Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.250.34.171 |
Source: Anexo I e II do convite#U00b7pdf.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: Anexo I e II do convite#U00b7pdf.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392422082.0000000000932000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.394429524.000000000092A000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419336698.0000000000920000.00000004.00000020.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.422738792.000000001E5CC000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392139154.0000000000936000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: Anexo I e II do convite#U00b7pdf.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: Anexo I e II do convite#U00b7pdf.exe |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: Anexo I e II do convite#U00b7pdf.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: Anexo I e II do convite#U00b7pdf.exe |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: Anexo I e II do convite#U00b7pdf.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: Anexo I e II do convite#U00b7pdf.exe |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: Anexo I e II do convite#U00b7pdf.exe |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392422082.0000000000932000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392139154.0000000000936000.00000004.00000001.sdmp |
String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/ |
Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392422082.0000000000932000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392139154.0000000000936000.00000004.00000001.sdmp |
String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq |
Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392422082.0000000000932000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.394429524.000000000092A000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419336698.0000000000920000.00000004.00000020.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.422738792.000000001E5CC000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-0g-14-docs.googleusercontent.com/ |
Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392139154.0000000000936000.00000004.00000001.sdmp |
String found in binary or memory: https://doc-0g-14-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/iol8p470 |
Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419287204.00000000008C7000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/ |
Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419287204.00000000008C7000.00000004.00000020.sdmp |
String found in binary or memory: https://drive.google.com/i |
Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419267340.0000000000810000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1woW1V-Fwjjb6G5mIgMHVwoyywXrCNcHQ |
Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392422082.0000000000932000.00000004.00000001.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1woW1V-Fwjjb6G5mIgMHVwoyywXrCNcHQhb_RBrBtzpisGKe78 |
Source: Anexo I e II do convite#U00b7pdf.exe |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A269B |
0_2_020A269B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A942C |
0_2_020A942C |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020ADAD0 |
0_2_020ADAD0 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AEEF5 |
0_2_020AEEF5 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A820F |
0_2_020A820F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AD26B |
0_2_020AD26B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A826F |
0_2_020A826F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7263 |
0_2_020A7263 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A72A3 |
0_2_020A72A3 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AD2E3 |
0_2_020AD2E3 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A82FB |
0_2_020A82FB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AD343 |
0_2_020AD343 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A835F |
0_2_020A835F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A4364 |
0_2_020A4364 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A83CB |
0_2_020A83CB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AD3F7 |
0_2_020AD3F7 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AD02E |
0_2_020AD02E |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AE033 |
0_2_020AE033 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AD05B |
0_2_020AD05B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AE062 |
0_2_020AE062 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A8067 |
0_2_020A8067 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AE08F |
0_2_020AE08F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A9099 |
0_2_020A9099 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A70A8 |
0_2_020A70A8 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A80BB |
0_2_020A80BB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AD0BF |
0_2_020AD0BF |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A90CF |
0_2_020A90CF |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AD103 |
0_2_020AD103 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A912B |
0_2_020A912B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7127 |
0_2_020A7127 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A8130 |
0_2_020A8130 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AD15F |
0_2_020AD15F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AA17B |
0_2_020AA17B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AE177 |
0_2_020AE177 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A81BB |
0_2_020A81BB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AD1DB |
0_2_020AD1DB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7643 |
0_2_020A7643 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AB645 |
0_2_020AB645 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A76B3 |
0_2_020A76B3 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7723 |
0_2_020A7723 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A77B8 |
0_2_020A77B8 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AF7D5 |
0_2_020AF7D5 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AE431 |
0_2_020AE431 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A945F |
0_2_020A945F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A8463 |
0_2_020A8463 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A0494 |
0_2_020A0494 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AE4A7 |
0_2_020AE4A7 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A94C3 |
0_2_020A94C3 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AC4EB |
0_2_020AC4EB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A84FB |
0_2_020A84FB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A750E |
0_2_020A750E |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AE517 |
0_2_020AE517 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A9523 |
0_2_020A9523 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A8547 |
0_2_020A8547 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7552 |
0_2_020A7552 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A85CB |
0_2_020A85CB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A9A53 |
0_2_020A9A53 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7A6F |
0_2_020A7A6F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A0AB8 |
0_2_020A0AB8 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A9AD7 |
0_2_020A9AD7 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7AE7 |
0_2_020A7AE7 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020ADB37 |
0_2_020ADB37 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A9B44 |
0_2_020A9B44 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020ADB6F |
0_2_020ADB6F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7BA3 |
0_2_020A7BA3 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020ADBC7 |
0_2_020ADBC7 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020ADBFF |
0_2_020ADBFF |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7807 |
0_2_020A7807 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A788B |
0_2_020A788B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A790F |
0_2_020A790F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A796E |
0_2_020A796E |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7963 |
0_2_020A7963 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7974 |
0_2_020A7974 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A99DB |
0_2_020A99DB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A79FB |
0_2_020A79FB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7E6F |
0_2_020A7E6F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7EE3 |
0_2_020A7EE3 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020ADEF7 |
0_2_020ADEF7 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AEF2F |
0_2_020AEF2F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7F5B |
0_2_020A7F5B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AEF6B |
0_2_020AEF6B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020ADF8B |
0_2_020ADF8B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020ADFC3 |
0_2_020ADFC3 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A9C0F |
0_2_020A9C0F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7C2F |
0_2_020A7C2F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A6C4E |
0_2_020A6C4E |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A9C83 |
0_2_020A9C83 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7C9B |
0_2_020A7C9B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020ADCE3 |
0_2_020ADCE3 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A9D07 |
0_2_020A9D07 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7D13 |
0_2_020A7D13 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020ADD17 |
0_2_020ADD17 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020ADD6F |
0_2_020ADD6F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7D73 |
0_2_020A7D73 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A9D74 |
0_2_020A9D74 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020ADDDB |
0_2_020ADDDB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7DEB |
0_2_020A7DEB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A9DE7 |
0_2_020A9DE7 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A942C NtAllocateVirtualMemory, |
0_2_020A942C |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020ADAD0 NtWriteVirtualMemory, |
0_2_020ADAD0 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AE9C2 NtProtectVirtualMemory, |
0_2_020AE9C2 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A820F NtWriteVirtualMemory, |
0_2_020A820F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A826F NtWriteVirtualMemory, |
0_2_020A826F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A82FB NtWriteVirtualMemory, |
0_2_020A82FB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A835F NtWriteVirtualMemory, |
0_2_020A835F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A4364 NtWriteVirtualMemory, |
0_2_020A4364 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A83CB NtWriteVirtualMemory, |
0_2_020A83CB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AD02E NtWriteVirtualMemory, |
0_2_020AD02E |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A8067 NtWriteVirtualMemory, |
0_2_020A8067 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A70A8 NtWriteVirtualMemory, |
0_2_020A70A8 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A80BB NtWriteVirtualMemory, |
0_2_020A80BB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A8130 NtWriteVirtualMemory, |
0_2_020A8130 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A81BB NtWriteVirtualMemory, |
0_2_020A81BB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A961B NtAllocateVirtualMemory, |
0_2_020A961B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A9635 NtAllocateVirtualMemory, |
0_2_020A9635 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7643 NtWriteVirtualMemory, |
0_2_020A7643 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AB645 NtWriteVirtualMemory, |
0_2_020AB645 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A8663 NtWriteVirtualMemory, |
0_2_020A8663 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A76B3 NtWriteVirtualMemory, |
0_2_020A76B3 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A96CB NtAllocateVirtualMemory, |
0_2_020A96CB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A86E3 NtWriteVirtualMemory, |
0_2_020A86E3 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7723 NtWriteVirtualMemory, |
0_2_020A7723 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A9747 NtAllocateVirtualMemory, |
0_2_020A9747 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A8753 NtWriteVirtualMemory, |
0_2_020A8753 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A77B8 NtWriteVirtualMemory, |
0_2_020A77B8 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AF7D5 NtWriteVirtualMemory, |
0_2_020AF7D5 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A945F NtAllocateVirtualMemory, |
0_2_020A945F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A8463 NtWriteVirtualMemory, |
0_2_020A8463 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A0494 NtWriteVirtualMemory,LoadLibraryA, |
0_2_020A0494 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A94C3 NtAllocateVirtualMemory, |
0_2_020A94C3 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A84FB NtWriteVirtualMemory, |
0_2_020A84FB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A9523 NtAllocateVirtualMemory, |
0_2_020A9523 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A8547 NtWriteVirtualMemory, |
0_2_020A8547 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7552 NtWriteVirtualMemory, |
0_2_020A7552 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A9593 NtAllocateVirtualMemory, |
0_2_020A9593 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A95BD NtAllocateVirtualMemory, |
0_2_020A95BD |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A85CB NtWriteVirtualMemory, |
0_2_020A85CB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7A6F NtWriteVirtualMemory, |
0_2_020A7A6F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AEA7F NtProtectVirtualMemory, |
0_2_020AEA7F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7AE7 NtWriteVirtualMemory, |
0_2_020A7AE7 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7BA3 NtWriteVirtualMemory, |
0_2_020A7BA3 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7807 NtWriteVirtualMemory, |
0_2_020A7807 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A788B NtWriteVirtualMemory, |
0_2_020A788B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A790F NtWriteVirtualMemory, |
0_2_020A790F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A796E NtWriteVirtualMemory, |
0_2_020A796E |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7963 NtWriteVirtualMemory, |
0_2_020A7963 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7974 NtWriteVirtualMemory, |
0_2_020A7974 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A79FB NtWriteVirtualMemory, |
0_2_020A79FB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020AEE11 NtProtectVirtualMemory, |
0_2_020AEE11 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7E6F NtWriteVirtualMemory, |
0_2_020A7E6F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7EE3 NtWriteVirtualMemory, |
0_2_020A7EE3 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7F5B NtWriteVirtualMemory, |
0_2_020A7F5B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7C2F NtWriteVirtualMemory, |
0_2_020A7C2F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7C9B NtWriteVirtualMemory, |
0_2_020A7C9B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7D13 NtWriteVirtualMemory, |
0_2_020A7D13 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7D73 NtWriteVirtualMemory, |
0_2_020A7D73 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A7DEB NtWriteVirtualMemory, |
0_2_020A7DEB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 13_2_0056FBF7 LdrInitializeThunk,NtProtectVirtualMemory, |
13_2_0056FBF7 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 13_2_0056FD81 Sleep,LdrInitializeThunk,NtProtectVirtualMemory, |
13_2_0056FD81 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 13_2_0056FE33 NtProtectVirtualMemory, |
13_2_0056FE33 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 13_2_0056FC2B LdrInitializeThunk,NtProtectVirtualMemory, |
13_2_0056FC2B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 13_2_0056FBF1 LdrInitializeThunk,NtProtectVirtualMemory, |
13_2_0056FBF1 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 13_2_0056FB82 LdrInitializeThunk,NtProtectVirtualMemory, |
13_2_0056FB82 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 13_2_0056FBAF LdrInitializeThunk,NtProtectVirtualMemory, |
13_2_0056FBAF |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 13_2_0056FCAF NtProtectVirtualMemory, |
13_2_0056FCAF |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_00402640 push 0040130Eh; ret |
0_2_00402653 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_00402654 push 0040130Eh; ret |
0_2_00402667 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_00402668 push 0040130Eh; ret |
0_2_0040267B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_0040267C push 0040130Eh; ret |
0_2_0040268F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_00402604 push 0040130Eh; ret |
0_2_00402617 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_00402618 push 0040130Eh; ret |
0_2_0040262B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_0040262C push 0040130Eh; ret |
0_2_0040263F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_004026CC push 0040130Eh; ret |
0_2_004026DF |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_004026E0 push 0040130Eh; ret |
0_2_004026F3 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_004026F4 push 0040130Eh; ret |
0_2_00402707 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_00402690 push 0040130Eh; ret |
0_2_004026A3 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_004026A4 push 0040130Eh; ret |
0_2_004026B7 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_004026B8 push 0040130Eh; ret |
0_2_004026CB |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_00402744 push 0040130Eh; ret |
0_2_00402757 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_00402758 push 0040130Eh; ret |
0_2_0040276B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_00404B67 push ds; ret |
0_2_00404B68 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_0040276C push 0040130Eh; ret |
0_2_0040277F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_00403D73 push esp; iretd |
0_2_00403D74 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_00402708 push 0040130Eh; ret |
0_2_0040271B |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_0040271C push 0040130Eh; ret |
0_2_0040272F |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_0040231C push 0040130Eh; ret |
0_2_00402603 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_00406F2A push ecx; retf |
0_2_00406F3D |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_00402730 push 0040130Eh; ret |
0_2_00402743 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_00402780 push 0040130Eh; ret |
0_2_00402793 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_0040618C push 10768459h; retf |
0_2_00406191 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_00402794 push 0040130Eh; ret |
0_2_004027A7 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A942C push C30B40E8h; retf 5D80h |
0_2_020A991E |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A313B push cs; retf |
0_2_020A313C |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A961B push C30B40E8h; retf 5D80h |
0_2_020A991E |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A9635 push C30B40E8h; retf 5D80h |
0_2_020A991E |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Code function: 0_2_020A4640 push FFFFFF81h; ret |
0_2_020A4642 |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339978372.0000000002BDA000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Shutdown Service |
Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339411798.0000000002870000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\msvbvm60.dll |
Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339978372.0000000002BDA000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmp |
Binary or memory string: vmicshutdown |
Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339978372.0000000002BDA000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339978372.0000000002BDA000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V PowerShell Direct Service |
Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339978372.0000000002BDA000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Time Synchronization Service |
Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmp |
Binary or memory string: vmicvss |
Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419336698.0000000000920000.00000004.00000020.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.422738792.000000001E5CC000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW |
Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419287204.00000000008C7000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW' |
Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419267340.0000000000810000.00000004.00000001.sdmp |
Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=https://drive.google.com/uc?export=download&id=1woW1V-Fwjjb6G5mIgMHVwoyywXrCNcHQ |
Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339411798.0000000002870000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419267340.0000000000810000.00000004.00000001.sdmp |
Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339978372.0000000002BDA000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Data Exchange Service |
Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339978372.0000000002BDA000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Heartbeat Service |
Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339978372.0000000002BDA000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V Guest Service Interface |
Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmp |
Binary or memory string: vmicheartbeat |