{"Config: ": ["00000000 -> Raccoon | 1.7.3", "Build compile date: Sat Feb 27 21:25:06 2021", "Launched at: 2021.04.09 - 01:46:41 GMT", "Bot_ID: D06ED635-68F6-4E9A-955C-4899F5F57B9A_user", "Running on a desktop", "-------------", "- Cookies: 1", "- Passwords: 0", "- Files: 0", "System Information:", "- System Language: English", "- System TimeZone: -8 hrs", "- IP: 185.32.222.8", "- Location: 47.431301, 8.562700 | Glattbrugg, Zurich, Switzerland (8152)", "- ComputerName: 123716", "- Username: user", "- Windows version: NT 10.0", "- Product name: Windows 10 Pro", "- System arch: x64", "- CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (4 cores)", "- RAM: 8191 MB (8125 MB used)", "- Screen resolution: 1280x1024", "- Display devices:", "0) Microsoft Basic Display Adapter", "-------------", "Installed Apps:", "Adobe Acrobat Reader DC (19.012.20035)", "Google Chrome (85.0.4183.121)", "Google Update Helper (1.3.35.451)", "Java 8 Update 211 (8.0.2110.12)", "Java Auto Updater (2.8.211.12)", "Update for Skype for Business 2016 (KB4484286) 32-Bit Edition", "-------------"]}
Source: machineinfo.txt.2.dr.binstr | Malware Configuration Extractor: Raccoon Stealer {"Config: ": ["00000000 -> Raccoon | 1.7.3", "Build compile date: Sat Feb 27 21:25:06 2021", "Launched at: 2021.04.09 - 01:46:41 GMT", "Bot_ID: D06ED635-68F6-4E9A-955C-4899F5F57B9A_user", "Running on a desktop", "-------------", "- Cookies: 1", "- Passwords: 0", "- Files: 0", "System Information:", "- System Language: English", "- System TimeZone: -8 hrs", "- IP: 185.32.222.8", "- Location: 47.431301, 8.562700 | Glattbrugg, Zurich, Switzerland (8152)", "- ComputerName: 123716", "- Username: user", "- Windows version: NT 10.0", "- Product name: Windows 10 Pro", "- System arch: x64", "- CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (4 cores)", "- RAM: 8191 MB (8125 MB used)", "- Screen resolution: 1280x1024", "- Display devices:", "0) Microsoft Basic Display Adapter", "-------------", "Installed Apps:", "Adobe Acrobat Reader DC (19.012.20035)", "Google Chrome (85.0.4183.121)", "Google Update Helper (1.3.35.451)", "Java 8 Update 211 (8.0.2110.12)", "Java Auto Updater (2.8.211.12)", "Update for Skype for Business 2016 (KB4484286) 32-Bit Edition", "-------------"]} |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3.dll.2.dr |
Source: | Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\gfx\angle\targets\libEGL\libEGL.pdb source: libEGL.dll.2.dr |
Source: | Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb source: IA2Marshal.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libprldap\prldap60.pdb source: prldap60.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss3.pdb source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317531184.000000006D9A0000.00000002.00020000.sdmp, nss3.dll.2.dr |
Source: | Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.2.dr |
Source: | Binary string: ucrtbase.pdb source: ucrtbase.dll.2.dr |
Source: | Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdb source: ldap60.dll.2.dr |
Source: | Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.2.dr |
Source: | Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb source: nssckbi.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317274043.000000006D879000.00000002.00020000.sdmp, mozglue.dll.2.dr |
Source: | Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3.dll.2.dr |
Source: | Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\ipc\win\handler\AccessibleHandler.pdb source: AccessibleHandler.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: nssdbm3.dll.2.dr |
Source: | Binary string: msvcp140.i386.pdb source: msvcp140.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapihook\build\MapiProxy.pdb source: MapiProxy.dll.2.dr |
Source: | Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.2.dr |
Source: | Binary string: ucrtbase.pdbUGP source: ucrtbase.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdbUU source: ldap60.dll.2.dr |
Source: | Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb66 source: nssckbi.dll.2.dr |
Source: | Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb<< source: IA2Marshal.dll.2.dr |
Source: | Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317274043.000000006D879000.00000002.00020000.sdmp, mozglue.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\library\dummydll\qipcap.pdb source: qipcap.dll.2.dr |
Source: | Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.2.dr |
Source: | Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.2.dr |
Source: | Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.2.dr |
Source: | Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapiDLL\mozMapi32.pdb source: mozMapi32.dll.2.dr |
Source: | Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.2.dr |
Source: | Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.2.dr |
Source: | Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldif\ldif60.pdb source: ldif60.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\config\external\lgpllibs\lgpllibs.pdb source: lgpllibs.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\msaa\AccessibleMarshal.pdb source: AccessibleMarshal.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: nssdbm3.dll.2.dr |
Source: | Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\crashreporter\injector\breakpadinjector.pdb source: breakpadinjector.dll.2.dr |
Source: | Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.2.dr |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\ |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\ |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\ |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\ |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\ |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\ |
Source: nss3.dll.2.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: nss3.dll.2.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://crl.securetrust.com/SGCA.crl0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://crl.securetrust.com/STCA.crl0 |
Source: nss3.dll.2.dr | String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0 |
Source: nss3.dll.2.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: nss3.dll.2.dr | String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: nss3.dll.2.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: nss3.dll.2.dr | String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://ocsp.accv.es0 |
Source: nss3.dll.2.dr | String found in binary or memory: http://ocsp.digicert.com0C |
Source: nss3.dll.2.dr | String found in binary or memory: http://ocsp.digicert.com0N |
Source: nss3.dll.2.dr | String found in binary or memory: http://ocsp.thawte.com0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://policy.camerfirma.com0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://repository.swisssign.com/0 |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.313628670.000000000090E000.00000004.00000020.sdmp | String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico |
Source: nss3.dll.2.dr | String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: nss3.dll.2.dr | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: nss3.dll.2.dr | String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://www.accv.es/legislacion_c.htm0U |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://www.accv.es00 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://www.cert.fnmt.es/dpcs/0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://www.certicamara.com/dpc/0Z |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://www.certplus.com/CRL/class2.crl0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://www.chambersign.org1 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://www.firmaprofesional.com/cps0 |
Source: mozglue.dll.2.dr | String found in binary or memory: http://www.mozilla.com/en-US/blocklist/ |
Source: nss3.dll.2.dr | String found in binary or memory: http://www.mozilla.com0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://www.quovadis.bm0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://www.quovadisglobal.com/cps0 |
Source: sqlite3.dll.2.dr | String found in binary or memory: http://www.sqlite.org/copyright.html. |
Source: nssckbi.dll.2.dr | String found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000003.302815241.000000001E191000.00000004.00000001.sdmp, RYwTiizs2t.2.dr | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000003.302815241.000000001E191000.00000004.00000001.sdmp, RYwTiizs2t.2.dr | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.313364575.0000000000561000.00000040.00000001.sdmp | String found in binary or memory: https://drive.google.com/uc?export=download&id=1sutNyIkGC4qW-TBVnnvzM8UZ9thch0vZ |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000003.302815241.000000001E191000.00000004.00000001.sdmp, RYwTiizs2t.2.dr | String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000003.302815241.000000001E191000.00000004.00000001.sdmp, RYwTiizs2t.2.dr | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000003.302815241.000000001E191000.00000004.00000001.sdmp, RYwTiizs2t.2.dr | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: nssckbi.dll.2.dr | String found in binary or memory: https://ocsp.quovadisoffshore.com0 |
Source: nssckbi.dll.2.dr | String found in binary or memory: https://repository.luxtrust.lu0 |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000003.302815241.000000001E191000.00000004.00000001.sdmp, RYwTiizs2t.2.dr | String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000003.302815241.000000001E191000.00000004.00000001.sdmp, RYwTiizs2t.2.dr | String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.313628670.000000000090E000.00000004.00000020.sdmp | String found in binary or memory: https://shehootastayonwhatshelirned.top/ |
Source: nssckbi.dll.2.dr | String found in binary or memory: https://www.catcert.net/verarrel |
Source: nssckbi.dll.2.dr | String found in binary or memory: https://www.catcert.net/verarrel05 |
Source: nss3.dll.2.dr | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.313628670.000000000090E000.00000004.00000020.sdmp | String found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000003.302815241.000000001E191000.00000004.00000001.sdmp, RYwTiizs2t.2.dr | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_020F0405 EnumWindows,NtSetInformationThread, |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_020F4E3B NtProtectVirtualMemory, |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_020F524D NtSetInformationThread,NtResumeThread, |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_020F1E97 NtWriteVirtualMemory, |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_020F04EB NtSetInformationThread, |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_020F11BB NtSetInformationThread, |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_020F4DD5 NtProtectVirtualMemory, |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000000.00000000.225582009.000000000041A000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameUdlgni4.exe vs SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317097027.0000000066BD0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.316993403.000000001E160000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamenlsbres.dllj% vs SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.316942868.000000001DD80000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamemswsock.dll.muij% vs SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317297784.000000006D882000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenamemozglue.dll8 vs SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317595619.000000006D9DB000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenamenss3.dll8 vs SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.316959971.000000001DED0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317004200.000000001E170000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamenlsbres.dll.muij% vs SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000000.249007512.000000000041A000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameUdlgni4.exe vs SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Binary or memory string: OriginalFilenameUdlgni4.exe vs SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe |
Source: softokn3.dll.2.dr | Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2); |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317531184.000000006D9A0000.00000002.00020000.sdmp, nss3.dll.2.dr | Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q); |
Source: softokn3.dll.2.dr | Binary or memory string: SELECT ALL %s FROM %s WHERE id=$ID; |
Source: softokn3.dll.2.dr | Binary or memory string: SELECT ALL * FROM %s LIMIT 0; |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317531184.000000006D9A0000.00000002.00020000.sdmp, nss3.dll.2.dr | Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB); |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317531184.000000006D9A0000.00000002.00020000.sdmp, nss3.dll.2.dr | Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);docid INTEGER PRIMARY KEY%z, 'c%d%q'%z, langidCREATE TABLE %Q.'%q_content'(%s)CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);< |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317531184.000000006D9A0000.00000002.00020000.sdmp, nss3.dll.2.dr | Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB); |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317531184.000000006D9A0000.00000002.00020000.sdmp, nss3.dll.2.dr | Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx)); |
Source: softokn3.dll.2.dr | Binary or memory string: UPDATE %s SET %s WHERE id=$ID; |
Source: softokn3.dll.2.dr | Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID; |
Source: softokn3.dll.2.dr | Binary or memory string: SELECT ALL id FROM %s WHERE %s; |
Source: softokn3.dll.2.dr | Binary or memory string: SELECT ALL id FROM %s; |
Source: softokn3.dll.2.dr | Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1); |
Source: sqlite3.dll.2.dr | Binary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: softokn3.dll.2.dr | Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s); |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317531184.000000006D9A0000.00000002.00020000.sdmp, nss3.dll.2.dr | Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317531184.000000006D9A0000.00000002.00020000.sdmp, nss3.dll.2.dr | Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s; |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317531184.000000006D9A0000.00000002.00020000.sdmp, nss3.dll.2.dr | Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB); |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317531184.000000006D9A0000.00000002.00020000.sdmp, nss3.dll.2.dr | Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */); |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317531184.000000006D9A0000.00000002.00020000.sdmp, nss3.dll.2.dr | Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: softokn3.dll.2.dr | Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2); |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317531184.000000006D9A0000.00000002.00020000.sdmp, nss3.dll.2.dr | Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);/overflow%s%.3x+%.6x%s%.3x/internalleafcorruptedno such schema: %sSELECT 'sqlite_master' AS name, 1 AS rootpage, 'table' AS type UNION ALL SELECT name, rootpage, type FROM "%w".%s WHERE rootpage!=0 ORDER BY namedbstat2018-01-22 18:45:57 0c55d179733b46d8d0ba4d88e01a25e10677046ee3da1d5b1581e86726f2171d: |
Source: sqlite3.dll.2.dr | Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode); |
Source: unknown | Process created: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe 'C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe' |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Process created: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe 'C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe' |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe' |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Process created: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe 'C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe' |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe' |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3.dll.2.dr |
Source: | Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\gfx\angle\targets\libEGL\libEGL.pdb source: libEGL.dll.2.dr |
Source: | Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb source: IA2Marshal.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libprldap\prldap60.pdb source: prldap60.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss3.pdb source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317531184.000000006D9A0000.00000002.00020000.sdmp, nss3.dll.2.dr |
Source: | Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.2.dr |
Source: | Binary string: ucrtbase.pdb source: ucrtbase.dll.2.dr |
Source: | Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdb source: ldap60.dll.2.dr |
Source: | Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.2.dr |
Source: | Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb source: nssckbi.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317274043.000000006D879000.00000002.00020000.sdmp, mozglue.dll.2.dr |
Source: | Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3.dll.2.dr |
Source: | Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\ipc\win\handler\AccessibleHandler.pdb source: AccessibleHandler.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: nssdbm3.dll.2.dr |
Source: | Binary string: msvcp140.i386.pdb source: msvcp140.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapihook\build\MapiProxy.pdb source: MapiProxy.dll.2.dr |
Source: | Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.2.dr |
Source: | Binary string: ucrtbase.pdbUGP source: ucrtbase.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdbUU source: ldap60.dll.2.dr |
Source: | Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb66 source: nssckbi.dll.2.dr |
Source: | Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb<< source: IA2Marshal.dll.2.dr |
Source: | Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317274043.000000006D879000.00000002.00020000.sdmp, mozglue.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\library\dummydll\qipcap.pdb source: qipcap.dll.2.dr |
Source: | Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.2.dr |
Source: | Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.2.dr |
Source: | Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.2.dr |
Source: | Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapiDLL\mozMapi32.pdb source: mozMapi32.dll.2.dr |
Source: | Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.2.dr |
Source: | Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.2.dr |
Source: | Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldif\ldif60.pdb source: ldif60.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\config\external\lgpllibs\lgpllibs.pdb source: lgpllibs.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\msaa\AccessibleMarshal.pdb source: AccessibleMarshal.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: nssdbm3.dll.2.dr |
Source: | Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.2.dr |
Source: | Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\crashreporter\injector\breakpadinjector.pdb source: breakpadinjector.dll.2.dr |
Source: | Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.2.dr |
Source: | Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.2.dr |
Source: sqlite3.dll.2.dr | Static PE information: section name: /4 |
Source: sqlite3.dll.2.dr | Static PE information: section name: /19 |
Source: sqlite3.dll.2.dr | Static PE information: section name: /31 |
Source: sqlite3.dll.2.dr | Static PE information: section name: /45 |
Source: sqlite3.dll.2.dr | Static PE information: section name: /57 |
Source: sqlite3.dll.2.dr | Static PE information: section name: /70 |
Source: sqlite3.dll.2.dr | Static PE information: section name: /81 |
Source: sqlite3.dll.2.dr | Static PE information: section name: /92 |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_00402462 pushfd ; iretd |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_0040327E push dword ptr [edi-4B012F33h]; retf |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_00402492 pushfd ; iretd |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_00402696 pushfd ; iretd |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_00402F6D pushfd ; iretd |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_00403700 push fs; ret |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_00403326 pushfd ; iretd |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_004051DC pushfd ; iretd |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_004043DD pushfd ; iretd |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 2_2_6D878646 push ecx; ret |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-private-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-namedpipe-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-locale-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\vcruntime140.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\nss3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-localization-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\lgpllibs.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-util-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\sqlite3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\qipcap.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\libEGL.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\mozMapi32.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-stdio-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\MapiProxy_InUse.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-time-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processenvironment-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-file-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\breakpadinjector.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\mozglue.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\msvcp140.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-string-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-utility-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleHandler.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-memory-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-synch-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-rtlsupport-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\ldif60.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-file-l2-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\freebl3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-synch-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-process-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-string-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-interlocked-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processthreads-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\IA2Marshal.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-filesystem-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-timezone-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\nssdbm3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-heap-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-sysinfo-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\prldap60.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-conio-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processthreads-l1-1-1.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\ldap60.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-libraryloader-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\mozMapi32_InUse.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-heap-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-math-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-runtime-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\ucrtbase.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\nssckbi.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-multibyte-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-handle-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleMarshal.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-environment-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\MapiProxy.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\softokn3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-convert-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File created: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-profile-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\timeout.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\timeout.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | RDTSC instruction interceptor: First address: 00000000020F44C9 second address: 00000000020F44C9 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F98ECACAE88h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d cmp al, AAh 0x0000001f add edi, edx 0x00000021 dec dword ptr [ebp+000000F8h] 0x00000027 cmp dword ptr [ebp+000000F8h], 00000000h 0x0000002e jne 00007F98ECACAE65h 0x00000030 test bx, dx 0x00000033 test eax, edx 0x00000035 call 00007F98ECACAF42h 0x0000003a call 00007F98ECACAE98h 0x0000003f lfence 0x00000042 mov edx, dword ptr [7FFE0014h] 0x00000048 lfence 0x0000004b ret 0x0000004c mov esi, edx 0x0000004e pushad 0x0000004f rdtsc |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File opened: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File opened: C:\Program Files\qga\qga.exe |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File opened: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File opened: C:\Program Files\qga\qga.exe |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | RDTSC instruction interceptor: First address: 00000000020F44C9 second address: 00000000020F44C9 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F98ECACAE88h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d cmp al, AAh 0x0000001f add edi, edx 0x00000021 dec dword ptr [ebp+000000F8h] 0x00000027 cmp dword ptr [ebp+000000F8h], 00000000h 0x0000002e jne 00007F98ECACAE65h 0x00000030 test bx, dx 0x00000033 test eax, edx 0x00000035 call 00007F98ECACAF42h 0x0000003a call 00007F98ECACAE98h 0x0000003f lfence 0x00000042 mov edx, dword ptr [7FFE0014h] 0x00000048 lfence 0x0000004b ret 0x0000004c mov esi, edx 0x0000004e pushad 0x0000004f rdtsc |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | RDTSC instruction interceptor: First address: 00000000020F44E9 second address: 00000000020F44E9 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F98ECA5FF89h 0x0000001d popad 0x0000001e call 00007F98ECA5FCC1h 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | RDTSC instruction interceptor: First address: 00000000020F0739 second address: 00000000020F0632 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 pop esi 0x00000004 cmp eax, 7C8AA9FDh 0x00000009 je 00007F98ECACEEE5h 0x0000000f cmp eax, 9B8FFB51h 0x00000014 je 00007F98ECACEEDAh 0x0000001a test cx, dx 0x0000001d cmp eax, 555E1691h 0x00000022 je 00007F98ECACEECCh 0x00000028 cmp eax, CE81C85Dh 0x0000002d je 00007F98ECACEEC1h 0x00000033 test ecx, eax 0x00000035 inc esi 0x00000036 cmp eax, ebx 0x00000038 cmp esi, 000000FFh 0x0000003e jne 00007F98ECACAD29h 0x00000044 mov edi, dword ptr [ebp+20h] 0x00000047 add edi, 00010000h 0x0000004d cmp ecx, edx 0x0000004f push edi 0x00000050 pushad 0x00000051 mov ebx, 000000A1h 0x00000056 rdtsc |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | RDTSC instruction interceptor: First address: 00000000020F07CD second address: 00000000020F52F2 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 push 00000000h 0x00000005 push 00000000h 0x00000007 test cx, dx 0x0000000a push eax 0x0000000b call 00007F98ECA64620h 0x00000010 call 00007F98ECA5FBB5h 0x00000015 pop ebx 0x00000016 sub ebx, 05h 0x00000019 jmp 00007F98ECA5FC4Dh 0x0000001e pushad 0x0000001f lfence 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | RDTSC instruction interceptor: First address: 00000000020F09E6 second address: 00000000020F52F2 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 mov edx, ebp 0x00000005 add edx, 0000009Ch 0x0000000b test cx, dx 0x0000000e push edx 0x0000000f push 00000007h 0x00000011 push FFFFFFFFh 0x00000013 test ecx, eax 0x00000015 push eax 0x00000016 cmp eax, ebx 0x00000018 call 00007F98ECACF6CAh 0x0000001d call 00007F98ECACAE85h 0x00000022 pop ebx 0x00000023 sub ebx, 05h 0x00000026 jmp 00007F98ECACAF1Dh 0x0000002b pushad 0x0000002c lfence 0x0000002f rdtsc |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | RDTSC instruction interceptor: First address: 00000000020F1EF8 second address: 00000000020F52F2 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b push dword ptr [ebp+4Ch] 0x0000000e cmp ax, dx 0x00000011 call 00007F98ECA61B38h 0x00000016 cmp ax, bx 0x00000019 mov eax, dword ptr fs:[00000030h] 0x0000001f cld 0x00000020 mov eax, dword ptr [eax+10h] 0x00000023 mov eax, dword ptr [eax+3Ch] 0x00000026 ret 0x00000027 push eax 0x00000028 push 00000000h 0x0000002a cmp eax, ecx 0x0000002c push dword ptr [ebp+50h] 0x0000002f call 00007F98ECA62EE2h 0x00000034 call 00007F98ECA5FBB5h 0x00000039 pop ebx 0x0000003a sub ebx, 05h 0x0000003d jmp 00007F98ECA5FC4Dh 0x00000042 pushad 0x00000043 lfence 0x00000046 rdtsc |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | RDTSC instruction interceptor: First address: 00000000020F20A6 second address: 00000000020F52F2 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov dword ptr [edi+14h], 00000000h 0x00000012 cmp ax, dx 0x00000015 cmp eax, ecx 0x00000017 push 00000000h 0x00000019 push 00000001h 0x0000001b cmp ebx, 3BD0C633h 0x00000021 sub edi, 20h 0x00000024 push edi 0x00000025 cmp ah, bh 0x00000027 add edi, 20h 0x0000002a push edi 0x0000002b cmp al, dl 0x0000002d push 00000001h 0x0000002f mov dword ptr [ebp+0000010Ch], 00000000h 0x00000039 mov eax, ebp 0x0000003b test cx, cx 0x0000003e add eax, 0000010Ch 0x00000043 push eax 0x00000044 push dword ptr [ebp+000000FCh] 0x0000004a call 00007F98ECACDFD8h 0x0000004f call 00007F98ECACAE85h 0x00000054 pop ebx 0x00000055 sub ebx, 05h 0x00000058 jmp 00007F98ECACAF1Dh 0x0000005d pushad 0x0000005e lfence 0x00000061 rdtsc |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | RDTSC instruction interceptor: First address: 00000000020F2149 second address: 00000000020F52F2 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov edi, dword ptr [ebp+20h] 0x0000000e cmp ax, dx 0x00000011 push 00000004h 0x00000013 push 00000000h 0x00000015 push 00000002h 0x00000017 cmp eax, ecx 0x00000019 mov eax, ebp 0x0000001b add eax, 00000100h 0x00000020 mov dword ptr [eax], 00000000h 0x00000026 cmp ebx, 26C6D910h 0x0000002c push eax 0x0000002d cmp ah, bh 0x0000002f push 00000000h 0x00000031 cmp al, dl 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 mov eax, ebp 0x00000039 test cx, cx 0x0000003c add eax, 00000104h 0x00000041 mov dword ptr [eax], 00400000h 0x00000047 push eax 0x00000048 push dword ptr [edi+00000800h] 0x0000004e push dword ptr [ebp+00000108h] 0x00000054 push dword ptr [ebp+3Ch] 0x00000057 call 00007F98ECA62C58h 0x0000005c call 00007F98ECA5FBB5h 0x00000061 pop ebx 0x00000062 sub ebx, 05h 0x00000065 jmp 00007F98ECA5FC4Dh 0x0000006a pushad 0x0000006b lfence 0x0000006e rdtsc |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | RDTSC instruction interceptor: First address: 00000000020F2338 second address: 00000000020F52F2 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov ecx, dword ptr [ebp+20h] 0x0000000e cmp ax, dx 0x00000011 add ecx, 00004100h 0x00000017 mov dword ptr [ecx], 00010007h 0x0000001d cmp eax, ecx 0x0000001f push ecx 0x00000020 push dword ptr [edi+00000804h] 0x00000026 cmp ebx, 0E80C626h 0x0000002c push dword ptr [ebp+28h] 0x0000002f cmp ah, bh 0x00000031 call 00007F98ECACDD5Fh 0x00000036 call 00007F98ECACAE85h 0x0000003b pop ebx 0x0000003c sub ebx, 05h 0x0000003f jmp 00007F98ECACAF1Dh 0x00000044 pushad 0x00000045 lfence 0x00000048 rdtsc |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | RDTSC instruction interceptor: First address: 00000000005644E9 second address: 00000000005644E9 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F98ECA5FF89h 0x0000001d popad 0x0000001e call 00007F98ECA5FCC1h 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | RDTSC instruction interceptor: First address: 0000000000560739 second address: 0000000000560632 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 pop esi 0x00000004 cmp eax, 7C8AA9FDh 0x00000009 je 00007F98ECACEEE5h 0x0000000f cmp eax, 9B8FFB51h 0x00000014 je 00007F98ECACEEDAh 0x0000001a test cx, dx 0x0000001d cmp eax, 555E1691h 0x00000022 je 00007F98ECACEECCh 0x00000028 cmp eax, CE81C85Dh 0x0000002d je 00007F98ECACEEC1h 0x00000033 test ecx, eax 0x00000035 inc esi 0x00000036 cmp eax, ebx 0x00000038 cmp esi, 000000FFh 0x0000003e jne 00007F98ECACAD29h 0x00000044 mov edi, dword ptr [ebp+20h] 0x00000047 add edi, 00010000h 0x0000004d cmp ecx, edx 0x0000004f push edi 0x00000050 pushad 0x00000051 mov ebx, 000000A1h 0x00000056 rdtsc |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | RDTSC instruction interceptor: First address: 00000000005607CD second address: 00000000005652F2 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 push 00000000h 0x00000005 push 00000000h 0x00000007 test cx, dx 0x0000000a push eax 0x0000000b call 00007F98ECA64620h 0x00000010 call 00007F98ECA5FBB5h 0x00000015 pop ebx 0x00000016 sub ebx, 05h 0x00000019 jmp 00007F98ECA5FC4Dh 0x0000001e pushad 0x0000001f lfence 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | RDTSC instruction interceptor: First address: 00000000005609E6 second address: 00000000005652F2 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 mov edx, ebp 0x00000005 add edx, 0000009Ch 0x0000000b test cx, dx 0x0000000e push edx 0x0000000f push 00000007h 0x00000011 push FFFFFFFFh 0x00000013 test ecx, eax 0x00000015 push eax 0x00000016 cmp eax, ebx 0x00000018 call 00007F98ECACF6CAh 0x0000001d call 00007F98ECACAE85h 0x00000022 pop ebx 0x00000023 sub ebx, 05h 0x00000026 jmp 00007F98ECACAF1Dh 0x0000002b pushad 0x0000002c lfence 0x0000002f rdtsc |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | RDTSC instruction interceptor: First address: 000000000056164E second address: 00000000005652F2 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 push FFFFFFFFh 0x00000005 push dword ptr [ebp+24h] 0x00000008 cmp eax, edx 0x0000000a call 00007F98ECA637A0h 0x0000000f call 00007F98ECA5FBB5h 0x00000014 pop ebx 0x00000015 sub ebx, 05h 0x00000018 jmp 00007F98ECA5FC4Dh 0x0000001d pushad 0x0000001e lfence 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | RDTSC instruction interceptor: First address: 0000000000561A8B second address: 00000000005652F2 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov dword ptr [eax+08h], 00400000h 0x00000012 cmp bh, ch 0x00000014 mov eax, dword ptr [eax+0Ch] 0x00000017 mov eax, dword ptr [eax+14h] 0x0000001a mov dword ptr [eax+10h], 00400000h 0x00000021 cmp bh, bh 0x00000023 cmp ax, 00009409h 0x00000027 test ax, bx 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e cmp ebx, 99359DB0h 0x00000034 push 00000000h 0x00000036 push edx 0x00000037 cmp dl, FFFFFFA3h 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push dword ptr [ebp+000000C0h] 0x00000044 call 00007F98ECACE5F9h 0x00000049 call 00007F98ECACAE85h 0x0000004e pop ebx 0x0000004f sub ebx, 05h 0x00000052 jmp 00007F98ECACAF1Dh 0x00000057 pushad 0x00000058 lfence 0x0000005b rdtsc |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-private-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-locale-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-namedpipe-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-localization-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\lgpllibs.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-util-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\qipcap.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\libEGL.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\mozMapi32.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-stdio-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\MapiProxy_InUse.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-time-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processenvironment-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-file-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\breakpadinjector.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-utility-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-string-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleHandler.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-memory-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-synch-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\ldif60.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-rtlsupport-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-file-l2-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\freebl3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-process-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-synch-l1-2-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-string-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-interlocked-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processthreads-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\IA2Marshal.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-filesystem-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-timezone-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-heap-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\nssdbm3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-sysinfo-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\prldap60.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-conio-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processthreads-l1-1-1.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\ldap60.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-libraryloader-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\mozMapi32_InUse.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-heap-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-math-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-runtime-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\nssckbi.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-multibyte-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-handle-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-environment-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleMarshal.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\MapiProxy.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\softokn3.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-convert-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-profile-l1-1-0.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\ |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\ |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\ |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\ |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\ |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\ |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317097027.0000000066BD0000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317097027.0000000066BD0000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.313364575.0000000000561000.00000040.00000001.sdmp | Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317097027.0000000066BD0000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe, 00000002.00000002.317097027.0000000066BD0000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_020F0405 NtSetInformationThread 000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000048,00000000,00020040,00000000 |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_020F4238 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_020F144F mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_020F1A66 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_020F1897 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_020F3E91 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_020F4926 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 0_2_020F2535 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 2_2_6D8784D6 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Code function: 2_2_6D877414 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings |
Source: C:\Users\user\Desktop\SOLICITUD DE PRESUPUESTO 08-04-2021#U00b7pdf.exe | Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.