Source: Factura PO 1541973.exe, 00000004.00000002.912086324.0000000002A91000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: Factura PO 1541973.exe, 00000004.00000002.912086324.0000000002A91000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: Factura PO 1541973.exe, 00000004.00000002.912086324.0000000002A91000.00000004.00000001.sdmp, Factura PO 1541973.exe, 00000004.00000003.858298741.0000000000BC4000.00000004.00000001.sdmp |
String found in binary or memory: http://kCE9JYg5iS.com |
Source: Factura PO 1541973.exe, 00000000.00000002.655902349.0000000002DA1000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Factura PO 1541973.exe, 00000004.00000002.912784647.0000000002DF5000.00000004.00000001.sdmp |
String found in binary or memory: http://us2.smtp.mailhostbox.com |
Source: Factura PO 1541973.exe, 00000004.00000002.912086324.0000000002A91000.00000004.00000001.sdmp |
String found in binary or memory: http://wJzLSk.com |
Source: Factura PO 1541973.exe, 00000004.00000002.912086324.0000000002A91000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org%$ |
Source: Factura PO 1541973.exe, 00000004.00000002.912086324.0000000002A91000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org%GETMozilla/5.0 |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: Factura PO 1541973.exe, 00000000.00000002.657464491.0000000003FA5000.00000004.00000001.sdmp, Factura PO 1541973.exe, 00000004.00000000.654058658.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: Factura PO 1541973.exe, 00000004.00000002.912086324.0000000002A91000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_013BC3A0 |
0_2_013BC3A0 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_013BA758 |
0_2_013BA758 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D9B628 |
0_2_05D9B628 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D9C048 |
0_2_05D9C048 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D9822E |
0_2_05D9822E |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D9AD98 |
0_2_05D9AD98 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D9CFB0 |
0_2_05D9CFB0 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D97B00 |
0_2_05D97B00 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D97550 |
0_2_05D97550 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D97540 |
0_2_05D97540 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D9F530 |
0_2_05D9F530 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D9B618 |
0_2_05D9B618 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D9A190 |
0_2_05D9A190 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D9A1A0 |
0_2_05D9A1A0 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D9F098 |
0_2_05D9F098 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D9B050 |
0_2_05D9B050 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D90040 |
0_2_05D90040 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D9B060 |
0_2_05D9B060 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D90007 |
0_2_05D90007 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D9C038 |
0_2_05D9C038 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D9F2D0 |
0_2_05D9F2D0 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Code function: 0_2_05D9AD92 |
0_2_05D9AD92 |
Source: Factura PO 1541973.exe, 00000000.00000002.660645491.000000000BFC0000.00000002.00000001.sdmp |
Binary or memory string: System.OriginalFileName vs Factura PO 1541973.exe |
Source: Factura PO 1541973.exe, 00000000.00000002.657464491.0000000003FA5000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameVBQEHAlZHGNDbNAwDJmWxqJmACCGvaNOCDccRWP.exe4 vs Factura PO 1541973.exe |
Source: Factura PO 1541973.exe, 00000000.00000002.660113293.0000000005F80000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameDSASignature.dll@ vs Factura PO 1541973.exe |
Source: Factura PO 1541973.exe, 00000000.00000002.661127774.000000000C0B0000.00000002.00000001.sdmp |
Binary or memory string: originalfilename vs Factura PO 1541973.exe |
Source: Factura PO 1541973.exe, 00000000.00000002.661127774.000000000C0B0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs Factura PO 1541973.exe |
Source: Factura PO 1541973.exe, 00000000.00000002.655024928.0000000000A36000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameConstructorInfo.exe< vs Factura PO 1541973.exe |
Source: Factura PO 1541973.exe, 00000004.00000002.910233629.0000000000402000.00000040.00000001.sdmp |
Binary or memory string: OriginalFilenameVBQEHAlZHGNDbNAwDJmWxqJmACCGvaNOCDccRWP.exe4 vs Factura PO 1541973.exe |
Source: Factura PO 1541973.exe, 00000004.00000002.911552216.0000000000ED0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamewshom.ocx.mui vs Factura PO 1541973.exe |
Source: Factura PO 1541973.exe, 00000004.00000002.911598571.0000000000FF0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemscorrc.dllT vs Factura PO 1541973.exe |
Source: Factura PO 1541973.exe, 00000004.00000000.654201525.00000000006E6000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameConstructorInfo.exe< vs Factura PO 1541973.exe |
Source: Factura PO 1541973.exe, 00000004.00000002.911323137.0000000000D9A000.00000004.00000020.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs Factura PO 1541973.exe |
Source: Factura PO 1541973.exe, 00000004.00000002.910525371.0000000000AF8000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameUNKNOWN_FILET vs Factura PO 1541973.exe |
Source: Factura PO 1541973.exe |
Binary or memory string: OriginalFilenameConstructorInfo.exe< vs Factura PO 1541973.exe |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: unknown |
Process created: C:\Users\user\Desktop\Factura PO 1541973.exe 'C:\Users\user\Desktop\Factura PO 1541973.exe' |
|
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\lVzZfJoExG' /XML 'C:\Users\user\AppData\Local\Temp\tmp2A03.tmp' |
|
Source: C:\Windows\SysWOW64\schtasks.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process created: C:\Users\user\Desktop\Factura PO 1541973.exe C:\Users\user\Desktop\Factura PO 1541973.exe |
|
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\lVzZfJoExG' /XML 'C:\Users\user\AppData\Local\Temp\tmp2A03.tmp' |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process created: C:\Users\user\Desktop\Factura PO 1541973.exe C:\Users\user\Desktop\Factura PO 1541973.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: Factura PO 1541973.exe, 00000004.00000003.871802773.0000000000E81000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlles\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B} |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: VMWARE |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II |
Source: Factura PO 1541973.exe, 00000000.00000002.655976100.0000000002DDB000.00000004.00000001.sdmp |
Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Queries volume information: C:\Users\user\Desktop\Factura PO 1541973.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Queries volume information: C:\Users\user\Desktop\Factura PO 1541973.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Factura PO 1541973.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 00000004.00000000.654058658.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.910233629.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.657464491.0000000003FA5000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.912086324.0000000002A91000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Factura PO 1541973.exe PID: 7136, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Factura PO 1541973.exe PID: 6920, type: MEMORY |
Source: Yara match |
File source: 4.0.Factura PO 1541973.exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Factura PO 1541973.exe.404fad0.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.Factura PO 1541973.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Factura PO 1541973.exe.404fad0.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000004.00000000.654058658.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.910233629.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.657464491.0000000003FA5000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.912086324.0000000002A91000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Factura PO 1541973.exe PID: 7136, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Factura PO 1541973.exe PID: 6920, type: MEMORY |
Source: Yara match |
File source: 4.0.Factura PO 1541973.exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Factura PO 1541973.exe.404fad0.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.Factura PO 1541973.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Factura PO 1541973.exe.404fad0.2.raw.unpack, type: UNPACKEDPE |