Source: PO #R58490.exe, 00000004.00000002.474545404.0000000002AE1000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: PO #R58490.exe, 00000004.00000002.474545404.0000000002AE1000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: PO #R58490.exe, 00000004.00000002.482237302.00000000060A0000.00000004.00000001.sdmp | String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0 |
Source: PO #R58490.exe, 00000004.00000002.482237302.00000000060A0000.00000004.00000001.sdmp | String found in binary or memory: http://cps.letsencrypt.org0 |
Source: PO #R58490.exe, 00000004.00000002.482237302.00000000060A0000.00000004.00000001.sdmp | String found in binary or memory: http://cps.root-x1.letsencrypt.org0 |
Source: PO #R58490.exe, 00000004.00000002.482237302.00000000060A0000.00000004.00000001.sdmp | String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
Source: PO #R58490.exe, 00000004.00000002.475838803.0000000002D92000.00000004.00000001.sdmp | String found in binary or memory: http://mail.cavilum.cl |
Source: PO #R58490.exe, 00000004.00000002.482237302.00000000060A0000.00000004.00000001.sdmp | String found in binary or memory: http://r3.i.lencr.org |
Source: PO #R58490.exe, 00000004.00000002.482237302.00000000060A0000.00000004.00000001.sdmp | String found in binary or memory: http://r3.i.lencr.org/0# |
Source: PO #R58490.exe, 00000004.00000002.482237302.00000000060A0000.00000004.00000001.sdmp | String found in binary or memory: http://r3.o.lencr.org0 |
Source: PO #R58490.exe, 00000001.00000002.213257824.0000000002BB1000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: PO #R58490.exe, 00000004.00000002.482237302.00000000060A0000.00000004.00000001.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
Source: PO #R58490.exe, 00000004.00000002.482237302.00000000060A0000.00000004.00000001.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
Source: PO #R58490.exe, 00000004.00000002.474545404.0000000002AE1000.00000004.00000001.sdmp | String found in binary or memory: http://xUGEzQ.com |
Source: PO #R58490.exe, 00000004.00000002.475566216.0000000002D31000.00000004.00000001.sdmp | String found in binary or memory: https://49Z9TKhGLJ3VymNKQj.org |
Source: PO #R58490.exe, 00000004.00000002.474545404.0000000002AE1000.00000004.00000001.sdmp | String found in binary or memory: https://api.ipify.org%GETMozilla/5.0 |
Source: PO #R58490.exe, 00000004.00000002.474545404.0000000002AE1000.00000004.00000001.sdmp | String found in binary or memory: https://api.ipify.org%x |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: PO #R58490.exe, 00000001.00000002.214163603.0000000003BB9000.00000004.00000001.sdmp, PO #R58490.exe, 00000004.00000000.211277551.0000000000402000.00000040.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: PO #R58490.exe, 00000004.00000002.474545404.0000000002AE1000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 1_2_0108C748 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 1_2_0108AD78 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 1_2_04BF2850 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 1_2_04BF0032 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 1_2_04BF0040 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 1_2_04BF023D |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 1_2_04BF0201 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00B5D4D8 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00B580C0 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00B5B030 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00B53630 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00B50BB0 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00B5A5F0 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00B57528 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00E760F8 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00E76830 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00E75AC1 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00E7EF38 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00E7D898 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00F200CA |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00F28938 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00F24B50 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00F259B8 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00F259A8 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00F29AA8 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00F27780 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00F2EB60 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00F3E1C8 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00F30DC8 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00F39268 |
Source: PO #R58490.exe, 00000001.00000002.217049674.0000000005DA0000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameDSASignature.dll@ vs PO #R58490.exe |
Source: PO #R58490.exe, 00000001.00000000.201416244.0000000000912000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameMessageData.exe< vs PO #R58490.exe |
Source: PO #R58490.exe, 00000001.00000002.214163603.0000000003BB9000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameKygo.dll* vs PO #R58490.exe |
Source: PO #R58490.exe, 00000001.00000002.214163603.0000000003BB9000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamelOQFXsEdnXbPfrLurEHOqbAcVpqnQnZ.exe4 vs PO #R58490.exe |
Source: PO #R58490.exe, 00000002.00000000.209746324.00000000003A2000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameMessageData.exe< vs PO #R58490.exe |
Source: PO #R58490.exe, 00000004.00000002.473573012.0000000000EA0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamemscorrc.dllT vs PO #R58490.exe |
Source: PO #R58490.exe, 00000004.00000002.470468038.0000000000722000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameMessageData.exe< vs PO #R58490.exe |
Source: PO #R58490.exe, 00000004.00000002.469305003.0000000000402000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenamelOQFXsEdnXbPfrLurEHOqbAcVpqnQnZ.exe4 vs PO #R58490.exe |
Source: PO #R58490.exe, 00000004.00000002.470594304.0000000000AF8000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameUNKNOWN_FILET vs PO #R58490.exe |
Source: PO #R58490.exe, 00000004.00000002.473487396.0000000000E40000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamewshom.ocx vs PO #R58490.exe |
Source: PO #R58490.exe, 00000004.00000002.473502616.0000000000E50000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamewshom.ocx.mui vs PO #R58490.exe |
Source: PO #R58490.exe | Binary or memory string: OriginalFilenameMessageData.exe< vs PO #R58490.exe |
Source: PO #R58490.exe, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: PO #R58490.exe, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 1.0.PO #R58490.exe.830000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 1.0.PO #R58490.exe.830000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 1.2.PO #R58490.exe.830000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 1.2.PO #R58490.exe.830000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 2.0.PO #R58490.exe.2c0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 2.0.PO #R58490.exe.2c0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 2.2.PO #R58490.exe.2c0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 2.2.PO #R58490.exe.2c0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 4.2.PO #R58490.exe.400000.0.unpack, A/b2.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 4.2.PO #R58490.exe.400000.0.unpack, A/b2.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: PO #R58490.exe, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | .Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0) |
Source: 1.0.PO #R58490.exe.830000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | .Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0) |
Source: 1.2.PO #R58490.exe.830000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | .Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0) |
Source: 2.0.PO #R58490.exe.2c0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | .Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0) |
Source: 2.2.PO #R58490.exe.2c0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | .Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0) |
Source: 4.2.PO #R58490.exe.640000.1.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | .Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0) |
Source: 4.0.PO #R58490.exe.640000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | .Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0) |
Source: 4.0.PO #R58490.exe.640000.2.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | .Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0) |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00B5A4AA push eax; retf |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00B5ECF0 push ebx; iretd |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00B5C436 push 4800B3DBh; retf |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00B561B0 push edi; iretd |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00B5A5E6 push 9000B3CCh; retf |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00B5EE08 push ebx; iretd |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00B56380 push esp; retf |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00B50B68 push edi; iretd |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00E70034 push esp; iretd |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00E7D55A push ebp; iretd |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00E7B517 push edi; retn 0000h |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00E7D51A push ebp; iretd |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00E7D37E pushfd ; retf |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00F312C0 push esp; iretd |
Source: C:\Users\user\Desktop\PO #R58490.exe | Code function: 4_2_00F31802 push edx; iretd |
Source: PO #R58490.exe, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | High entropy of concatenated method names: '.cctor', 'oDAuwt', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy' |
Source: 1.0.PO #R58490.exe.830000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | High entropy of concatenated method names: '.cctor', 'oDAuwt', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy' |
Source: 1.2.PO #R58490.exe.830000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | High entropy of concatenated method names: '.cctor', 'oDAuwt', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy' |
Source: 2.0.PO #R58490.exe.2c0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | High entropy of concatenated method names: '.cctor', 'oDAuwt', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy' |
Source: 2.2.PO #R58490.exe.2c0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | High entropy of concatenated method names: '.cctor', 'oDAuwt', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy' |
Source: 4.2.PO #R58490.exe.640000.1.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | High entropy of concatenated method names: '.cctor', 'oDAuwt', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy' |
Source: 4.0.PO #R58490.exe.640000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | High entropy of concatenated method names: '.cctor', 'oDAuwt', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy' |
Source: 4.0.PO #R58490.exe.640000.2.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs | High entropy of concatenated method names: '.cctor', 'oDAuwt', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy' |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PO #R58490.exe | Process information set: NOOPENFILEERRORBOX |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: PO #R58490.exe, 00000004.00000002.473441492.0000000000E08000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllCaps |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: VMWARE |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II |
Source: PO #R58490.exe, 00000001.00000002.213317019.0000000002BEF000.00000004.00000001.sdmp | Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: C:\Users\user\Desktop\PO #R58490.exe | Queries volume information: C:\Users\user\Desktop\PO #R58490.exe VolumeInformation |
Source: C:\Users\user\Desktop\PO #R58490.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\Desktop\PO #R58490.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\PO #R58490.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\PO #R58490.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: C:\Users\user\Desktop\PO #R58490.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Source: C:\Users\user\Desktop\PO #R58490.exe | Queries volume information: C:\Users\user\Desktop\PO #R58490.exe VolumeInformation |
Source: C:\Users\user\Desktop\PO #R58490.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\PO #R58490.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\Desktop\PO #R58490.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\PO #R58490.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\PO #R58490.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\PO #R58490.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Source: C:\Users\user\Desktop\PO #R58490.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\PO #R58490.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |