Source: HDDScan.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: HDDScan.exe |
String found in binary or memory: http://bsalsa.com/ |
Source: HDDScan.exe |
String found in binary or memory: http://hddscan.com/dfgkjdfg435egdvkjdv |
Source: HDDScan.exe |
String found in binary or memory: http://hddscan.comopen |
Source: HDDScan.exe |
String found in binary or memory: http://hddscan.ruopenj |
Source: Amcache.hve.3.dr |
String found in binary or memory: http://upx.sf.net |
Source: HDDScan.exe |
String found in binary or memory: http://www.bsalsa.com/ |
Source: HDDScan.exe |
String found in binary or memory: http://www.hddscan.com |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: colorui.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: mscms.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: coloradapterclient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: compstui.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: inetres.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: olepro32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: HDDScan.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: C:\Users\user\Desktop\HDDScan.exe |
Mutant created: NULL |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6916 |
Source: C:\Users\user\Desktop\HDDScan.exe |
Mutant created: \Sessions\1\BaseNamedObjects\HDDScanTaskMutex |
Source: Yara match |
File source: HDDScan.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.HDDScan.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.1627302543.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: HDDScan.exe |
String found in binary or memory: /Accumulated start-stop cycles |
Source: HDDScan.exe |
String found in binary or memory: Fake Start/Stop Count |
Source: HDDScan.exe |
String found in binary or memory: Fake Start/Stop Count |
Source: HDDScan.exe |
String found in binary or memory: Start/Stop Count |
Source: HDDScan.exe |
String found in binary or memory: Start/Stop Count |
Source: unknown |
Process created: C:\Users\user\Desktop\HDDScan.exe "C:\Users\user\Desktop\HDDScan.exe" |
Source: C:\Users\user\Desktop\HDDScan.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 596 |
Source: C:\Users\user\Desktop\HDDScan.exe |
Code function: 0_3_028A1E7F push 675800CFh; iretd |
0_3_028A1EC2 |
Source: C:\Users\user\Desktop\HDDScan.exe |
Code function: 0_2_0019C014 push eax; ret |
0_2_0019C015 |
Source: C:\Users\user\Desktop\HDDScan.exe |
Code function: 0_2_0019C324 push eax; ret |
0_2_0019C325 |
Source: C:\Users\user\Desktop\HDDScan.exe |
Code function: 0_2_0019B964 push eax; iretd |
0_2_0019B965 |
Source: C:\Users\user\Desktop\HDDScan.exe |
Code function: 0_2_0019DCB8 pushad ; ret |
0_2_0019DCE8 |
Source: C:\Users\user\Desktop\HDDScan.exe |
Code function: 0_2_0019C0A4 push esp; ret |
0_2_0019C0B5 |
Source: C:\Users\user\Desktop\HDDScan.exe |
Code function: 0_2_0019D4DE pushad ; retf |
0_2_0019D57F |
Source: C:\Users\user\Desktop\HDDScan.exe |
Code function: 0_2_0019BFFC pushfd ; retn 0019h |
0_2_0019BFFD |
Source: C:\Users\user\Desktop\HDDScan.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\HDDScan.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.3.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.3.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.3.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.3.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.3.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.3.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.3.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.3.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.3.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.3.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.3.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.3.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.3.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.3.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.3.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.3.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.3.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.3.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: HDDScan.exe, 00000000.00000002.1825965942.0000000000D02000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}p |
Source: Amcache.hve.3.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.3.dr |
Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe |
Source: Amcache.hve.3.dr |
Binary or memory string: msmpeng.exe |
Source: Amcache.hve.3.dr |
Binary or memory string: c:\program files\windows defender\msmpeng.exe |
Source: Amcache.hve.3.dr |
Binary or memory string: MsMpEng.exe |