Source: RegSvcs.exe, 00000005.00000002.483305104.0000000003231000.00000004.00000001.sdmp | String found in binary or memory: ftp://files.000webhost.com/zincocomputer147STORLengthWriteCloseGetBytesOpera |
Source: RegSvcs.exe, 00000005.00000002.483305104.0000000003231000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegSvcs.exe, 00000005.00000002.483305104.0000000003231000.00000004.00000001.sdmp | String found in binary or memory: http://CqZTYA.com |
Source: RegSvcs.exe, 00000005.00000002.483305104.0000000003231000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: All details.exe | String found in binary or memory: http://checkip.dyndns.org/ |
Source: RegSvcs.exe, 00000005.00000002.485377303.00000000034E1000.00000004.00000001.sdmp | String found in binary or memory: http://files.000webhost.com |
Source: All details.exe, 00000001.00000002.227146994.0000000002621000.00000004.00000001.sdmp, RegSvcs.exe, 00000005.00000002.485338104.00000000034D3000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: All details.exe | String found in binary or memory: http://servermanager.miixit.org/ |
Source: All details.exe | String found in binary or memory: http://servermanager.miixit.org/E |
Source: All details.exe | String found in binary or memory: http://servermanager.miixit.org/downloads/ |
Source: All details.exe | String found in binary or memory: http://servermanager.miixit.org/hits/hit_index.php?k= |
Source: All details.exe | String found in binary or memory: http://servermanager.miixit.org/hits/hit_index.php?k=1 |
Source: All details.exe | String found in binary or memory: http://servermanager.miixit.org/index_ru.html |
Source: All details.exe | String found in binary or memory: http://servermanager.miixit.org/index_ru.htmlk |
Source: All details.exe | String found in binary or memory: http://servermanager.miixit.org/report/reporter_index.php?name= |
Source: RegSvcs.exe, 00000005.00000002.485377303.00000000034E1000.00000004.00000001.sdmp | String found in binary or memory: http://us-east-1.route-1000.000webhost.awex.io |
Source: RegSvcs.exe, 00000005.00000002.484700152.000000000345F000.00000004.00000001.sdmp | String found in binary or memory: https://Y8cdnuVUpcPEsq.com |
Source: RegSvcs.exe, 00000005.00000002.484700152.000000000345F000.00000004.00000001.sdmp | String found in binary or memory: https://Y8cdnuVUpcPEsq.comL |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: All details.exe | String found in binary or memory: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CJU3DBQXBUQPC |
Source: All details.exe, 00000001.00000002.227685594.0000000003621000.00000004.00000001.sdmp, RegSvcs.exe, 00000005.00000002.479473527.0000000000402000.00000040.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: RegSvcs.exe, 00000005.00000002.483305104.0000000003231000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\All details.exe | Code function: 1_2_025FC2B0 |
Source: C:\Users\user\Desktop\All details.exe | Code function: 1_2_025F9968 |
Source: C:\Users\user\Desktop\All details.exe | Code function: 1_2_04C34958 |
Source: C:\Users\user\Desktop\All details.exe | Code function: 1_2_04C3AAD0 |
Source: C:\Users\user\Desktop\All details.exe | Code function: 1_2_04C38470 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 5_2_01A547A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 5_2_01A55473 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 5_2_01A53CCC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 5_2_01A54710 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 5_2_01A54773 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 5_2_01A546B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 5_2_01A546D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 5_2_01A5D661 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 5_2_06766508 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 5_2_06766850 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 5_2_067690D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 5_2_06767120 |
Source: All details.exe | Binary or memory string: OriginalFilename vs All details.exe |
Source: All details.exe, 00000001.00000002.231785531.000000000B4E0000.00000002.00000001.sdmp | Binary or memory string: System.OriginalFileName vs All details.exe |
Source: All details.exe, 00000001.00000002.231001702.0000000004C40000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamenlsbres.dll.muij% vs All details.exe |
Source: All details.exe, 00000001.00000002.227685594.0000000003621000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameTGqXBSLBNqFAlVDcDrdeyUgg.exe4 vs All details.exe |
Source: All details.exe, 00000001.00000002.227685594.0000000003621000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameDSASignature.dll@ vs All details.exe |
Source: All details.exe, 00000001.00000002.227258291.00000000026B9000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameSimpleUI.dll( vs All details.exe |
Source: All details.exe, 00000001.00000002.231918824.000000000B5E0000.00000002.00000001.sdmp | Binary or memory string: originalfilename vs All details.exe |
Source: All details.exe, 00000001.00000002.231918824.000000000B5E0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs All details.exe |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameScopelessEnumAttribute.exeF vs All details.exe |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: l,\\StringFileInfo\\000004B0\\OriginalFilename vs All details.exe |
Source: All details.exe | Binary or memory string: OriginalFilenameScopelessEnumAttribute.exeF vs All details.exe |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\All details.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX |
Source: RegSvcs.exe, 00000005.00000002.489993396.0000000006400000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: VMWARE |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: RegSvcs.exe, 00000005.00000002.489993396.0000000006400000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: RegSvcs.exe, 00000005.00000002.489993396.0000000006400000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II |
Source: All details.exe, 00000001.00000002.227200058.000000000266D000.00000004.00000001.sdmp | Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: RegSvcs.exe, 00000005.00000002.490227541.0000000006562000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: RegSvcs.exe, 00000005.00000002.489993396.0000000006400000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\All details.exe | Queries volume information: C:\Users\user\Desktop\All details.exe VolumeInformation |
Source: C:\Users\user\Desktop\All details.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\Desktop\All details.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\All details.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\All details.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: C:\Users\user\Desktop\All details.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |