Source: RegSvcs.exe, 00000002.00000002.462879077.0000000003171000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegSvcs.exe, 00000002.00000002.462879077.0000000003171000.00000004.00000001.sdmp | String found in binary or memory: http://CvqG2KRIY7VhTa.o |
Source: RegSvcs.exe, 00000002.00000002.462879077.0000000003171000.00000004.00000001.sdmp, RegSvcs.exe, 00000002.00000002.464427936.000000000345D000.00000004.00000001.sdmp | String found in binary or memory: http://CvqG2KRIY7VhTa.org |
Source: RegSvcs.exe, 00000002.00000002.462879077.0000000003171000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: RegSvcs.exe, 00000002.00000002.462434107.00000000016D5000.00000004.00000001.sdmp | String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0 |
Source: RegSvcs.exe, 00000002.00000002.462434107.00000000016D5000.00000004.00000001.sdmp | String found in binary or memory: http://cps.letsencrypt.org0 |
Source: RegSvcs.exe, 00000002.00000002.462434107.00000000016D5000.00000004.00000001.sdmp | String found in binary or memory: http://cps.root-x1.letsencrypt.org0 |
Source: RegSvcs.exe, 00000002.00000002.462434107.00000000016D5000.00000004.00000001.sdmp | String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
Source: RegSvcs.exe, 00000002.00000002.462879077.0000000003171000.00000004.00000001.sdmp | String found in binary or memory: http://hcwBaC.com |
Source: RegSvcs.exe, 00000002.00000002.464306400.0000000003431000.00000004.00000001.sdmp | String found in binary or memory: http://mail.priserveinfra.com |
Source: RegSvcs.exe, 00000002.00000002.464306400.0000000003431000.00000004.00000001.sdmp | String found in binary or memory: http://priserveinfra.com |
Source: RegSvcs.exe, 00000002.00000002.462434107.00000000016D5000.00000004.00000001.sdmp | String found in binary or memory: http://r3.i.lencr.org/01 |
Source: RegSvcs.exe, 00000002.00000002.462434107.00000000016D5000.00000004.00000001.sdmp | String found in binary or memory: http://r3.o.lencr.org0 |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202880593.0000000003391000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: RegSvcs.exe, 00000002.00000002.462879077.0000000003171000.00000004.00000001.sdmp | String found in binary or memory: https://api.ipify.org%$ |
Source: RegSvcs.exe, 00000002.00000002.462879077.0000000003171000.00000004.00000001.sdmp | String found in binary or memory: https://api.ipify.org%GETMozilla/5.0 |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.203209096.0000000004399000.00000004.00000001.sdmp, RegSvcs.exe, 00000002.00000000.201228524.0000000000402000.00000040.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: RegSvcs.exe, 00000002.00000002.462879077.0000000003171000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_01A09A88 | 0_2_01A09A88 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_01A0C728 | 0_2_01A0C728 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_01A0B160 | 0_2_01A0B160 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_03233278 | 0_2_03233278 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_03230040 | 0_2_03230040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_03230265 | 0_2_03230265 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_03230292 | 0_2_03230292 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_03230006 | 0_2_03230006 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062AC588 | 0_2_062AC588 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062AD3F0 | 0_2_062AD3F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062AB3C0 | 0_2_062AB3C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062A80D0 | 0_2_062A80D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062ABB90 | 0_2_062ABB90 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062AF670 | 0_2_062AF670 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062AF468 | 0_2_062AF468 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062AC578 | 0_2_062AC578 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062AE2C0 | 0_2_062AE2C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062AB3B9 | 0_2_062AB3B9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062AC028 | 0_2_062AC028 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062A0006 | 0_2_062A0006 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062AC018 | 0_2_062AC018 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062A0040 | 0_2_062A0040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062A80C0 | 0_2_062A80C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062ABED1 | 0_2_062ABED1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062A7B20 | 0_2_062A7B20 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062A7B12 | 0_2_062A7B12 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062ABB82 | 0_2_062ABB82 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062AA809 | 0_2_062AA809 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062AA818 | 0_2_062AA818 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062AF898 | 0_2_062AF898 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_018947A0 | 2_2_018947A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_01893CCC | 2_2_01893CCC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_018946B0 | 2_2_018946B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_018946F0 | 2_2_018946F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_01895490 | 2_2_01895490 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_05C5A490 | 2_2_05C5A490 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_05C50374 | 2_2_05C50374 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_05C57D98 | 2_2_05C57D98 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_05C5CF80 | 2_2_05C5CF80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_05C56E38 | 2_2_05C56E38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065B555C | 2_2_065B555C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065BA228 | 2_2_065BA228 |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_03233EFA push esp; ret | 0_2_03233F41 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062A5622 push es; retf | 0_2_062A5650 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062A54ED push es; ret | 0_2_062A54F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Code function: 0_2_062A58BE push es; retf | 0_2_062A5934 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_05C54666 push 8AE8CF8Bh; iretd | 2_2_05C5466B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_05C52B21 push 83085F8Bh; ret | 2_2_05C52B26 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_05C52A21 push 83085F8Bh; ret | 2_2_05C52A26 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065B66C8 push cs; iretd | 2_2_065B66CA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065BA7E8 push esi; iretd | 2_2_065BA7EA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065B8490 push eax; iretd | 2_2_065B8491 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065B6480 push cs; iretd | 2_2_065B6482 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065BA21B push ebx; iretd | 2_2_065BA222 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065BA008 push edx; iretd | 2_2_065BA00A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065BA141 push edx; iretd | 2_2_065BA142 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065BA173 push edx; iretd | 2_2_065BA17A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065B9FB0 push edx; iretd | 2_2_065B9FB2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065B9C83 push eax; iretd | 2_2_065B9C86 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065B9C81 push eax; iretd | 2_2_065B9C82 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065B9C87 push eax; iretd | 2_2_065B9C8A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065BAAB8 push esi; iretd | 2_2_065BAABA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065BAB7F push edi; iretd | 2_2_065BAB82 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065BAB63 push esi; iretd | 2_2_065BAB6A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065BA89B push esi; iretd | 2_2_065BA8A2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 2_2_065BA899 push esi; iretd | 2_2_065BA89A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: RegSvcs.exe, 00000002.00000002.467260283.0000000006460000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: RegSvcs.exe, 00000002.00000002.467168064.0000000006360000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllws\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WS` |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: VMWARE |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: RegSvcs.exe, 00000002.00000002.467260283.0000000006460000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: RegSvcs.exe, 00000002.00000002.467260283.0000000006460000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II |
Source: SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe, 00000000.00000002.202906740.00000000033C0000.00000004.00000001.sdmp | Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: RegSvcs.exe, 00000002.00000002.467260283.0000000006460000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.MSILHeracles.17940.23513.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation | Jump to behavior |