Source: RegSvcs.exe, 00000002.00000002.604865648.0000000002FC1000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegSvcs.exe, 00000002.00000002.604865648.0000000002FC1000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: RegSvcs.exe, 00000002.00000002.605727213.00000000032DB000.00000004.00000001.sdmp, RegSvcs.exe, 00000002.00000002.604865648.0000000002FC1000.00000004.00000001.sdmp, RegSvcs.exe, 00000002.00000002.606044540.0000000003355000.00000004.00000001.sdmp |
String found in binary or memory: http://Ustq4cbAUDG33rrxc.org |
Source: RegSvcs.exe, 00000002.00000002.605929038.000000000332A000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: RegSvcs.exe, 00000002.00000002.610640634.000000000638F000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: RegSvcs.exe, 00000002.00000002.605929038.000000000332A000.00000004.00000001.sdmp |
String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0# |
Source: RegSvcs.exe, 00000002.00000002.604865648.0000000002FC1000.00000004.00000001.sdmp |
String found in binary or memory: http://kRGqzl.com |
Source: RegSvcs.exe, 00000002.00000002.605929038.000000000332A000.00000004.00000001.sdmp |
String found in binary or memory: http://mail.citechco.net |
Source: RegSvcs.exe, 00000002.00000002.605929038.000000000332A000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: RegSvcs.exe, 00000002.00000002.605929038.000000000332A000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.sectigo.com0 |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352422358.0000000002D41000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: RegSvcs.exe, 00000002.00000002.604865648.0000000002FC1000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org%$ |
Source: RegSvcs.exe, 00000002.00000002.604865648.0000000002FC1000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org%GETMozilla/5.0 |
Source: RegSvcs.exe, 00000002.00000002.605929038.000000000332A000.00000004.00000001.sdmp |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.353706824.0000000003D49000.00000004.00000001.sdmp, RegSvcs.exe, 00000002.00000000.344864623.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: RegSvcs.exe, 00000002.00000002.604865648.0000000002FC1000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_006D8024 |
0_2_006D8024 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_006D2696 |
0_2_006D2696 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_0122C788 |
0_2_0122C788 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_0122AD88 |
0_2_0122AD88 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02A30281 |
0_2_02A30281 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02A31945 |
0_2_02A31945 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02A30239 |
0_2_02A30239 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02A30268 |
0_2_02A30268 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02A30007 |
0_2_02A30007 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02A30040 |
0_2_02A30040 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D1A130 |
0_2_02D1A130 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D1A120 |
0_2_02D1A120 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D19EC0 |
0_2_02D19EC0 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D19EBF |
0_2_02D19EBF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0162BD70 |
2_2_0162BD70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_016205EF |
2_2_016205EF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_01624B80 |
2_2_01624B80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_016296F8 |
2_2_016296F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_01628E80 |
2_2_01628E80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_016253C8 |
2_2_016253C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_016252CA |
2_2_016252CA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_016B47A0 |
2_2_016B47A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_016B4730 |
2_2_016B4730 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_016B4790 |
2_2_016B4790 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_016B46B0 |
2_2_016B46B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_016BD670 |
2_2_016BD670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_06546508 |
2_2_06546508 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_06546850 |
2_2_06546850 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_065490D8 |
2_2_065490D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_06547120 |
2_2_06547120 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_06895690 |
2_2_06895690 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0689A208 |
2_2_0689A208 |
Source: Proforma Invoice No. 14214.exe, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: Proforma Invoice No. 14214.exe, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.Proforma Invoice No. 14214.exe.6d0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.Proforma Invoice No. 14214.exe.6d0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.0.Proforma Invoice No. 14214.exe.6d0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.0.Proforma Invoice No. 14214.exe.6d0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 2.2.RegSvcs.exe.400000.0.unpack, A/b2.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 2.2.RegSvcs.exe.400000.0.unpack, A/b2.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 2.0.RegSvcs.exe.400000.0.unpack, A/b2.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 2.0.RegSvcs.exe.400000.0.unpack, A/b2.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_0122EC7A push eax; ret |
0_2_0122EC81 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D18351 pushad ; retf |
0_2_02D18352 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D18369 pushad ; retf |
0_2_02D1836A |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D181ED pushad ; retf |
0_2_02D181EF |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D186A8 pushad ; retf |
0_2_02D186A9 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D1F613 push cs; ret |
0_2_02D1F621 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D137B8 push edx; retf |
0_2_02D13896 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D1F707 push edx; ret |
0_2_02D1F70D |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D18444 pushad ; retf |
0_2_02D18445 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D1846F pushad ; retf |
0_2_02D18471 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D12428 push edx; retf |
0_2_02D1243A |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D1842C pushad ; retf |
0_2_02D1842D |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D16547 pushad ; retf |
0_2_02D16556 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D17AD8 pushad ; retf |
0_2_02D17AD9 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D14AF0 pushad ; retf |
0_2_02D14AFE |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D17AB4 pushad ; retf |
0_2_02D17AB5 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D129EF pushad ; ret |
0_2_02D12A03 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D17E56 pushad ; retf |
0_2_02D17E57 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D17E44 pushad ; retf |
0_2_02D17E46 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D17E7A pushad ; retf |
0_2_02D17E7C |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D17E6E pushad ; retf |
0_2_02D17E6F |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D17E13 pushad ; retf |
0_2_02D17E14 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D17F38 pushad ; retf |
0_2_02D17F39 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D17F26 pushad ; retf |
0_2_02D17F28 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D17CBA pushad ; retf |
0_2_02D17CBB |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D17D80 pushad ; retf |
0_2_02D17D81 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D17DAB pushad ; retf |
0_2_02D17DAD |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D17D57 pushad ; retf |
0_2_02D17D58 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Code function: 0_2_02D17D68 pushad ; retf |
0_2_02D17D69 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_016234EC push eax; retf |
2_2_016234ED |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0162ECF1 push es; ret |
2_2_0162ED00 |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: RegSvcs.exe, 00000002.00000002.610252863.0000000006160000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: VMWARE |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: RegSvcs.exe, 00000002.00000002.610252863.0000000006160000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: RegSvcs.exe, 00000002.00000002.610252863.0000000006160000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II |
Source: Proforma Invoice No. 14214.exe, 00000000.00000002.352826103.0000000002D7F000.00000004.00000001.sdmp |
Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: RegSvcs.exe, 00000002.00000002.610640634.000000000638F000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: RegSvcs.exe, 00000002.00000002.610252863.0000000006160000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Queries volume information: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Proforma Invoice No. 14214.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation |
Jump to behavior |