Source: 3.2.Waybilldoc_220950655.pdf.exe.400000.0.unpack | Avira: Label: TR/Spy.Gen8 |
Source: 3.0.Waybilldoc_220950655.pdf.exe.400000.10.unpack | Avira: Label: TR/Spy.Gen8 |
Source: 3.0.Waybilldoc_220950655.pdf.exe.400000.8.unpack | Avira: Label: TR/Spy.Gen8 |
Source: 3.0.Waybilldoc_220950655.pdf.exe.400000.4.unpack | Avira: Label: TR/Spy.Gen8 |
Source: 3.0.Waybilldoc_220950655.pdf.exe.400000.12.unpack | Avira: Label: TR/Spy.Gen8 |
Source: 3.0.Waybilldoc_220950655.pdf.exe.400000.6.unpack | Avira: Label: TR/Spy.Gen8 |
Source: Waybilldoc_220950655.pdf.exe, 00000003.00000002.547694451.0000000003091000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: Waybilldoc_220950655.pdf.exe, 00000003.00000002.547694451.0000000003091000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: Waybilldoc_220950655.pdf.exe, 00000003.00000002.547694451.0000000003091000.00000004.00000001.sdmp | String found in binary or memory: http://uArhJl.com |
Source: Waybilldoc_220950655.pdf.exe, 00000001.00000002.286150173.0000000003879000.00000004.00000001.sdmp, Waybilldoc_220950655.pdf.exe, 00000003.00000000.282755212.0000000000402000.00000040.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: Waybilldoc_220950655.pdf.exe, 00000003.00000002.547694451.0000000003091000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: 3.2.Waybilldoc_220950655.pdf.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007b576C0370u002dDCAFu002d423Eu002d8F1Fu002d624A7F18491Cu007d/u00364BA41D5u002dAF46u002d4AFCu002d9FA5u002dE8F45566EA94.cs | Large array initialization: .cctor: array initializer size 11787 |
Source: 3.0.Waybilldoc_220950655.pdf.exe.400000.10.unpack, u003cPrivateImplementationDetailsu003eu007b576C0370u002dDCAFu002d423Eu002d8F1Fu002d624A7F18491Cu007d/u00364BA41D5u002dAF46u002d4AFCu002d9FA5u002dE8F45566EA94.cs | Large array initialization: .cctor: array initializer size 11787 |
Source: 3.0.Waybilldoc_220950655.pdf.exe.400000.8.unpack, u003cPrivateImplementationDetailsu003eu007b576C0370u002dDCAFu002d423Eu002d8F1Fu002d624A7F18491Cu007d/u00364BA41D5u002dAF46u002d4AFCu002d9FA5u002dE8F45566EA94.cs | Large array initialization: .cctor: array initializer size 11787 |
Source: 3.0.Waybilldoc_220950655.pdf.exe.400000.4.unpack, u003cPrivateImplementationDetailsu003eu007b576C0370u002dDCAFu002d423Eu002d8F1Fu002d624A7F18491Cu007d/u00364BA41D5u002dAF46u002d4AFCu002d9FA5u002dE8F45566EA94.cs | Large array initialization: .cctor: array initializer size 11787 |
Source: 3.0.Waybilldoc_220950655.pdf.exe.400000.12.unpack, u003cPrivateImplementationDetailsu003eu007b576C0370u002dDCAFu002d423Eu002d8F1Fu002d624A7F18491Cu007d/u00364BA41D5u002dAF46u002d4AFCu002d9FA5u002dE8F45566EA94.cs | Large array initialization: .cctor: array initializer size 11787 |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Code function: 1_2_00C8C6D4 | 1_2_00C8C6D4 |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Code function: 1_2_00C8EB08 | 1_2_00C8EB08 |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Code function: 1_2_00C8EB18 | 1_2_00C8EB18 |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Code function: 1_2_04CEEF88 | 1_2_04CEEF88 |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Code function: 1_2_04CEEF90 | 1_2_04CEEF90 |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Code function: 3_2_014B1438 | 3_2_014B1438 |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Code function: 3_2_015646A0 | 3_2_015646A0 |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Code function: 3_2_015645B0 | 3_2_015645B0 |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Code function: 3_2_0156DA00 | 3_2_0156DA00 |
Source: Waybilldoc_220950655.pdf.exe | Binary or memory string: OriginalFilename vs Waybilldoc_220950655.pdf.exe |
Source: Waybilldoc_220950655.pdf.exe, 00000001.00000002.285254478.0000000002871000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameInnerException.dll" vs Waybilldoc_220950655.pdf.exe |
Source: Waybilldoc_220950655.pdf.exe, 00000001.00000002.285254478.0000000002871000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamegupTdBQVaomyfnIgAVHNNfxuAxDWRnFw.exe4 vs Waybilldoc_220950655.pdf.exe |
Source: Waybilldoc_220950655.pdf.exe, 00000001.00000002.284429418.0000000000402000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenamePropertyIn.exe4 vs Waybilldoc_220950655.pdf.exe |
Source: Waybilldoc_220950655.pdf.exe, 00000001.00000002.286150173.0000000003879000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamegupTdBQVaomyfnIgAVHNNfxuAxDWRnFw.exe4 vs Waybilldoc_220950655.pdf.exe |
Source: Waybilldoc_220950655.pdf.exe, 00000001.00000002.286150173.0000000003879000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameUI.dllF vs Waybilldoc_220950655.pdf.exe |
Source: Waybilldoc_220950655.pdf.exe, 00000001.00000002.288796065.0000000005B50000.00000004.00020000.sdmp | Binary or memory string: OriginalFilenameUI.dllF vs Waybilldoc_220950655.pdf.exe |
Source: Waybilldoc_220950655.pdf.exe | Binary or memory string: OriginalFilename vs Waybilldoc_220950655.pdf.exe |
Source: Waybilldoc_220950655.pdf.exe, 00000003.00000000.283379090.0000000000CD2000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenamePropertyIn.exe4 vs Waybilldoc_220950655.pdf.exe |
Source: Waybilldoc_220950655.pdf.exe, 00000003.00000002.544853027.0000000000438000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenamegupTdBQVaomyfnIgAVHNNfxuAxDWRnFw.exe4 vs Waybilldoc_220950655.pdf.exe |
Source: Waybilldoc_220950655.pdf.exe, 00000003.00000002.545500522.00000000010F8000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameUNKNOWN_FILET vs Waybilldoc_220950655.pdf.exe |
Source: Waybilldoc_220950655.pdf.exe | Binary or memory string: OriginalFilenamePropertyIn.exe4 vs Waybilldoc_220950655.pdf.exe |
Source: 3.2.Waybilldoc_220950655.pdf.exe.400000.0.unpack, A/b2.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 3.2.Waybilldoc_220950655.pdf.exe.400000.0.unpack, A/b2.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 3.0.Waybilldoc_220950655.pdf.exe.400000.10.unpack, A/b2.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 3.0.Waybilldoc_220950655.pdf.exe.400000.10.unpack, A/b2.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 3.0.Waybilldoc_220950655.pdf.exe.400000.8.unpack, A/b2.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 3.0.Waybilldoc_220950655.pdf.exe.400000.8.unpack, A/b2.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: Waybilldoc_220950655.pdf.exe, HX/Gr.cs | .Net Code: zG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 1.2.Waybilldoc_220950655.pdf.exe.400000.0.unpack, HX/Gr.cs | .Net Code: zG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 1.0.Waybilldoc_220950655.pdf.exe.400000.0.unpack, HX/Gr.cs | .Net Code: zG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 3.0.Waybilldoc_220950655.pdf.exe.cd0000.9.unpack, HX/Gr.cs | .Net Code: zG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 3.0.Waybilldoc_220950655.pdf.exe.cd0000.7.unpack, HX/Gr.cs | .Net Code: zG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 3.0.Waybilldoc_220950655.pdf.exe.cd0000.5.unpack, HX/Gr.cs | .Net Code: zG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 3.0.Waybilldoc_220950655.pdf.exe.cd0000.3.unpack, HX/Gr.cs | .Net Code: zG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 3.0.Waybilldoc_220950655.pdf.exe.cd0000.1.unpack, HX/Gr.cs | .Net Code: zG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 3.0.Waybilldoc_220950655.pdf.exe.cd0000.2.unpack, HX/Gr.cs | .Net Code: zG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 3.0.Waybilldoc_220950655.pdf.exe.cd0000.11.unpack, HX/Gr.cs | .Net Code: zG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 3.2.Waybilldoc_220950655.pdf.exe.cd0000.1.unpack, HX/Gr.cs | .Net Code: zG System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: Waybilldoc_220950655.pdf.exe, 00000001.00000002.285322085.00000000028AD000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath " |
Source: Waybilldoc_220950655.pdf.exe, 00000001.00000002.285322085.00000000028AD000.00000004.00000001.sdmp | Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Waybilldoc_220950655.pdf.exe, 00000001.00000002.285322085.00000000028AD000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: Waybilldoc_220950655.pdf.exe, 00000001.00000002.288796065.0000000005B50000.00000004.00020000.sdmp | Binary or memory string: dcZtPLJoVMcibUETQAN |
Source: Waybilldoc_220950655.pdf.exe, 00000001.00000002.285322085.00000000028AD000.00000004.00000001.sdmp | Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Waybilldoc_220950655.pdf.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: Yara match | File source: 1.2.Waybilldoc_220950655.pdf.exe.38d3790.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.Waybilldoc_220950655.pdf.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Waybilldoc_220950655.pdf.exe.3908fb0.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.Waybilldoc_220950655.pdf.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.Waybilldoc_220950655.pdf.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.Waybilldoc_220950655.pdf.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.Waybilldoc_220950655.pdf.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.Waybilldoc_220950655.pdf.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Waybilldoc_220950655.pdf.exe.3908fb0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Waybilldoc_220950655.pdf.exe.38d3790.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000000.282755212.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.281746367.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.282312678.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.544593892.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.283323027.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.286150173.0000000003879000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.547694451.0000000003091000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: Waybilldoc_220950655.pdf.exe PID: 7004, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: Waybilldoc_220950655.pdf.exe PID: 7124, type: MEMORYSTR |
Source: Yara match | File source: 1.2.Waybilldoc_220950655.pdf.exe.38d3790.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.Waybilldoc_220950655.pdf.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Waybilldoc_220950655.pdf.exe.3908fb0.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.Waybilldoc_220950655.pdf.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.Waybilldoc_220950655.pdf.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.Waybilldoc_220950655.pdf.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.Waybilldoc_220950655.pdf.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.Waybilldoc_220950655.pdf.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Waybilldoc_220950655.pdf.exe.3908fb0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Waybilldoc_220950655.pdf.exe.38d3790.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000000.282755212.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.281746367.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.282312678.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.544593892.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.283323027.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.286150173.0000000003879000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.547694451.0000000003091000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: Waybilldoc_220950655.pdf.exe PID: 7004, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: Waybilldoc_220950655.pdf.exe PID: 7124, type: MEMORYSTR |