeID, [SalesDate] = @SalesDate, [SalesTime] = @SalesTime, [PaymentType] = @PaymentType, [TotalAmount] = @TotalAmount, [PriceOffset] = @PriceOffset, [SaleType] = @SaleType WHERE (([SalesID] = @Original_SalesID) AND ((@IsNull_CustomerID = 1 AND [CustomerID] IS NULL) OR ([CustomerID] = @Original_CustomerID)) AND ((@IsNull_EmployeeID = 1 AND [EmployeeID] IS NULL) OR ([EmployeeID] = @Original_EmployeeID)) AND ([SalesDate] = @Original_SalesDate) AND ([SalesTime] = @Original_SalesTime) AND ((@IsNull_PaymentType = 1 AND [PaymentType] IS NULL) OR ([PaymentType] = @Original_PaymentType)) AND ([TotalAmount] = @Original_TotalAmount) AND ((@IsNull_PriceOffset = 1 AND [PriceOffset] IS NULL) OR ([PriceOffset] = @Original_PriceOffset)) AND ((@IsNull_SaleType = 1 AND [SaleType] IS NULL) OR ([SaleType] = @Original_SaleType)));
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [dbo].[orderdetails] ([OrderID], [ProductID], [UnitPrice], [Quantity], [Discount], [ExpiryDate]) VALUES (@OrderID, @ProductID, @UnitPrice, @Quantity, @Discount, @ExpiryDate);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: UPDATE [company_orders] SET [SubplierID] = @SubplierID, [EmployeeID] = @EmployeeID, [OrderDate] = @OrderDate, [RequiredDate] = @RequiredDate, [TotalAmount] = @TotalAmount WHERE (([OrderID] = @Original_OrderID) AND ((@IsNull_SubplierID = 1 AND [SubplierID] IS NULL) OR ([SubplierID] = @Original_SubplierID)) AND ([EmployeeID] = @Original_EmployeeID) AND ([OrderDate] = @Original_OrderDate) AND ((@IsNull_RequiredDate = 1 AND [RequiredDate] IS NULL) OR ([RequiredDate] = @Original_RequiredDate)) AND ((@IsNull_TotalAmount = 1 AND [TotalAmount] IS NULL) OR ([TotalAmount] = @Original_TotalAmount)));
                  Source: pd9EeXdsQtNb3dQ.exeBinary or memory string: INSERT INTO [Location] ([LocationName], [Description]) VALUES (@LocationName, @Description); SELECT LocationID, LocationName, Desc
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.332108343.0000000002848000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo;
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [usergroups] ([GroupName], [Description], [GroupMenus]) VALUES (@GroupName, @Description, @GroupMenus);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: UPDATE [salesdetails] SET [SalesID] = @SalesID, [ProductID] = @ProductID, [UnitPrice] = @UnitPrice, [Quantity] = @Quantity, [Discount] = @Discount WHERE (([SalesID] = @Original_SalesID) AND ([ProductID] = @Original_ProductID) AND ([UnitPrice] = @Original_UnitPrice) AND ([Quantity] = @Original_Quantity) AND ((@IsNull_Discount = 1 AND [Discount] IS NULL) OR ([Discount] = @Original_Discount)));
                  Source: pd9EeXdsQtNb3dQ.exeBinary or memory string: INSERT INTO [dbo].[tblMenu] ([menuName], [menuText]) VALUES (@menuName, @menuText);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [ExpenseType] ([TypeName], [Description], [CreatedBy], [CreatedDate], [ModifiedBy], [ModifiedDate]) VALUES (@TypeName, @Description, @CreatedBy, @CreatedDate, @ModifiedBy, @ModifiedDate);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.332108343.0000000002848000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
                  Source: pd9EeXdsQtNb3dQ.exeBinary or memory string: UPDATE userstbl SET Passwd = @Passwd WHERE (Userid = @Userid);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.332108343.0000000002848000.00000004.00000001.sdmpBinary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [suppliers] ([CompanyName], [ContactName], [Address], [Country], [PhoneNO], [Fax], [HomePage], [EmailAddress]) VALUES (@CompanyName, @ContactName, @Address, @Country, @PhoneNO, @Fax, @HomePage, @EmailAddress);
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.332108343.0000000002848000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo)
                  Source: pd9EeXdsQtNb3dQ.exeBinary or memory string: INSERT INTO [dbo].[categories] ([CateryName], [Description], [Picture]) VALUES (@CateryName, @Description, @Picture); SELECT Categ
                  Source: pd9EeXdsQtNb3dQ.exe, 00000000.00000002.330041590.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000002.00000000.326960241.0000000000332000.00000002.00020000.sdmp, pd9EeXdsQtNb3dQ.exe, 00000003.00000000.328731551.0000000000A92000.00000002.00020000.sdmpBinary or memory string: UPDATE [dbo].[Jobs] SET [JobName] = @JobName, [Description] = @Description WHERE (([JobID] = @Original_JobID) AND ((@IsNull_JobName = 1 AND [JobName] IS NULL) OR ([JobName] = @Original_JobName)) AND ((@IsNull_Description = 1 AND [Description] IS NULL) OR ([Description] = @Original_Description)));
                  Source: pd9EeXdsQtNb3dQ.exeVirustotal: Detection: 14%
                  Source: pd9EeXdsQtNb3dQ.exeReversingLabs: Detection: 51%
                  Source: pd9EeXdsQtNb3dQ.exeString found in binary or memory: About9HelpToolStripMenuItem1.Image-HelpToolStripMenuItem1
                  Source: unknownProcess created: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exe 'C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exe'
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess created: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exe C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exe
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess created: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exe C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exe
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess created: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exe C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess created: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exe C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: pd9EeXdsQtNb3dQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: pd9EeXdsQtNb3dQ.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                  Source: pd9EeXdsQtNb3dQ.exeStatic file information: File size 2330624 > 1048576
                  Source: pd9EeXdsQtNb3dQ.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x234a00
                  Source: pd9EeXdsQtNb3dQ.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                  Source: pd9EeXdsQtNb3dQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\megrKadQRn\src\obj\Debug\IMethodMessage.pdb source: pd9EeXdsQtNb3dQ.exe
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_0533659D push esp; ret 0_2_053365A1
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_0533642B push ebp; ret 0_2_0533642C
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_05336461 push ebp; ret 0_2_05336465
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_053364FF push esp; ret 0_2_05336503
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_053364EC push ebp; ret 0_2_053364ED
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_0533663E push ebx; ret 0_2_0533663F
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_053366BD push ebx; ret 0_2_053366C7
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_053366FF push edx; ret 0_2_05336700
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_05336977 push eax; ret 0_2_0533697E
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_05335974 pushad ; ret 0_2_05335975
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_05336947 push ecx; ret 0_2_0533694E
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_053369AE push eax; ret 0_2_053369B0
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_053380E4 push 3400035Eh; ret 0_2_053380E9
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_053368EC push ecx; ret 0_2_053368F3
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_0533639B push esi; ret 0_2_053363A4
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_0533629F push edi; ret 0_2_053362A9
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E7CA9 push D0456990h; iretd 0_2_059E7CAE
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 0_2_059E6639 push D0456990h; iretd 0_2_059E663E
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_013C7A37 push edi; retn 0000h3_2_013C7A39
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_0141011E push ds; retf 3_2_0141011F
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_0141CBC2 push 8BFFFFFFh; retf 3_2_0141CBC8
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeCode function: 3_2_0141F270 push esp; iretd 3_2_0141F271
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion:

                  barindex
                  Yara detected AntiVM3Show sources
                  Source: Yara matchFile source: 00000000.00000002.332108343.0000000002848000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: pd9EeXdsQtNb3dQ.exe PID: 6472, type: MEMORY
                  Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                  Source: C:\Users\user\Desktop\pd9EeXdsQtNb3dQ.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard