Source: RegAsm.exe, 00000005.00000002.47246057313.000000001DC11000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegAsm.exe, 00000005.00000002.47246057313.000000001DC11000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: RegAsm.exe, 00000005.00000002.47246057313.000000001DC11000.00000004.00000001.sdmp | String found in binary or memory: http://GkEcfT.com |
Source: RegAsm.exe, 00000005.00000002.47253108213.000000001FDDA000.00000004.00000001.sdmp | String found in binary or memory: http://cps.letsencrypt.org0 |
Source: RegAsm.exe, 00000005.00000003.42564859038.0000000000F19000.00000004.00000001.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: RegAsm.exe, 00000005.00000003.42564859038.0000000000F19000.00000004.00000001.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: RegAsm.exe, 00000005.00000002.47252517493.000000001FD10000.00000004.00000001.sdmp | String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en#z |
Source: RegAsm.exe, 00000005.00000002.47252517493.000000001FD10000.00000004.00000001.sdmp | String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: RegAsm.exe, 00000005.00000002.47247239985.000000001DD0C000.00000004.00000001.sdmp | String found in binary or memory: http://mail.tccinfaes.com |
Source: RegAsm.exe, 00000005.00000002.47253108213.000000001FDDA000.00000004.00000001.sdmp | String found in binary or memory: http://r3.i.lencr.org/0) |
Source: RegAsm.exe, 00000005.00000002.47253108213.000000001FDDA000.00000004.00000001.sdmp | String found in binary or memory: http://r3.o.lencr.org0 |
Source: RegAsm.exe, 00000005.00000002.47247239985.000000001DD0C000.00000004.00000001.sdmp | String found in binary or memory: http://tccinfaes.com |
Source: RegAsm.exe, 00000005.00000002.47253108213.000000001FDDA000.00000004.00000001.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
Source: RegAsm.exe, 00000005.00000002.47235666189.0000000000F1B000.00000004.00000020.sdmp, 2D85F72862B55C4EADD9E66E06947F3D.5.dr | String found in binary or memory: http://x1.i.lencr.org/ |
Source: RegAsm.exe, 00000005.00000002.47253108213.000000001FDDA000.00000004.00000001.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
Source: RegAsm.exe, 00000005.00000002.47252949580.000000001FDBB000.00000004.00000001.sdmp | String found in binary or memory: http://x1.i.lencr.org/H |
Source: RegAsm.exe, 00000005.00000002.47247072813.000000001DCF0000.00000004.00000001.sdmp | String found in binary or memory: https://ZjJPdvMOyw165opG2hLg.org |
Source: RegAsm.exe, 00000005.00000002.47247072813.000000001DCF0000.00000004.00000001.sdmp | String found in binary or memory: https://ZjJPdvMOyw165opG2hLg.orgD |
Source: RegAsm.exe, 00000005.00000002.47247072813.000000001DCF0000.00000004.00000001.sdmp | String found in binary or memory: https://ZjJPdvMOyw165opG2hLg.orgt- |
Source: RegAsm.exe, 00000005.00000003.42564859038.0000000000F19000.00000004.00000001.sdmp | String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/ |
Source: RegAsm.exe, 00000005.00000002.47235182001.0000000000ECD000.00000004.00000020.sdmp | String found in binary or memory: https://doc-0c-88-docs.googleusercontent.com/ |
Source: RegAsm.exe, 00000005.00000002.47235182001.0000000000ECD000.00000004.00000020.sdmp | String found in binary or memory: https://doc-0c-88-docs.googleusercontent.com/$ |
Source: RegAsm.exe, 00000005.00000003.42564732729.0000000000F0B000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.47235473464.0000000000EFB000.00000004.00000020.sdmp | String found in binary or memory: https://doc-0c-88-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/d4i6055j |
Source: RegAsm.exe, 00000005.00000002.47234868425.0000000000E88000.00000004.00000020.sdmp | String found in binary or memory: https://drive.google.com/d |
Source: RegAsm.exe, 00000005.00000002.47234868425.0000000000E88000.00000004.00000020.sdmp | String found in binary or memory: https://drive.google.com/l |
Source: RegAsm.exe, 00000005.00000002.47234868425.0000000000E88000.00000004.00000020.sdmp, RegAsm.exe, 00000005.00000002.47233899544.00000000007F0000.00000004.00000001.sdmp | String found in binary or memory: https://drive.google.com/uc?export=download&id=1_aiH9wqXGFfSAi2OVlXiWPSY325xMIrC |
Source: RegAsm.exe, 00000005.00000002.47234868425.0000000000E88000.00000004.00000020.sdmp | String found in binary or memory: https://drive.google.com/uc?export=download&id=1_aiH9wqXGFfSAi2OVlXiWPSY325xMIrCY |
Source: RegAsm.exe, 00000005.00000003.42564732729.0000000000F0B000.00000004.00000001.sdmp | String found in binary or memory: https://drive.google.com/uc?export=download&id=1_aiH9wqXGFfSAi2OVlXiWPSY325xMIrCpgS8lwJVzhRuGhVes |
Source: RegAsm.exe, 00000005.00000002.47246765132.000000001DCAB000.00000004.00000001.sdmp | String found in binary or memory: https://login.live.com/ |
Source: RegAsm.exe, 00000005.00000002.47246602234.000000001DC8D000.00000004.00000001.sdmp | String found in binary or memory: https://login.live.com// |
Source: RegAsm.exe, 00000005.00000002.47246602234.000000001DC8D000.00000004.00000001.sdmp | String found in binary or memory: https://login.live.com/https://login.live.com/ |
Source: RegAsm.exe, 00000005.00000002.47246602234.000000001DC8D000.00000004.00000001.sdmp | String found in binary or memory: https://login.live.com/v104 |
Source: RegAsm.exe, 00000005.00000002.47246765132.000000001DCAB000.00000004.00000001.sdmp | String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash |
Source: RegAsm.exe, 00000005.00000002.47246057313.000000001DC11000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\PEDIDO.exe | Code function: 2_2_00401441 |
Source: C:\Users\user\Desktop\PEDIDO.exe | Code function: 2_2_0040167D |
Source: C:\Users\user\Desktop\PEDIDO.exe | Code function: 2_2_00401630 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00A4C080 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00A4BA48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00A43A50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00A44320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00A41130 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00A43708 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00AA6D90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00AA07E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00E778D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00E77A3F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00E7DBA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00E76728 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00E744F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00E7D7A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00E73330 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00FD70F7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00FDAC28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00FDF150 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00FD0040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00FD0006 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_00FD6148 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1DA05E08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1DA04ACC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1DA05DC1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1DA06AF1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1FE62BE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1FE67438 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1FE60040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1FE66810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1FE6A7D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1FE6741D |
Source: C:\Users\user\Desktop\PEDIDO.exe | Code function: 2_2_00406171 push ds; ret |
Source: C:\Users\user\Desktop\PEDIDO.exe | Code function: 2_2_02C336C4 push ebx; retf |
Source: C:\Users\user\Desktop\PEDIDO.exe | Code function: 2_2_02C3448B pushad ; iretd |
Source: C:\Users\user\Desktop\PEDIDO.exe | Code function: 2_2_02C32AA2 push 5EE706AFh; ret |
Source: C:\Users\user\Desktop\PEDIDO.exe | Code function: 2_2_02C31CAE push cs; iretd |
Source: C:\Users\user\Desktop\PEDIDO.exe | Code function: 2_2_02C30401 pushfd ; iretd |
Source: C:\Users\user\Desktop\PEDIDO.exe | Code function: 2_2_02C34C37 push cs; retf |
Source: C:\Users\user\Desktop\PEDIDO.exe | Code function: 2_2_02C341F0 push ebp; ret |
Source: C:\Users\user\Desktop\PEDIDO.exe | Code function: 2_2_02C32BA4 push 6DF2974Ah; ret |
Source: C:\Users\user\Desktop\PEDIDO.exe | Code function: 2_2_02C3430F push ebp; ret |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1FE654C0 push esp; retf |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 5_2_1FE65313 pushfd ; retf 00E6h |
Source: C:\Users\user\Desktop\PEDIDO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: PEDIDO.exe, 00000002.00000002.42591955596.00000000022D0000.00000004.00000001.sdmp | Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLL |
Source: PEDIDO.exe, 00000002.00000002.42591955596.00000000022D0000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.47233899544.00000000007F0000.00000004.00000001.sdmp | Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE |
Source: PEDIDO.exe, 00000002.00000002.42591373555.0000000000614000.00000004.00000020.sdmp | Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXERY |
Source: RegAsm.exe, 00000005.00000002.47233899544.00000000007F0000.00000004.00000001.sdmp | Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1_AIH9WQXGFFSAI2OVLXIWPSY325XMIRC |
Source: PEDIDO.exe, 00000002.00000002.42593504742.0000000004C39000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.47237699647.0000000002919000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Guest Shutdown Service |
Source: PEDIDO.exe, 00000002.00000002.42593504742.0000000004C39000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.47237699647.0000000002919000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: RegAsm.exe, 00000005.00000002.47237699647.0000000002919000.00000004.00000001.sdmp | Binary or memory string: vmicshutdown |
Source: PEDIDO.exe, 00000002.00000002.42593504742.0000000004C39000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.47237699647.0000000002919000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: RegAsm.exe, 00000005.00000002.47234868425.0000000000E88000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAWP |
Source: PEDIDO.exe, 00000002.00000002.42593504742.0000000004C39000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.47237699647.0000000002919000.00000004.00000001.sdmp | Binary or memory string: Hyper-V PowerShell Direct Service |
Source: PEDIDO.exe, 00000002.00000002.42593504742.0000000004C39000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.47237699647.0000000002919000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Time Synchronization Service |
Source: RegAsm.exe, 00000005.00000002.47237699647.0000000002919000.00000004.00000001.sdmp | Binary or memory string: vmicvss |
Source: RegAsm.exe, 00000005.00000002.47235473464.0000000000EFB000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAW |
Source: PEDIDO.exe, 00000002.00000002.42591373555.0000000000614000.00000004.00000020.sdmp | Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exerY |
Source: RegAsm.exe, 00000005.00000002.47233899544.00000000007F0000.00000004.00000001.sdmp | Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=https://drive.google.com/uc?export=download&id=1_aiH9wqXGFfSAi2OVlXiWPSY325xMIrC |
Source: PEDIDO.exe, 00000002.00000002.42591955596.00000000022D0000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.47233899544.00000000007F0000.00000004.00000001.sdmp | Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: PEDIDO.exe, 00000002.00000002.42593504742.0000000004C39000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.47237699647.0000000002919000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Data Exchange Service |
Source: PEDIDO.exe, 00000002.00000002.42593504742.0000000004C39000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.47237699647.0000000002919000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Heartbeat Service |
Source: PEDIDO.exe, 00000002.00000002.42593504742.0000000004C39000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.47237699647.0000000002919000.00000004.00000001.sdmp | Binary or memory string: Hyper-V Guest Service Interface |
Source: RegAsm.exe, 00000005.00000002.47235473464.0000000000EFB000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAWIJc6 |
Source: RegAsm.exe, 00000005.00000002.47237699647.0000000002919000.00000004.00000001.sdmp | Binary or memory string: vmicheartbeat |
Source: PEDIDO.exe, 00000002.00000002.42591955596.00000000022D0000.00000004.00000001.sdmp | Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=windir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |