Source: | Binary string: PresentationFramework.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: PresentationCore.ni.pdbRSDSc source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: WindowsBase.ni.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: PS-CollectionTool.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: PS-CollectionTool.pdbMZ source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: mscorlib.ni.pdbRSDS source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: mscorlib.pdb* source: PS-CollectionTool.exe, 00000000.00000002.1187189249.0000017DA0B61000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: System.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.Core.ni.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: PresentationFramework.ni.pdbRSDS source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: D:\projects\C#\PSCollectionTool\PS-CollectionTool\obj\x64\Release\PS-CollectionTool.pdb source: PS-CollectionTool.exe |
Source: | Binary string: System.Xaml.ni.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: WindowsBase.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: mscorlib.pdb source: PS-CollectionTool.exe, 00000000.00000002.1187189249.0000017DA0B61000.00000004.00000800.00020000.00000000.sdmp, WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.ni.pdbRSDSw source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: PresentationCore.ni.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.pdbH source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.Xaml.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: mscorlib.ni.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.Core.pdbco source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.Xaml.ni.pdbRSDS\Y source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.Core.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.pdb source: PS-CollectionTool.exe, 00000000.00000002.1186616661.0000017D9F037000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: PresentationFramework.ni.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: PresentationCore.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.ni.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.Core.ni.pdbRSDS source: WER1A3B.tmp.dmp.4.dr |
Source: PS-CollectionTool.exe | String found in binary or memory: http://schemas.datacontract.org/2004/07/CT_WCF_WebRole |
Source: PS-CollectionTool.exe | String found in binary or memory: http://tempuri.org/CT_IService/GetDataResponse |
Source: PS-CollectionTool.exe | String found in binary or memory: http://tempuri.org/CT_IService/GetDataT |
Source: PS-CollectionTool.exe | String found in binary or memory: http://tempuri.org/CT_IService/GetDataUsingDataContractResponse |
Source: PS-CollectionTool.exe | String found in binary or memory: http://tempuri.org/CT_IService/GetDataUsingDataContractT |
Source: PS-CollectionTool.exe | String found in binary or memory: http://tempuri.org/CT_IService/IsHostBlockedResponse |
Source: PS-CollectionTool.exe | String found in binary or memory: http://tempuri.org/CT_IService/IsHostBlockedT |
Source: PS-CollectionTool.exe | String found in binary or memory: http://tempuri.org/CT_IService/WriteFileDetailsResponse |
Source: PS-CollectionTool.exe | String found in binary or memory: http://tempuri.org/CT_IService/WriteFileDetailsT |
Source: PS-CollectionTool.exe | String found in binary or memory: http://tempuri.org/CT_IService/WriteInitialResponse |
Source: PS-CollectionTool.exe | String found in binary or memory: http://tempuri.org/CT_IService/WriteInitialT |
Source: Amcache.hve.4.dr | String found in binary or memory: http://upx.sf.net |
Source: PS-CollectionTool.exe | String found in binary or memory: http://wpfanimatedgif.codeplex.com |
Source: PS-CollectionTool.exe | String found in binary or memory: https://iceluc3.wixsite.com/smartoptimize |
Source: PS-CollectionTool.exe | String found in binary or memory: Iteration 3JSON start parsing result/Loading to Dictionary: |
Source: PS-CollectionTool.exe | String found in binary or memory: ipv4-address |
Source: PS-CollectionTool.exe | String found in binary or memory: show-address-ranges;500;full;address-ranges.txt;Address Ranges;false;true |
Source: PS-CollectionTool.exe | String found in binary or memory: 8resources/loading/border.png |
Source: PS-CollectionTool.exe | String found in binary or memory: :resources/loading/loader5.gif |
Source: PS-CollectionTool.exe | String found in binary or memory: <resources/loading/loading1.gif |
Source: PS-CollectionTool.exe | String found in binary or memory: <resources/loading/loading2.gifQ |
Source: PS-CollectionTool.exe | String found in binary or memory: <resources/loading/loading3.gif= |
Source: PS-CollectionTool.exe | String found in binary or memory: <resources/loading/loading4.gif |
Source: PS-CollectionTool.exe | String found in binary or memory: <resources/loading/loading5.gif] |
Source: PS-CollectionTool.exe | String found in binary or memory: ../Resources/Loading/Loader5.gif |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: | Binary string: PresentationFramework.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: PresentationCore.ni.pdbRSDSc source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: WindowsBase.ni.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: PS-CollectionTool.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: PS-CollectionTool.pdbMZ source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: mscorlib.ni.pdbRSDS source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: mscorlib.pdb* source: PS-CollectionTool.exe, 00000000.00000002.1187189249.0000017DA0B61000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: System.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.Core.ni.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: PresentationFramework.ni.pdbRSDS source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: D:\projects\C#\PSCollectionTool\PS-CollectionTool\obj\x64\Release\PS-CollectionTool.pdb source: PS-CollectionTool.exe |
Source: | Binary string: System.Xaml.ni.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: WindowsBase.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: mscorlib.pdb source: PS-CollectionTool.exe, 00000000.00000002.1187189249.0000017DA0B61000.00000004.00000800.00020000.00000000.sdmp, WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.ni.pdbRSDSw source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: PresentationCore.ni.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.pdbH source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.Xaml.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: mscorlib.ni.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.Core.pdbco source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.Xaml.ni.pdbRSDS\Y source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.Core.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.pdb source: PS-CollectionTool.exe, 00000000.00000002.1186616661.0000017D9F037000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: PresentationFramework.ni.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: PresentationCore.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.ni.pdb source: WER1A3B.tmp.dmp.4.dr |
Source: | Binary string: System.Core.ni.pdbRSDS source: WER1A3B.tmp.dmp.4.dr |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PS-CollectionTool.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: Amcache.hve.4.dr | Binary or memory string: VMware |
Source: Amcache.hve.4.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.4.dr | Binary or memory string: vmci.syshbin |
Source: Amcache.hve.4.dr | Binary or memory string: VMware, Inc. |
Source: Amcache.hve.4.dr | Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.4.dr | Binary or memory string: VMware-42 27 c8 0c e4 52 1d cc-a0 8f d3 a4 82 3e 8f 04 |
Source: Amcache.hve.4.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.4.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.4.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.4.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.4.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.4.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.4.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.4.dr | Binary or memory string: vmci.sys |
Source: Amcache.hve.4.dr | Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.4.dr | Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.4.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.4.dr | Binary or memory string: VMware20,1 |
Source: Amcache.hve.4.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.4.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.4.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.4.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.4.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.4.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.4.dr | Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.4.dr | Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.4.dr | Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.4.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: PS-CollectionTool.exe | Binary or memory string: \qEmu |
Source: Amcache.hve.4.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |