Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000004.00000002.505405709.0000000002EC1000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000004.00000002.505405709.0000000002EC1000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000004.00000002.505405709.0000000002EC1000.00000004.00000001.sdmp |
String found in binary or memory: http://JNlaBk.com |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000003.248868610.0000000002DFB000.00000004.00000001.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.260056773.0000000002970000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000003.248868610.0000000002DFB000.00000004.00000001.sdmp |
String found in binary or memory: http://servermanager.miixit.org/1 |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000003.248868610.0000000002DFB000.00000004.00000001.sdmp |
String found in binary or memory: http://servermanager.miixit.org/downloads/ |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000003.248868610.0000000002DFB000.00000004.00000001.sdmp |
String found in binary or memory: http://servermanager.miixit.org/hits/hit_index.php?k= |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000003.248868610.0000000002DFB000.00000004.00000001.sdmp |
String found in binary or memory: http://servermanager.miixit.org/index_ru.html |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000003.248868610.0000000002DFB000.00000004.00000001.sdmp |
String found in binary or memory: http://servermanager.miixit.org/index_ru.htmlc |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000003.248868610.0000000002DFB000.00000004.00000001.sdmp |
String found in binary or memory: http://servermanager.miixit.org/report/reporter_index.php?name= |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000004.00000002.509320661.0000000003196000.00000004.00000001.sdmp |
String found in binary or memory: http://smtp.globaloffs-site.com |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000004.00000002.509320661.0000000003196000.00000004.00000001.sdmp |
String found in binary or memory: http://us2.smtp.mailhostbox.com |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000004.00000002.509013136.0000000003173000.00000004.00000001.sdmp |
String found in binary or memory: https://EYpwltTomgBW7.com |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000003.248868610.0000000002DFB000.00000004.00000001.sdmp |
String found in binary or memory: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CJU3DBQXBUQPC |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000003.248868610.0000000002DFB000.00000004.00000001.sdmp |
String found in binary or memory: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CJU3DBQXBUQPC5http://servermana |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.260813801.00000000034B5000.00000004.00000001.sdmp, PRODUCT INQUIRY FROM PAKISTAN.exe, 00000004.00000002.500732572.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000004.00000002.505405709.0000000002EC1000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02303690 |
0_2_02303690 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_0230B288 |
0_2_0230B288 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02309FD0 |
0_2_02309FD0 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02302CC0 |
0_2_02302CC0 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02300538 |
0_2_02300538 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02302520 |
0_2_02302520 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02304578 |
0_2_02304578 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02304A08 |
0_2_02304A08 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_0230A2A8 |
0_2_0230A2A8 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02303680 |
0_2_02303680 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_023066C0 |
0_2_023066C0 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02306B50 |
0_2_02306B50 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02305431 |
0_2_02305431 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02306010 |
0_2_02306010 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02302478 |
0_2_02302478 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02305440 |
0_2_02305440 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_0230A8B0 |
0_2_0230A8B0 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02302CB2 |
0_2_02302CB2 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02307898 |
0_2_02307898 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02304489 |
0_2_02304489 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_023068F8 |
0_2_023068F8 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_023068E8 |
0_2_023068E8 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02306D30 |
0_2_02306D30 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02306D20 |
0_2_02306D20 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_0230052A |
0_2_0230052A |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02303158 |
0_2_02303158 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02301948 |
0_2_02301948 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02303149 |
0_2_02303149 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04949261 |
0_2_04949261 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04945628 |
0_2_04945628 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04948030 |
0_2_04948030 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D59C70 |
0_2_04D59C70 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D57DDF |
0_2_04D57DDF |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D55560 |
0_2_04D55560 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D55E68 |
0_2_04D55E68 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D50054 |
0_2_04D50054 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D589D0 |
0_2_04D589D0 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D55948 |
0_2_04D55948 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D5D298 |
0_2_04D5D298 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D59260 |
0_2_04D59260 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D55230 |
0_2_04D55230 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D533B0 |
0_2_04D533B0 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D5CC80 |
0_2_04D5CC80 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D5CC70 |
0_2_04D5CC70 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D55551 |
0_2_04D55551 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D5CE91 |
0_2_04D5CE91 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D5CEA0 |
0_2_04D5CEA0 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D57E51 |
0_2_04D57E51 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D55E5B |
0_2_04D55E5B |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D5C630 |
0_2_04D5C630 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D5C621 |
0_2_04D5C621 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D55768 |
0_2_04D55768 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D5D098 |
0_2_04D5D098 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D5D0A8 |
0_2_04D5D0A8 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04D589BB |
0_2_04D589BB |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_00BE51B2 |
4_2_00BE51B2 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_012BC768 |
4_2_012BC768 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_012B5B90 |
4_2_012B5B90 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_012BDA80 |
4_2_012BDA80 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_012B1ECC |
4_2_012B1ECC |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_012BA70E |
4_2_012BA70E |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_012BA770 |
4_2_012BA770 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_012B82D0 |
4_2_012B82D0 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_0140D100 |
4_2_0140D100 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_0140C118 |
4_2_0140C118 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_014016E8 |
4_2_014016E8 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_014B5DC0 |
4_2_014B5DC0 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_014B64F8 |
4_2_014B64F8 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_014B57C8 |
4_2_014B57C8 |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe |
Binary or memory string: OriginalFilename vs PRODUCT INQUIRY FROM PAKISTAN.exe |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.260813801.00000000034B5000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameJHVjKDQvYAZPEyzIeFpCtBkAAvzUHgJsmkgBHOT.exe4 vs PRODUCT INQUIRY FROM PAKISTAN.exe |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.260813801.00000000034B5000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameDSASignature.dll@ vs PRODUCT INQUIRY FROM PAKISTAN.exe |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000000.236066521.00000000000D4000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameSecuritySafeCriticalAttribute.exeF vs PRODUCT INQUIRY FROM PAKISTAN.exe |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.263702136.0000000004D40000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameSimpleUI.dll( vs PRODUCT INQUIRY FROM PAKISTAN.exe |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.263578015.0000000004B60000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemscorrc.dllT vs PRODUCT INQUIRY FROM PAKISTAN.exe |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe |
Binary or memory string: OriginalFilename vs PRODUCT INQUIRY FROM PAKISTAN.exe |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000004.00000002.504490816.00000000013C0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamewshom.ocx vs PRODUCT INQUIRY FROM PAKISTAN.exe |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000004.00000002.504513606.00000000013D0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamewshom.ocx.mui vs PRODUCT INQUIRY FROM PAKISTAN.exe |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000004.00000002.502045027.0000000000BE4000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameSecuritySafeCriticalAttribute.exeF vs PRODUCT INQUIRY FROM PAKISTAN.exe |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000004.00000002.502149730.0000000000F88000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameUNKNOWN_FILET vs PRODUCT INQUIRY FROM PAKISTAN.exe |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000004.00000002.503860354.00000000012C0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemscorrc.dllT vs PRODUCT INQUIRY FROM PAKISTAN.exe |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000004.00000002.500732572.0000000000402000.00000040.00000001.sdmp |
Binary or memory string: OriginalFilenameJHVjKDQvYAZPEyzIeFpCtBkAAvzUHgJsmkgBHOT.exe4 vs PRODUCT INQUIRY FROM PAKISTAN.exe |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe |
Binary or memory string: OriginalFilenameSecuritySafeCriticalAttribute.exeF vs PRODUCT INQUIRY FROM PAKISTAN.exe |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_000BFFC1 push eax; retf |
0_2_000BFFC8 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_02308615 push eax; retf |
0_2_02308617 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_0230861F push eax; retf |
0_2_02308621 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 0_2_04949E98 push 9C0234C3h; ret |
0_2_04949EA1 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_00BE76B0 push cs; retf |
4_2_00BE76F0 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_00BE7A9A push ss; retf |
4_2_00BE7A9E |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_00BE7698 push cs; retf |
4_2_00BE76AE |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_00BE7BF6 push ds; retf |
4_2_00BE7BFA |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_00BE73E6 push cs; retf |
4_2_00BE7672 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_00BE7BE4 push ds; retf |
4_2_00BE7BF4 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_00BE7BD2 push ds; retf |
4_2_00BE7BD6 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_00BE7662 push cs; retf |
4_2_00BE7672 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Code function: 4_2_014BB5E7 push edi; retn 0000h |
4_2_014BB5E9 |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: VMWARE |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000000.00000002.258281166.00000000024B3000.00000004.00000001.sdmp |
Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: PRODUCT INQUIRY FROM PAKISTAN.exe, 00000004.00000002.512303470.0000000006CE0000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Queries volume information: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Queries volume information: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |