Source: Purchase Order_12052021.exe, 00000003.00000002.470154647.00000000011D2000.00000004.00000020.sdmp |
String found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0 |
Source: Purchase Order_12052021.exe, 00000003.00000002.475714622.0000000006840000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/RapidSSLTLSDVRSAMi |
Source: Purchase Order_12052021.exe, 00000003.00000002.471482796.0000000002E9E000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/RapidSSLTLSDVRSAMixedSHA2562020CA-1.crt0 |
Source: Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp |
String found in binary or memory: http://checkip.dyndns.org/HB |
Source: Purchase Order_12052021.exe, 00000003.00000002.470154647.00000000011D2000.00000004.00000020.sdmp |
String found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07 |
Source: Purchase Order_12052021.exe, 00000003.00000002.471885488.0000000002F03000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: Purchase Order_12052021.exe, 00000003.00000002.475714622.0000000006840000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRo~II |
Source: Purchase Order_12052021.exe, 00000003.00000002.470467044.0000000001267000.00000004.00000020.sdmp |
String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m |
Source: Purchase Order_12052021.exe, 00000003.00000002.471482796.0000000002E9E000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/RapidSSLTLSDVRSAMixedSHA2562020CA-1.crl0F |
Source: Purchase Order_12052021.exe, 00000003.00000002.470154647.00000000011D2000.00000004.00000020.sdmp |
String found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0L |
Source: Purchase Order_12052021.exe, 00000003.00000002.471885488.0000000002F03000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0 |
Source: Purchase Order_12052021.exe, 00000003.00000002.475689742.000000000681F000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/RapidSSLTLSDVRSAMix |
Source: Purchase Order_12052021.exe, 00000003.00000002.471482796.0000000002E9E000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/RapidSSLTLSDVRSAMixedSHA2562020CA-1.crl0 |
Source: Purchase Order_12052021.exe, 00000003.00000002.471885488.0000000002F03000.00000004.00000001.sdmp |
String found in binary or memory: http://kerekesfoto.com |
Source: Purchase Order_12052021.exe, 00000003.00000002.471885488.0000000002F03000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.470154647.00000000011D2000.00000004.00000020.sdmp |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: Purchase Order_12052021.exe, 00000003.00000002.470467044.0000000001267000.00000004.00000020.sdmp |
String found in binary or memory: http://ocsp.digicert.com0: |
Source: Purchase Order_12052021.exe, 00000003.00000002.471482796.0000000002E9E000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: Purchase Order_12052021.exe, 00000000.00000002.219818488.0000000002811000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp |
String found in binary or memory: http://servermanager.miixit.org/1 |
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp |
String found in binary or memory: http://servermanager.miixit.org/downloads/ |
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp |
String found in binary or memory: http://servermanager.miixit.org/hits/hit_index.php?k= |
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp |
String found in binary or memory: http://servermanager.miixit.org/index_ru.html |
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp |
String found in binary or memory: http://servermanager.miixit.org/index_ru.htmlc |
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp |
String found in binary or memory: http://servermanager.miixit.org/report/reporter_index.php?name= |
Source: Purchase Order_12052021.exe, 00000003.00000002.471482796.0000000002E9E000.00000004.00000001.sdmp |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=Createutf-8Win32_ComputerSystemModelManufactu |
Source: Purchase Order_12052021.exe, 00000003.00000002.471029009.0000000002DF4000.00000004.00000001.sdmp |
String found in binary or memory: https://freegeoip.app |
Source: Purchase Order_12052021.exe, 00000003.00000002.471029009.0000000002DF4000.00000004.00000001.sdmp |
String found in binary or memory: https://freegeoip.app/xml/ |
Source: Purchase Order_12052021.exe, 00000003.00000002.471029009.0000000002DF4000.00000004.00000001.sdmp |
String found in binary or memory: https://freegeoip.app/xml/84.17.52.78 |
Source: Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp |
String found in binary or memory: https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/ |
Source: Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp |
String found in binary or memory: https://i.imgur.com/GJD7Q5y.png195.239.51.11795.26.248.2989.208.29.13389.187.165.4792.118.13.1895.26 |
Source: Purchase Order_12052021.exe, 00000003.00000002.471060800.0000000002E0B000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.471072262.0000000002E0F000.00000004.00000001.sdmp |
String found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: Purchase Order_12052021.exe, 00000003.00000002.475714622.0000000006840000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert. |
Source: Purchase Order_12052021.exe, 00000003.00000002.475714622.0000000006840000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert.coef |
Source: Purchase Order_12052021.exe, 00000003.00000002.471885488.0000000002F03000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: Purchase Order_12052021.exe, 00000003.00000002.471885488.0000000002F03000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.475714622.0000000006840000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.475689742.000000000681F000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/rpa-ua0 |
Source: Purchase Order_12052021.exe, 00000003.00000002.471083879.0000000002E20000.00000004.00000001.sdmp |
String found in binary or memory: https://www.geodatatool.com/en/?ip= |
Source: Purchase Order_12052021.exe, 00000003.00000002.473656695.0000000003132000.00000004.00000001.sdmp |
String found in binary or memory: https://www.geodatatool.com/en/?ip=3D84.17.52.78=0D=0A=0D=0ADat= |
Source: Purchase Order_12052021.exe, 00000003.00000002.471482796.0000000002E9E000.00000004.00000001.sdmp |
String found in binary or memory: https://www.geodatatool.com/en/?ip=84.17.52.78 |
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp |
String found in binary or memory: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CJU3DBQXBUQPC |
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp |
String found in binary or memory: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CJU3DBQXBUQPC5http://servermana |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B344A0 |
0_2_00B344A0 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B318F0 |
0_2_00B318F0 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B304E2 |
0_2_00B304E2 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B32420 |
0_2_00B32420 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B33528 |
0_2_00B33528 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B3B558 |
0_2_00B3B558 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B3BEC0 |
0_2_00B3BEC0 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B32B98 |
0_2_00B32B98 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B3A898 |
0_2_00B3A898 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B32411 |
0_2_00B32411 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B3B870 |
0_2_00B3B870 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B36C58 |
0_2_00B36C58 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B36580 |
0_2_00B36580 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B377D2 |
0_2_00B377D2 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B36571 |
0_2_00B36571 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B3AE90 |
0_2_00B3AE90 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B36A88 |
0_2_00B36A88 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B36A79 |
0_2_00B36A79 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B3A240 |
0_2_00B3A240 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B323AE |
0_2_00B323AE |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B3439B |
0_2_00B3439B |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B377D2 |
0_2_00B377D2 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B367D8 |
0_2_00B367D8 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B367C9 |
0_2_00B367C9 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_04E96490 |
0_2_04E96490 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_04E98E70 |
0_2_04E98E70 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D4148 |
0_2_054D4148 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D0040 |
0_2_054D0040 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D8C68 |
0_2_054D8C68 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D4137 |
0_2_054D4137 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D8C59 |
0_2_054D8C59 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D4458 |
0_2_054D4458 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D3C50 |
0_2_054D3C50 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D4468 |
0_2_054D4468 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D3C60 |
0_2_054D3C60 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D0006 |
0_2_054D0006 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D68C0 |
0_2_054D68C0 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D5CD9 |
0_2_054D5CD9 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D5CE8 |
0_2_054D5CE8 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D88A8 |
0_2_054D88A8 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D88A4 |
0_2_054D88A4 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D68B3 |
0_2_054D68B3 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D3331 |
0_2_054D3331 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D3390 |
0_2_054D3390 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D4BAF |
0_2_054D4BAF |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D8E5D |
0_2_054D8E5D |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D8E6B |
0_2_054D8E6B |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D8ED4 |
0_2_054D8ED4 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D8EFA |
0_2_054D8EFA |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D8E84 |
0_2_054D8E84 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D4AAF |
0_2_054D4AAF |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D4AB0 |
0_2_054D4AB0 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_0117D0B0 |
3_2_0117D0B0 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_0117F0E0 |
3_2_0117F0E0 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_0117057F |
3_2_0117057F |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_0117D980 |
3_2_0117D980 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_0117CD68 |
3_2_0117CD68 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_01171039 |
3_2_01171039 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_01171550 |
3_2_01171550 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_0591DD88 |
3_2_0591DD88 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_059148B8 |
3_2_059148B8 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_05915020 |
3_2_05915020 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_059183D0 |
3_2_059183D0 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_05911370 |
3_2_05911370 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_06928A38 |
3_2_06928A38 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_069239D8 |
3_2_069239D8 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_0694B780 |
3_2_0694B780 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_06947724 |
3_2_06947724 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_0694C050 |
3_2_0694C050 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_06945750 |
3_2_06945750 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_06945740 |
3_2_06945740 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_0694B187 |
3_2_0694B187 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_0694BFF0 |
3_2_0694BFF0 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_06948C50 |
3_2_06948C50 |
Source: Purchase Order_12052021.exe |
Binary or memory string: OriginalFilename vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe, 00000000.00000002.219818488.0000000002811000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameSimpleUI.dll( vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe, 00000000.00000002.219485544.0000000000B68000.00000004.00000020.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe, 00000000.00000000.198987261.0000000000470000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameContextAttribute.exe" vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe, 00000000.00000002.221824311.0000000002D20000.00000004.00000001.sdmp |
Binary or memory string: l,\\StringFileInfo\\000004B0\\OriginalFilename vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe, 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameDSASignature.dll@ vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe, 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameVNXT.exe* vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe, 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenamee.exe4 vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe |
Binary or memory string: OriginalFilename vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe, 00000002.00000000.216649315.00000000003D0000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameContextAttribute.exe" vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe |
Binary or memory string: OriginalFilename vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe, 00000003.00000002.475390162.00000000061E0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe, 00000003.00000002.468681860.0000000000BE5000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameUNKNOWN_FILET vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe, 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp |
Binary or memory string: OriginalFilenameVNXT.exe* vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe, 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp |
Binary or memory string: OriginalFilenamee.exe4 vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe, 00000003.00000002.468556035.0000000000A20000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameContextAttribute.exe" vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe, 00000003.00000002.469960044.00000000011AA000.00000004.00000020.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe |
Binary or memory string: OriginalFilenameContextAttribute.exe" vs Purchase Order_12052021.exe |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: Yara match |
File source: 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Purchase Order_12052021.exe PID: 3560, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Purchase Order_12052021.exe PID: 2792, type: MEMORY |
Source: Yara match |
File source: 0.2.Purchase Order_12052021.exe.3b46210.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.Purchase Order_12052021.exe.4224d4.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Purchase Order_12052021.exe.3b46210.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.Purchase Order_12052021.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Purchase Order_12052021.exe.3ac79f0.2.raw.unpack, type: UNPACKEDPE |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_0045FA71 push ss; retf |
0_2_0045FA72 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B31453 pushfd ; retf |
0_2_00B31454 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_00B31449 pushfd ; retf |
0_2_00B3144A |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_04E9ACDC push 9C027EC3h; ret |
0_2_04E9ACE1 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D831F push FFFFFFA2h; retf |
0_2_054D8321 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 0_2_054D7E42 push ebx; iretd |
0_2_054D7E50 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 2_2_003D3622 push cs; retf |
2_2_003D3632 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 2_2_003D3670 push cs; retf |
2_2_003D36A4 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 2_2_003D3658 push cs; retf |
2_2_003D366E |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 2_2_003D3A5A push ss; retf |
2_2_003D3A5E |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 2_2_003D3BB6 push ds; retf |
2_2_003D3BBA |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 2_2_003D3BA4 push ds; retf |
2_2_003D3BB4 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 2_2_003D36A6 push cs; retf |
2_2_003D36B0 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 2_2_003D3B92 push ds; retf |
2_2_003D3B96 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 2_2_003D338E push cs; retf |
2_2_003D3632 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 2_2_003D338E push cs; retf |
2_2_003D363E |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_00A236A6 push cs; retf |
3_2_00A236B0 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_00A23BA4 push ds; retf |
3_2_00A23BB4 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_00A23BB6 push ds; retf |
3_2_00A23BBA |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_00A2338E push cs; retf |
3_2_00A23632 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_00A2338E push cs; retf |
3_2_00A2363E |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_00A23B92 push ds; retf |
3_2_00A23B96 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_00A23622 push cs; retf |
3_2_00A23632 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_00A23670 push cs; retf |
3_2_00A236A4 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_00A23A5A push ss; retf |
3_2_00A23A5E |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_00A23658 push cs; retf |
3_2_00A2366E |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_0694F687 push es; iretd |
3_2_0694F688 |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Code function: 3_2_0694C7F0 pushad ; retf |
3_2_0694C84D |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Yara match |
File source: 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Purchase Order_12052021.exe PID: 3560, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Purchase Order_12052021.exe PID: 2792, type: MEMORY |
Source: Yara match |
File source: 0.2.Purchase Order_12052021.exe.3b46210.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.Purchase Order_12052021.exe.4224d4.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Purchase Order_12052021.exe.3b46210.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.Purchase Order_12052021.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Purchase Order_12052021.exe.3ac79f0.2.raw.unpack, type: UNPACKEDPE |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2428 |
Thread sleep time: -99453s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 6128 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -15679732462653109s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -200000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 6060 |
Thread sleep count: 2287 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -99844s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 6060 |
Thread sleep count: 7556 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -99734s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -99625s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -99515s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -99406s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -99297s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -99187s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -99078s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98969s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98859s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98750s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98640s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98531s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98422s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98312s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98203s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98094s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -97984s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -195750s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -97766s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -97641s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -97516s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -97406s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -97297s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -97187s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -97078s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -96969s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -96859s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -99875s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -99766s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -99656s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -99547s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -99437s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -99328s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -99219s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -99094s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98984s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98875s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98766s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98656s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98547s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98437s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98328s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98219s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98109s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -98000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440 |
Thread sleep time: -97656s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99453 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 100000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99844 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99734 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99625 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99515 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99406 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99297 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99187 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99078 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98969 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98859 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98750 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98640 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98531 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98422 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98312 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98203 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98094 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 97984 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 97875 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 97766 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 97641 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 97516 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 97406 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 97297 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 97187 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 97078 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 96969 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 96859 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99875 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99766 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99656 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99547 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99437 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99328 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99219 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 99094 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98984 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98875 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98766 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98656 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98547 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98437 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98328 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98219 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98109 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 98000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Thread delayed: delay time: 97656 |
Jump to behavior |
Source: Purchase Order_12052021.exe, 00000003.00000002.475390162.00000000061E0000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: VMWARE |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Purchase Order_12052021.exe, 00000003.00000002.475390162.00000000061E0000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: Purchase Order_12052021.exe, 00000003.00000002.475390162.00000000061E0000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II |
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp |
Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: Purchase Order_12052021.exe, 00000003.00000002.470467044.0000000001267000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: Purchase Order_12052021.exe, 00000003.00000002.475390162.00000000061E0000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Queries volume information: C:\Users\user\Desktop\Purchase Order_12052021.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Queries volume information: C:\Users\user\Desktop\Purchase Order_12052021.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Purchase Order_12052021.exe PID: 3560, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Purchase Order_12052021.exe PID: 2792, type: MEMORY |
Source: Yara match |
File source: 0.2.Purchase Order_12052021.exe.3b46210.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.Purchase Order_12052021.exe.4224d4.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Purchase Order_12052021.exe.3b46210.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.Purchase Order_12052021.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Purchase Order_12052021.exe.3ac79f0.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Purchase Order_12052021.exe PID: 3560, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Purchase Order_12052021.exe PID: 2792, type: MEMORY |
Source: Yara match |
File source: 0.2.Purchase Order_12052021.exe.3b46210.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.Purchase Order_12052021.exe.4224d4.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Purchase Order_12052021.exe.3b46210.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.Purchase Order_12052021.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Purchase Order_12052021.exe.3ac79f0.2.raw.unpack, type: UNPACKEDPE |