Source: RegSvcs.exe, 00000001.00000002.610914759.00000000033A1000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegSvcs.exe, 00000001.00000002.610914759.00000000033A1000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: RegSvcs.exe, 00000001.00000002.614838260.0000000006510000.00000004.00000001.sdmp | String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0 |
Source: RegSvcs.exe, 00000001.00000002.614838260.0000000006510000.00000004.00000001.sdmp | String found in binary or memory: http://cps.letsencrypt.org0 |
Source: RegSvcs.exe, 00000001.00000002.614838260.0000000006510000.00000004.00000001.sdmp | String found in binary or memory: http://cps.root-x1.letsencrypt.org0 |
Source: RegSvcs.exe, 00000001.00000002.614838260.0000000006510000.00000004.00000001.sdmp | String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
Source: RegSvcs.exe, 00000001.00000002.614838260.0000000006510000.00000004.00000001.sdmp | String found in binary or memory: http://r3.i.lencr.org/0 |
Source: RegSvcs.exe, 00000001.00000002.614838260.0000000006510000.00000004.00000001.sdmp | String found in binary or memory: http://r3.o.lencr.org0 |
Source: RegSvcs.exe, 00000001.00000002.611889871.0000000003474000.00000004.00000001.sdmp | String found in binary or memory: http://smtp.vivaldi.net |
Source: RegSvcs.exe, 00000001.00000002.610914759.00000000033A1000.00000004.00000001.sdmp | String found in binary or memory: http://uUOmOR.com |
Source: RegSvcs.exe, 00000001.00000002.612008583.0000000003496000.00000004.00000001.sdmp, RegSvcs.exe, 00000001.00000002.611789810.000000000346A000.00000004.00000001.sdmp, RegSvcs.exe, 00000001.00000002.611556475.0000000003434000.00000004.00000001.sdmp, RegSvcs.exe, 00000001.00000003.461890138.00000000013B4000.00000004.00000001.sdmp | String found in binary or memory: https://8yynu7fM6H7Nyg.com |
Source: RegSvcs.exe, 00000001.00000002.610914759.00000000033A1000.00000004.00000001.sdmp | String found in binary or memory: https://api.ipify.orgGETMozilla/5.0 |
Source: 30714756.exe, 00000000.00000002.253256411.00000000042D9000.00000004.00000001.sdmp, RegSvcs.exe, 00000001.00000002.607538381.0000000000402000.00000040.00000001.sdmp | String found in binary or memory: https://api.telegram.org/bot%telegramapi%/ |
Source: RegSvcs.exe, 00000001.00000002.610914759.00000000033A1000.00000004.00000001.sdmp | String found in binary or memory: https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x |
Source: 30714756.exe, 00000000.00000002.253256411.00000000042D9000.00000004.00000001.sdmp, RegSvcs.exe, 00000001.00000002.607538381.0000000000402000.00000040.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: RegSvcs.exe, 00000001.00000002.610914759.00000000033A1000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_015D2764 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_015DD7E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_015D1FE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_0162B860 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_01621C70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_01620040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_01625A98 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_01620022 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_0162CA28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_01690040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_01691DA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_0169D0CC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_01693FF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_01733908 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_033746A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_03374673 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_03374690 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_0162EC88 |
Source: 30714756.exe, ParentalControl/ParentalControl.cs | Security API names: System.Security.AccessControl.DirectorySecurity System.IO.DirectoryInfo::GetAccessControl() |
Source: 30714756.exe, ParentalControl/ParentalControl.cs | Security API names: System.Void System.IO.DirectoryInfo::SetAccessControl(System.Security.AccessControl.DirectorySecurity) |
Source: 30714756.exe, ParentalControl/ParentalControl.cs | Security API names: System.Void System.Security.AccessControl.FileSystemSecurity::AddAccessRule(System.Security.AccessControl.FileSystemAccessRule) |
Source: 0.2.30714756.exe.e00000.0.unpack, ParentalControl/ParentalControl.cs | Security API names: System.Security.AccessControl.DirectorySecurity System.IO.DirectoryInfo::GetAccessControl() |
Source: 0.2.30714756.exe.e00000.0.unpack, ParentalControl/ParentalControl.cs | Security API names: System.Void System.IO.DirectoryInfo::SetAccessControl(System.Security.AccessControl.DirectorySecurity) |
Source: 0.2.30714756.exe.e00000.0.unpack, ParentalControl/ParentalControl.cs | Security API names: System.Void System.Security.AccessControl.FileSystemSecurity::AddAccessRule(System.Security.AccessControl.FileSystemAccessRule) |
Source: 0.0.30714756.exe.e00000.0.unpack, ParentalControl/ParentalControl.cs | Security API names: System.Security.AccessControl.DirectorySecurity System.IO.DirectoryInfo::GetAccessControl() |
Source: 0.0.30714756.exe.e00000.0.unpack, ParentalControl/ParentalControl.cs | Security API names: System.Void System.IO.DirectoryInfo::SetAccessControl(System.Security.AccessControl.DirectorySecurity) |
Source: 0.0.30714756.exe.e00000.0.unpack, ParentalControl/ParentalControl.cs | Security API names: System.Void System.Security.AccessControl.FileSystemSecurity::AddAccessRule(System.Security.AccessControl.FileSystemAccessRule) |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\30714756.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: RegSvcs.exe, 00000001.00000002.614838260.0000000006510000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllu |
Source: 30714756.exe, 00000000.00000002.252373031.000000000334D000.00000004.00000001.sdmp | Binary or memory string: VMware |
Source: RegSvcs.exe, 00000001.00000002.614948226.0000000006610000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: 30714756.exe, 00000000.00000002.252271119.00000000032D1000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: 30714756.exe, 00000000.00000002.252271119.00000000032D1000.00000004.00000001.sdmp | Binary or memory string: l%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: 30714756.exe, 00000000.00000002.252271119.00000000032D1000.00000004.00000001.sdmp | Binary or memory string: VMWARE |
Source: 30714756.exe, 00000000.00000002.252373031.000000000334D000.00000004.00000001.sdmp | Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: RegSvcs.exe, 00000001.00000002.614948226.0000000006610000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: RegSvcs.exe, 00000001.00000002.614948226.0000000006610000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: 30714756.exe, 00000000.00000002.252271119.00000000032D1000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II |
Source: 30714756.exe, 00000000.00000002.252373031.000000000334D000.00000004.00000001.sdmp | Binary or memory string: VMware |
Source: 30714756.exe, 00000000.00000002.252373031.000000000334D000.00000004.00000001.sdmp | Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: 30714756.exe, 00000000.00000002.252373031.000000000334D000.00000004.00000001.sdmp | Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: 30714756.exe, 00000000.00000002.252271119.00000000032D1000.00000004.00000001.sdmp | Binary or memory string: l"SOFTWARE\VMware, Inc.\VMware Tools |
Source: RegSvcs.exe, 00000001.00000002.614948226.0000000006610000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\30714756.exe | Queries volume information: C:\Users\user\Desktop\30714756.exe VolumeInformation |
Source: C:\Users\user\Desktop\30714756.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\30714756.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\30714756.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: C:\Users\user\Desktop\30714756.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |