Source: RegSvcs.exe, 00000001.00000002.916672093.0000000002901000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegSvcs.exe, 00000001.00000002.916672093.0000000002901000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: RegSvcs.exe, 00000001.00000002.920358509.0000000005C09000.00000004.00000001.sdmp | String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0 |
Source: RegSvcs.exe, 00000001.00000002.920358509.0000000005C09000.00000004.00000001.sdmp | String found in binary or memory: http://cps.letsencrypt.org0 |
Source: RegSvcs.exe, 00000001.00000002.920358509.0000000005C09000.00000004.00000001.sdmp | String found in binary or memory: http://cps.root-x1.letsencrypt.org0 |
Source: RegSvcs.exe, 00000001.00000002.920358509.0000000005C09000.00000004.00000001.sdmp | String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
Source: RegSvcs.exe, 00000001.00000002.920358509.0000000005C09000.00000004.00000001.sdmp | String found in binary or memory: http://r3.i.lencr.org/0 |
Source: RegSvcs.exe, 00000001.00000002.920358509.0000000005C09000.00000004.00000001.sdmp | String found in binary or memory: http://r3.o.lencr.org0 |
Source: PO.#4500499953.exe, 00000000.00000002.658913936.0000000002721000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: RegSvcs.exe, 00000001.00000002.916672093.0000000002901000.00000004.00000001.sdmp | String found in binary or memory: http://swoEaw.com |
Source: RegSvcs.exe, 00000001.00000002.917142846.0000000002C67000.00000004.00000001.sdmp | String found in binary or memory: http://wasstech.com |
Source: RegSvcs.exe, 00000001.00000002.916672093.0000000002901000.00000004.00000001.sdmp | String found in binary or memory: https://api.ipify.org%$ |
Source: RegSvcs.exe, 00000001.00000002.916672093.0000000002901000.00000004.00000001.sdmp | String found in binary or memory: https://api.ipify.org%GETMozilla/5.0 |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: RegSvcs.exe, 00000001.00000002.917213367.0000000002C8B000.00000004.00000001.sdmp, RegSvcs.exe, 00000001.00000002.917230712.0000000002C93000.00000004.00000001.sdmp, RegSvcs.exe, 00000001.00000002.916672093.0000000002901000.00000004.00000001.sdmp | String found in binary or memory: https://wZhClIFSimrbT.com |
Source: PO.#4500499953.exe, 00000000.00000002.659929187.0000000003898000.00000004.00000001.sdmp, RegSvcs.exe, 00000001.00000002.915098817.0000000000402000.00000040.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: RegSvcs.exe, 00000001.00000002.916672093.0000000002901000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_00362538 | 0_2_00362538 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_00362D8B | 0_2_00362D8B |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_026EF640 | 0_2_026EF640 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_026EC428 | 0_2_026EC428 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_026EC427 | 0_2_026EC427 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_026E98F8 | 0_2_026E98F8 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_04CD6FE0 | 0_2_04CD6FE0 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_04CD7360 | 0_2_04CD7360 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_04CDF8CC | 0_2_04CDF8CC |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_04CD84B0 | 0_2_04CD84B0 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_04CD8551 | 0_2_04CD8551 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_04CD87D8 | 0_2_04CD87D8 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_04CDD608 | 0_2_04CDD608 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_04CDD618 | 0_2_04CDD618 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_04CD73FD | 0_2_04CD73FD |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_04CD73B8 | 0_2_04CD73B8 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_04CD78FF | 0_2_04CD78FF |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_00369A7A | 0_2_00369A7A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_00D30073 | 1_2_00D30073 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_00D38970 | 1_2_00D38970 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_00D31B00 | 1_2_00D31B00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_00D32248 | 1_2_00D32248 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_00D32348 | 1_2_00D32348 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_00D34CE8 | 1_2_00D34CE8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_00E2DAE8 | 1_2_00E2DAE8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_028747A0 | 1_2_028747A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_028746B0 | 1_2_028746B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_05D05690 | 1_2_05D05690 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 1_2_05D0A208 | 1_2_05D0A208 |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0037043E push ebx; retf | 0_2_0037043F |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036B83D push ebx; retf | 0_2_0036B83E |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036C239 push ebx; retf | 0_2_0036C23A |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036BA23 push ebx; retf | 0_2_0036BA24 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036D02E push ebx; retf | 0_2_0036D02F |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036C41F push ebx; retf | 0_2_0036C420 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036BC06 push ebx; retf | 0_2_0036BC07 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036C602 push ebx; retf | 0_2_0036C603 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036CC62 push ebx; retf | 0_2_0036CC63 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036B64F push ebx; retf | 0_2_0036B650 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036C04B push ebx; retf | 0_2_0036C04C |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036CE4B push ebx; retf | 0_2_0036CE4C |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036B6F4 push ebx; retf | 0_2_0036B6F5 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036C0F0 push ebx; retf | 0_2_0036C0F1 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036B8E1 push ebx; retf | 0_2_0036B8E2 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036CEEC push ebx; retf | 0_2_0036CEED |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_003686E9 push ebx; retf | 0_2_003686EA |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036C2DD push ebx; retf | 0_2_0036C2DE |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036BAC4 push ebx; retf | 0_2_0036BAC5 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036C4C0 push ebx; retf | 0_2_0036C4C1 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036D0CF push ebx; retf | 0_2_0036D0D0 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036CB18 push ebx; retf | 0_2_0036CB19 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036CD06 push ebx; retf | 0_2_0036CD07 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036B503 push ebx; retf | 0_2_0036B504 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036C37E push ebx; retf | 0_2_0036C37F |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036BB65 push ebx; retf | 0_2_0036BB66 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036C561 push ebx; retf | 0_2_0036C562 |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_00363D4C push ebx; retf | 0_2_00363D4D |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036CBBD push ebx; retf | 0_2_0036CBBE |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036B5AA push ebx; retf | 0_2_0036B5AB |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Code function: 0_2_0036CDAA push ebx; retf | 0_2_0036CDAB |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: RegSvcs.exe, 00000001.00000002.919984659.0000000005AB0000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: VMWARE |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: RegSvcs.exe, 00000001.00000002.919984659.0000000005AB0000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: RegSvcs.exe, 00000001.00000002.919984659.0000000005AB0000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II |
Source: PO.#4500499953.exe, 00000000.00000002.658940267.0000000002744000.00000004.00000001.sdmp | Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: RegSvcs.exe, 00000001.00000002.920264191.0000000005BB5000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: RegSvcs.exe, 00000001.00000002.919984659.0000000005AB0000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Queries volume information: C:\Users\user\Desktop\PO.#4500499953.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\PO.#4500499953.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation | Jump to behavior |