Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.906370490.0000000002CF1000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.906370490.0000000002CF1000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.906370490.0000000002CF1000.00000004.00000001.sdmp |
String found in binary or memory: http://MAwYKI.com |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659605450.0000000002A81000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.907129054.0000000003057000.00000004.00000001.sdmp |
String found in binary or memory: http://smtp.omicronernergy.com |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.907129054.0000000003057000.00000004.00000001.sdmp |
String found in binary or memory: http://us2.smtp.mailhostbox.com |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.906370490.0000000002CF1000.00000004.00000001.sdmp |
String found in binary or memory: https://jLu3b8shjhUe.net |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659984462.0000000003A89000.00000004.00000001.sdmp, NEW-ORDER.(Ref PO-298721).exe, 00000005.00000000.654489875.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.906370490.0000000002CF1000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_005CB7D5 |
1_2_005CB7D5 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C62DD8 |
1_2_05C62DD8 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C6E138 |
1_2_05C6E138 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C614C0 |
1_2_05C614C0 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C6E4A8 |
1_2_05C6E4A8 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C60C70 |
1_2_05C60C70 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C6EBB8 |
1_2_05C6EBB8 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C61EA0 |
1_2_05C61EA0 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C6F240 |
1_2_05C6F240 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C6C5D8 |
1_2_05C6C5D8 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C62D6D |
1_2_05C62D6D |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C6A480 |
1_2_05C6A480 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C65480 |
1_2_05C65480 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C65490 |
1_2_05C65490 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C69098 |
1_2_05C69098 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C63CA8 |
1_2_05C63CA8 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C614B0 |
1_2_05C614B0 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C63CB8 |
1_2_05C63CB8 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C60040 |
1_2_05C60040 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C69040 |
1_2_05C69040 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C65060 |
1_2_05C65060 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C65070 |
1_2_05C65070 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C60007 |
1_2_05C60007 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C647D1 |
1_2_05C647D1 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C647E0 |
1_2_05C647E0 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C69FB8 |
1_2_05C69FB8 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C60BB8 |
1_2_05C60BB8 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C65F70 |
1_2_05C65F70 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C652C8 |
1_2_05C652C8 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C65ED8 |
1_2_05C65ED8 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C6BEE0 |
1_2_05C6BEE0 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C61E90 |
1_2_05C61E90 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C652B9 |
1_2_05C652B9 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C64E59 |
1_2_05C64E59 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C64E68 |
1_2_05C64E68 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_0BEE0040 |
1_2_0BEE0040 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_0BEE0006 |
1_2_0BEE0006 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_005CC915 |
1_2_005CC915 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_0084B7D5 |
5_2_0084B7D5 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00D26CE8 |
5_2_00D26CE8 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00D2C198 |
5_2_00D2C198 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00D27E40 |
5_2_00D27E40 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00D21B68 |
5_2_00D21B68 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00D230F0 |
5_2_00D230F0 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00D200A0 |
5_2_00D200A0 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00D21B16 |
5_2_00D21B16 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00D2DB28 |
5_2_00D2DB28 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00FF5DD8 |
5_2_00FF5DD8 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00FF6510 |
5_2_00FF6510 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00FF57E0 |
5_2_00FF57E0 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00FFE338 |
5_2_00FFE338 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00FF4978 |
5_2_00FF4978 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_011446A0 |
5_2_011446A0 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_0114467D |
5_2_0114467D |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_0114D301 |
5_2_0114D301 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_06041BB8 |
5_2_06041BB8 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_0607C4E0 |
5_2_0607C4E0 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_0607051F |
5_2_0607051F |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_06078D9C |
5_2_06078D9C |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_06075DD0 |
5_2_06075DD0 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_06076C98 |
5_2_06076C98 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_0084C915 |
5_2_0084C915 |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.663759923.000000000BCF0000.00000002.00000001.sdmp |
Binary or memory string: originalfilename vs NEW-ORDER.(Ref PO-298721).exe |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.663759923.000000000BCF0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs NEW-ORDER.(Ref PO-298721).exe |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.663467586.000000000BC00000.00000002.00000001.sdmp |
Binary or memory string: System.OriginalFileName vs NEW-ORDER.(Ref PO-298721).exe |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000000.635637564.0000000000666000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameTraceLoggingTypeInfo.exeH vs NEW-ORDER.(Ref PO-298721).exe |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameKygo.dll* vs NEW-ORDER.(Ref PO-298721).exe |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659984462.0000000003A89000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameZeCZoLumKUlqgLhVTBGayNKBODOczMKnM.exe4 vs NEW-ORDER.(Ref PO-298721).exe |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.660121761.0000000003BD4000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameDSASignature.dll@ vs NEW-ORDER.(Ref PO-298721).exe |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.905124694.0000000001000000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemscorrc.dllT vs NEW-ORDER.(Ref PO-298721).exe |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.909745162.0000000005D30000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs NEW-ORDER.(Ref PO-298721).exe |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.905249891.00000000010B0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamewshom.ocx.mui vs NEW-ORDER.(Ref PO-298721).exe |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.904357562.00000000008E6000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameTraceLoggingTypeInfo.exeH vs NEW-ORDER.(Ref PO-298721).exe |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.904175791.0000000000402000.00000040.00000001.sdmp |
Binary or memory string: OriginalFilenameZeCZoLumKUlqgLhVTBGayNKBODOczMKnM.exe4 vs NEW-ORDER.(Ref PO-298721).exe |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.905222915.00000000010A0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamewshom.ocx vs NEW-ORDER.(Ref PO-298721).exe |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.904471307.0000000000CF8000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameUNKNOWN_FILET vs NEW-ORDER.(Ref PO-298721).exe |
Source: NEW-ORDER.(Ref PO-298721).exe |
Binary or memory string: OriginalFilenameTraceLoggingTypeInfo.exeH vs NEW-ORDER.(Ref PO-298721).exe |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_005C5A3D push es; retf 0000h |
1_2_005C5CE2 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C6684F push esp; iretd |
1_2_05C66851 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C66859 push esp; iretd |
1_2_05C6685B |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C676A9 push ebx; iretd |
1_2_05C676AB |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 1_2_05C676B3 push ebx; iretd |
1_2_05C676B5 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00845A3D push es; retf 0000h |
5_2_00845CE2 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00FFD458 pushad ; retf |
5_2_00FFD459 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00FFD44C pushad ; retf |
5_2_00FFD455 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Code function: 5_2_00FFB5FF push edi; retn 0000h |
5_2_00FFB601 |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.909745162.0000000005D30000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: VMWARE |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.909745162.0000000005D30000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.909745162.0000000005D30000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000001.00000002.659659639.0000000002AC2000.00000004.00000001.sdmp |
Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.904938331.0000000000F5D000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: NEW-ORDER.(Ref PO-298721).exe, 00000005.00000002.909745162.0000000005D30000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Queries volume information: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Queries volume information: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\NEW-ORDER.(Ref PO-298721).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 00000005.00000000.654489875.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.659984462.0000000003A89000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000002.904175791.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000002.906370490.0000000002CF1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: NEW-ORDER.(Ref PO-298721).exe PID: 4672, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: NEW-ORDER.(Ref PO-298721).exe PID: 7060, type: MEMORY |
Source: Yara match |
File source: 5.2.NEW-ORDER.(Ref PO-298721).exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 5.0.NEW-ORDER.(Ref PO-298721).exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.NEW-ORDER.(Ref PO-298721).exe.3b493e0.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.NEW-ORDER.(Ref PO-298721).exe.3b493e0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.NEW-ORDER.(Ref PO-298721).exe.3a89930.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000005.00000000.654489875.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.659984462.0000000003A89000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000002.904175791.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000002.906370490.0000000002CF1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: NEW-ORDER.(Ref PO-298721).exe PID: 4672, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: NEW-ORDER.(Ref PO-298721).exe PID: 7060, type: MEMORY |
Source: Yara match |
File source: 5.2.NEW-ORDER.(Ref PO-298721).exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 5.0.NEW-ORDER.(Ref PO-298721).exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.NEW-ORDER.(Ref PO-298721).exe.3b493e0.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.NEW-ORDER.(Ref PO-298721).exe.3b493e0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.NEW-ORDER.(Ref PO-298721).exe.3a89930.2.raw.unpack, type: UNPACKEDPE |