Source: RegAsm.exe, 00000006.00000002.74041380442.000000001DC01000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegAsm.exe, 00000006.00000002.74042766614.000000001DCF9000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000003.70287265297.0000000000F61000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000002.74043481824.000000001DD48000.00000004.00000001.sdmp |
String found in binary or memory: http://1rfE3t8xqRYG9cY.net |
Source: RegAsm.exe, 00000006.00000002.74042766614.000000001DCF9000.00000004.00000001.sdmp |
String found in binary or memory: http://1rfE3t8xqRYG9cY.netD |
Source: RegAsm.exe, 00000006.00000002.74042766614.000000001DCF9000.00000004.00000001.sdmp |
String found in binary or memory: http://1rfE3t8xqRYG9cY.nett- |
Source: RegAsm.exe, 00000006.00000002.74041380442.000000001DC01000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: RegAsm.exe, 00000006.00000002.74041380442.000000001DC01000.00000004.00000001.sdmp |
String found in binary or memory: http://GkEcfT.com |
Source: RegAsm.exe, 00000006.00000003.70368102038.000000001FE0D000.00000004.00000001.sdmp |
String found in binary or memory: http://cps.letsencrypt.org0 |
Source: RegAsm.exe, 00000006.00000003.69349934018.0000000000EF3000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: RegAsm.exe, 00000006.00000003.69349934018.0000000000EF3000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: RegAsm.exe, 00000006.00000002.74049220847.000000001FD60000.00000004.00000001.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: RegAsm.exe, 00000006.00000002.74049220847.000000001FD60000.00000004.00000001.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enr |
Source: RegAsm.exe, 00000006.00000002.74043153246.000000001DD1B000.00000004.00000001.sdmp |
String found in binary or memory: http://mail.tccinfaes.com |
Source: RegAsm.exe, 00000006.00000003.70368102038.000000001FE0D000.00000004.00000001.sdmp |
String found in binary or memory: http://r3.i.lencr.org/0) |
Source: RegAsm.exe, 00000006.00000003.70368102038.000000001FE0D000.00000004.00000001.sdmp |
String found in binary or memory: http://r3.o.lencr.org0 |
Source: RegAsm.exe, 00000006.00000002.74043153246.000000001DD1B000.00000004.00000001.sdmp |
String found in binary or memory: http://tccinfaes.com |
Source: RegAsm.exe, 00000006.00000003.70368102038.000000001FE0D000.00000004.00000001.sdmp |
String found in binary or memory: http://x1.c.lencr.org/0 |
Source: RegAsm.exe, 00000006.00000002.74032045876.0000000000ED3000.00000004.00000020.sdmp, 2D85F72862B55C4EADD9E66E06947F3D.6.dr |
String found in binary or memory: http://x1.i.lencr.org/ |
Source: RegAsm.exe, 00000006.00000003.70368102038.000000001FE0D000.00000004.00000001.sdmp |
String found in binary or memory: http://x1.i.lencr.org/0 |
Source: RegAsm.exe, 00000006.00000002.74032045876.0000000000ED3000.00000004.00000020.sdmp |
String found in binary or memory: http://x1.i.lencr.org/:Z |
Source: RegAsm.exe, 00000006.00000002.74049220847.000000001FD60000.00000004.00000001.sdmp |
String found in binary or memory: http://x1.i.lencr.org/D |
Source: RegAsm.exe, 00000006.00000003.70368102038.000000001FE0D000.00000004.00000001.sdmp |
String found in binary or memory: http://x1.i.lencr.org:80/= |
Source: RegAsm.exe, 00000006.00000003.69349934018.0000000000EF3000.00000004.00000001.sdmp |
String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/ |
Source: RegAsm.exe, 00000006.00000002.74031926505.0000000000EB8000.00000004.00000020.sdmp |
String found in binary or memory: https://doc-0g-as-docs.googleusercontent.com/ |
Source: RegAsm.exe, 00000006.00000003.69349876616.0000000000EE7000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-0g-as-docs.googleusercontent.com/%%doc-0g-as-docs.googleusercontent.com |
Source: RegAsm.exe, 00000006.00000003.69349934018.0000000000EF3000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-0g-as-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/rnd0dmuj |
Source: RegAsm.exe, 00000006.00000002.74031570400.0000000000E68000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/ |
Source: RegAsm.exe, 00000006.00000002.74031570400.0000000000E68000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/n |
Source: RegAsm.exe, 00000006.00000003.69349934018.0000000000EF3000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000002.74031185324.0000000000DB0000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1G3zuBgFp3XG7uq2Ao6_gnm0hCT-90hBP |
Source: RegAsm.exe, 00000006.00000003.69349934018.0000000000EF3000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1G3zuBgFp3XG7uq2Ao6_gnm0hCT-90hBP2Z18XHWq5VUtwT2Ok |
Source: RegAsm.exe, 00000006.00000002.74031570400.0000000000E68000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1G3zuBgFp3XG7uq2Ao6_gnm0hCT-90hBPE |
Source: RegAsm.exe, 00000006.00000002.74042052956.000000001DC95000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000002.74042361635.000000001DCB3000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com/ |
Source: RegAsm.exe, 00000006.00000002.74042052956.000000001DC95000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com// |
Source: RegAsm.exe, 00000006.00000002.74042052956.000000001DC95000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com/https://login.live.com/ |
Source: RegAsm.exe, 00000006.00000002.74042052956.000000001DC95000.00000004.00000001.sdmp |
String found in binary or memory: https://login.live.com/v104 |
Source: RegAsm.exe, 00000006.00000002.74042361635.000000001DCB3000.00000004.00000001.sdmp |
String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash |
Source: RegAsm.exe, 00000006.00000002.74041380442.000000001DC01000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\PEDIDO.exe |
Code function: 1_2_00401673 |
1_2_00401673 |
Source: C:\Users\user\Desktop\PEDIDO.exe |
Code function: 1_2_00401626 |
1_2_00401626 |
Source: C:\Users\user\Desktop\PEDIDO.exe |
Code function: 1_2_00401437 |
1_2_00401437 |
Source: C:\Users\user\Desktop\PEDIDO.exe |
Code function: 1_2_02AA5290 |
1_2_02AA5290 |
Source: C:\Users\user\Desktop\PEDIDO.exe |
Code function: 1_2_02AA1623 |
1_2_02AA1623 |
Source: C:\Users\user\Desktop\PEDIDO.exe |
Code function: 1_2_02AA1A0E |
1_2_02AA1A0E |
Source: C:\Users\user\Desktop\PEDIDO.exe |
Code function: 1_2_02AA398D |
1_2_02AA398D |
Source: C:\Users\user\Desktop\PEDIDO.exe |
Code function: 1_2_02AA6733 |
1_2_02AA6733 |
Source: C:\Users\user\Desktop\PEDIDO.exe |
Code function: 1_2_02AA071E |
1_2_02AA071E |
Source: C:\Users\user\Desktop\PEDIDO.exe |
Code function: 1_2_02AA391C |
1_2_02AA391C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00A41130 |
6_2_00A41130 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00A43A50 |
6_2_00A43A50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00A4BA58 |
6_2_00A4BA58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00A44320 |
6_2_00A44320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00A4C7B8 |
6_2_00A4C7B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00A43708 |
6_2_00A43708 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00AA6D90 |
6_2_00AA6D90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00AA07E0 |
6_2_00AA07E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00B3C04B |
6_2_00B3C04B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00B3BF79 |
6_2_00B3BF79 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00E478D0 |
6_2_00E478D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00E4F540 |
6_2_00E4F540 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00E47A3F |
6_2_00E47A3F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00E4D7A8 |
6_2_00E4D7A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00E46728 |
6_2_00E46728 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00E444F8 |
6_2_00E444F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_00E43330 |
6_2_00E43330 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1C9C7096 |
6_2_1C9C7096 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1C9CAC28 |
6_2_1C9CAC28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1C9C6908 |
6_2_1C9C6908 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1C9CF260 |
6_2_1C9CF260 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1C9CCB97 |
6_2_1C9CCB97 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1C9C0006 |
6_2_1C9C0006 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1C9C0040 |
6_2_1C9C0040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1C9C6148 |
6_2_1C9C6148 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1FD45E08 |
6_2_1FD45E08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1FD44ACC |
6_2_1FD44ACC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1FD45DC1 |
6_2_1FD45DC1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_1FD46AF1 |
6_2_1FD46AF1 |
Source: unknown |
Process created: C:\Users\user\Desktop\PEDIDO.exe 'C:\Users\user\Desktop\PEDIDO.exe' |
|
Source: C:\Users\user\Desktop\PEDIDO.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PEDIDO.exe' |
|
Source: C:\Users\user\Desktop\PEDIDO.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PEDIDO.exe' |
|
Source: C:\Users\user\Desktop\PEDIDO.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PEDIDO.exe' |
|
Source: C:\Users\user\Desktop\PEDIDO.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PEDIDO.exe' |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\PEDIDO.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PEDIDO.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\PEDIDO.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PEDIDO.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\PEDIDO.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PEDIDO.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\PEDIDO.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 'C:\Users\user\Desktop\PEDIDO.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\PEDIDO.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: PEDIDO.exe, 00000001.00000002.69378136579.0000000002AC0000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000002.74031185324.0000000000DB0000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE |
Source: RegAsm.exe, 00000006.00000002.74031185324.0000000000DB0000.00000004.00000001.sdmp |
Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1G3ZUBGFP3XG7UQ2AO6_GNM0HCT-90HBP |
Source: PEDIDO.exe, 00000001.00000002.69378136579.0000000002AC0000.00000004.00000001.sdmp |
Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32USERPROFILE=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE\SYSWOW64\MSVBVM60.DLL |
Source: PEDIDO.exe, 00000001.00000002.69377229117.0000000000763000.00000004.00000020.sdmp |
Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEX;V |
Source: PEDIDO.exe, 00000001.00000002.69379627372.0000000004CC9000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000002.74033795258.00000000028F9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Shutdown Service |
Source: RegAsm.exe, 00000006.00000002.74031185324.0000000000DB0000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=https://drive.google.com/uc?export=download&id=1G3zuBgFp3XG7uq2Ao6_gnm0hCT-90hBP |
Source: PEDIDO.exe, 00000001.00000002.69379627372.0000000004CC9000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000002.74033795258.00000000028F9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: RegAsm.exe, 00000006.00000002.74033795258.00000000028F9000.00000004.00000001.sdmp |
Binary or memory string: vmicshutdown |
Source: PEDIDO.exe, 00000001.00000002.69378136579.0000000002AC0000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32USERPROFILE=windir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe\syswow64\msvbvm60.dll |
Source: PEDIDO.exe, 00000001.00000002.69379627372.0000000004CC9000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000002.74033795258.00000000028F9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: PEDIDO.exe, 00000001.00000002.69379627372.0000000004CC9000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000002.74033795258.00000000028F9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V PowerShell Direct Service |
Source: PEDIDO.exe, 00000001.00000002.69379627372.0000000004CC9000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000002.74033795258.00000000028F9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Time Synchronization Service |
Source: PEDIDO.exe, 00000001.00000002.69377229117.0000000000763000.00000004.00000020.sdmp |
Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exex;v |
Source: RegAsm.exe, 00000006.00000002.74033795258.00000000028F9000.00000004.00000001.sdmp |
Binary or memory string: vmicvss |
Source: RegAsm.exe, 00000006.00000002.74031926505.0000000000EB8000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW |
Source: PEDIDO.exe, 00000001.00000002.69378136579.0000000002AC0000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000002.74031185324.0000000000DB0000.00000004.00000001.sdmp |
Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: PEDIDO.exe, 00000001.00000002.69379627372.0000000004CC9000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000002.74033795258.00000000028F9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Data Exchange Service |
Source: PEDIDO.exe, 00000001.00000002.69379627372.0000000004CC9000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000002.74033795258.00000000028F9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Heartbeat Service |
Source: PEDIDO.exe, 00000001.00000002.69379627372.0000000004CC9000.00000004.00000001.sdmp, RegAsm.exe, 00000006.00000002.74033795258.00000000028F9000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Service Interface |
Source: RegAsm.exe, 00000006.00000002.74033795258.00000000028F9000.00000004.00000001.sdmp |
Binary or memory string: vmicheartbeat |
Source: RegAsm.exe, 00000006.00000002.74033374769.00000000014A1000.00000002.00020000.sdmp |
Binary or memory string: Program Manager |
Source: RegAsm.exe, 00000006.00000002.74033374769.00000000014A1000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: RegAsm.exe, 00000006.00000002.74033374769.00000000014A1000.00000002.00020000.sdmp |
Binary or memory string: Progman |
Source: RegAsm.exe, 00000006.00000002.74033374769.00000000014A1000.00000002.00020000.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |