Source: RegAsm.exe, 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegAsm.exe, 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: RegAsm.exe, 0000000B.00000002.7367144013.000000001E30C000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000003.3636304172.000000001CEC1000.00000004.00000001.sdmp |
String found in binary or memory: http://VrVJ1YhyzX7x.net |
Source: RegAsm.exe, 0000000B.00000002.7351446590.00000000014E8000.00000004.00000020.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: RegAsm.exe, 0000000B.00000003.2713472213.0000000001574000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: RegAsm.exe, 0000000B.00000002.7373463217.000000002042D000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q |
Source: RegAsm.exe, 0000000B.00000002.7373463217.000000002042D000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0 |
Source: RegAsm.exe, 0000000B.00000003.2713472213.0000000001574000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: RegAsm.exe, 0000000B.00000002.7367262759.000000001E31C000.00000004.00000001.sdmp |
String found in binary or memory: http://csavarcsapagyexpress.hu |
Source: RegAsm.exe, 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp |
String found in binary or memory: http://hDFEly.com |
Source: RegAsm.exe, 0000000B.00000002.7367262759.000000001E31C000.00000004.00000001.sdmp |
String found in binary or memory: http://mail.csavarcsapagyexpress.hu |
Source: RegAsm.exe, 0000000B.00000002.7351446590.00000000014E8000.00000004.00000020.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: UserOOBEBroker.exe, 00000011.00000002.7348570592.00000231B32F0000.00000002.00020000.sdmp |
String found in binary or memory: http://schemas.microso |
Source: RegAsm.exe, 0000000B.00000003.2718736619.00000000015BD000.00000004.00000001.sdmp |
String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/ |
Source: RegAsm.exe, 0000000B.00000003.2713472213.0000000001574000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-14-9g-docs.googleusercontent.com/ |
Source: RegAsm.exe, 0000000B.00000002.7352395880.0000000001533000.00000004.00000020.sdmp |
String found in binary or memory: https://doc-14-9g-docs.googleusercontent.com/My& |
Source: RegAsm.exe, 0000000B.00000003.2718736619.00000000015BD000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7353219665.0000000001563000.00000004.00000020.sdmp, RegAsm.exe, 0000000B.00000003.2718804640.000000000156D000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7352998212.0000000001556000.00000004.00000020.sdmp |
String found in binary or memory: https://doc-14-9g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/6f93qthe |
Source: RegAsm.exe, 0000000B.00000002.7351446590.00000000014E8000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/ |
Source: RegAsm.exe, 0000000B.00000002.7351446590.00000000014E8000.00000004.00000020.sdmp, RegAsm.exe, 0000000B.00000002.7349796457.0000000001380000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000003.2713472213.0000000001574000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=13CKgFgBbMK4vEbd75_G0jxF9OB9J4HBn |
Source: RegAsm.exe, 0000000B.00000002.7373463217.000000002042D000.00000004.00000001.sdmp |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: RegAsm.exe, 0000000B.00000002.7365965262.000000001E201000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\Orden de compra M244545.exe |
Code function: 0_2_0040166E |
0_2_0040166E |
Source: C:\Users\user\Desktop\Orden de compra M244545.exe |
Code function: 0_2_00401621 |
0_2_00401621 |
Source: C:\Users\user\Desktop\Orden de compra M244545.exe |
Code function: 0_2_00401432 |
0_2_00401432 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_01006B08 |
11_2_01006B08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_010007F8 |
11_2_010007F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_01044320 |
11_2_01044320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_01043A50 |
11_2_01043A50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_0104BA58 |
11_2_0104BA58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_0104C7B8 |
11_2_0104C7B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_01043708 |
11_2_01043708 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_01438C80 |
11_2_01438C80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_0143C710 |
11_2_0143C710 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_0143A318 |
11_2_0143A318 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_01434EB0 |
11_2_01434EB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_01431D28 |
11_2_01431D28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_014341D1 |
11_2_014341D1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_01435450 |
11_2_01435450 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_01437F90 |
11_2_01437F90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_014332A8 |
11_2_014332A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_014728D0 |
11_2_014728D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_014740B8 |
11_2_014740B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_01479B20 |
11_2_01479B20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_1D1A39D0 |
11_2_1D1A39D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_1D1A3718 |
11_2_1D1A3718 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_1D1A0672 |
11_2_1D1A0672 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_1D1A7048 |
11_2_1D1A7048 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_1D1A39C8 |
11_2_1D1A39C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_1D1A3808 |
11_2_1D1A3808 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_1D1AA760 |
11_2_1D1AA760 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_1D1A37E2 |
11_2_1D1A37E2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_1E065E08 |
11_2_1E065E08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_1E064ACC |
11_2_1E064ACC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_1E066AF1 |
11_2_1E066AF1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_0143AD10 |
11_2_0143AD10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 11_2_0143CCAF |
11_2_0143CCAF |
Source: unknown |
Process created: C:\Users\user\Desktop\Orden de compra M244545.exe 'C:\Users\user\Desktop\Orden de compra M244545.exe' |
|
Source: C:\Users\user\Desktop\Orden de compra M244545.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Orden de compra M244545.exe' |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\System32\oobe\UserOOBEBroker.exe C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding |
|
Source: C:\Users\user\Desktop\Orden de compra M244545.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\Orden de compra M244545.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\Orden de compra M244545.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: RegAsm.exe, 0000000B.00000002.7349796457.0000000001380000.00000004.00000001.sdmp |
Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=13CKGFGBBMK4VEBD75_G0JXF9OB9J4HBN |
Source: Orden de compra M244545.exe, 00000000.00000002.2743156286.0000000002210000.00000004.00000001.sdmp |
Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLL |
Source: Orden de compra M244545.exe, 00000000.00000002.2743156286.0000000002210000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7349796457.0000000001380000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE |
Source: Orden de compra M244545.exe, 00000000.00000002.2741690189.00000000006A4000.00000004.00000020.sdmp |
Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE |
Source: Orden de compra M244545.exe, 00000000.00000002.2744858164.0000000004C29000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Shutdown Service |
Source: Orden de compra M244545.exe, 00000000.00000002.2744858164.0000000004C29000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp |
Binary or memory string: vmicshutdown |
Source: Orden de compra M244545.exe, 00000000.00000002.2744858164.0000000004C29000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: Orden de compra M244545.exe, 00000000.00000002.2743156286.0000000002210000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=windir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dll |
Source: Orden de compra M244545.exe, 00000000.00000002.2744858164.0000000004C29000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V PowerShell Direct Service |
Source: Orden de compra M244545.exe, 00000000.00000002.2744858164.0000000004C29000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Time Synchronization Service |
Source: RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp |
Binary or memory string: vmicvss |
Source: RegAsm.exe, 0000000B.00000002.7351446590.00000000014E8000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW |
Source: Orden de compra M244545.exe, 00000000.00000002.2743156286.0000000002210000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7349796457.0000000001380000.00000004.00000001.sdmp |
Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: RegAsm.exe, 0000000B.00000002.7349796457.0000000001380000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=https://drive.google.com/uc?export=download&id=13CKgFgBbMK4vEbd75_G0jxF9OB9J4HBn |
Source: Orden de compra M244545.exe, 00000000.00000002.2744858164.0000000004C29000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Data Exchange Service |
Source: Orden de compra M244545.exe, 00000000.00000002.2744858164.0000000004C29000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Heartbeat Service |
Source: Orden de compra M244545.exe, 00000000.00000002.2744858164.0000000004C29000.00000004.00000001.sdmp, RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Service Interface |
Source: Orden de compra M244545.exe, 00000000.00000002.2741690189.00000000006A4000.00000004.00000020.sdmp |
Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: RegAsm.exe, 0000000B.00000002.7356669436.0000000002E09000.00000004.00000001.sdmp |
Binary or memory string: vmicheartbeat |
Source: RegAsm.exe, 0000000B.00000002.7355742426.00000000019B0000.00000002.00020000.sdmp, UserOOBEBroker.exe, 00000011.00000002.7350796203.00000231B3AF0000.00000002.00020000.sdmp |
Binary or memory string: Program ManagerD |
Source: RegAsm.exe, 0000000B.00000002.7355742426.00000000019B0000.00000002.00020000.sdmp, UserOOBEBroker.exe, 00000011.00000002.7350796203.00000231B3AF0000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: RegAsm.exe, 0000000B.00000002.7355742426.00000000019B0000.00000002.00020000.sdmp, UserOOBEBroker.exe, 00000011.00000002.7350796203.00000231B3AF0000.00000002.00020000.sdmp |
Binary or memory string: Progman |
Source: RegAsm.exe, 0000000B.00000002.7355742426.00000000019B0000.00000002.00020000.sdmp, UserOOBEBroker.exe, 00000011.00000002.7350796203.00000231B3AF0000.00000002.00020000.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |