Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140034870 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140035270 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140048AC0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014005C340 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140065B80 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014006A4B0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400524B0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140026CC0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014004BD40 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400495B0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140036F30 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140069010 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140001010 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140066020 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002F840 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014005D850 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140064080 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140010880 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400688A0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002D0D0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400018D0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140016100 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014001D100 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002A110 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014001D910 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140015120 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014000B120 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014004F940 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140039140 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140023140 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140057950 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014001E170 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140002980 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400611A0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400389A0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400381A0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002E1B0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400139D0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400319F0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002EA00 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140022A00 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014003B220 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140067A40 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140069A50 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140007A60 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014003AAC0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014003A2E0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140062B00 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140018300 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002FB20 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140031340 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140022340 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140017B40 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014000BB40 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014004EB60 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140005370 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002CB80 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014006B390 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140054BA0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140033BB0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400263C0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400123C0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140063BD0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400663F0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140023BF0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014006B41B |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014006B424 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014006B42D |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014006B436 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014006B43D |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140024440 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140005C40 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014006B446 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014005F490 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140022D00 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140035520 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140019D20 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140030530 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140023530 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140031540 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140033540 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014007BD50 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140078570 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140019580 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400205A0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140025DB0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140071DC0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014000C5C0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002DDE0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140031DF0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014000DDF0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140001620 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140018630 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140032650 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140064E80 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140016E80 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140007EA0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400286B0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140006EB0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400276C0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002FEC0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002EED0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014002B6E0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140053F20 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140022730 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140029780 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140018F80 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_000000014003EFB0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400067B0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_00000001400667D0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 1_2_0000000140060FE0 |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF6603239A0 |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF66032CE08 |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF6603235EC |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF660328DF0 |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF6603A1690 |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF66031DA8C |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF66032EAB4 |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF660354320 |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF660314EC4 |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF6603312E0 |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF660316B94 |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF660315410 |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF6603277C0 |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF66032A858 |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF660328060 |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF6603284C0 |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF6603264DC |
Source: C:\Users\user\AppData\Local\YTBx\tcmsetup.exe | Code function: 26_2_00007FF6193B1A38 |
Source: unknown | Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe 'C:\Users\user\Desktop\2JlIMkLNXh.dll' |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\2JlIMkLNXh.dll',#1 |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\2JlIMkLNXh.dll,CreateXmlReader |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\2JlIMkLNXh.dll',#1 |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\2JlIMkLNXh.dll,CreateXmlReaderInputWithEncodingCodePage |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\2JlIMkLNXh.dll,CreateXmlReaderInputWithEncodingName |
Source: C:\Windows\explorer.exe | Process created: C:\Windows\System32\mstsc.exe C:\Windows\system32\mstsc.exe |
Source: C:\Windows\explorer.exe | Process created: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe |
Source: unknown | Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding |
Source: C:\Windows\explorer.exe | Process created: C:\Windows\System32\tcmsetup.exe C:\Windows\system32\tcmsetup.exe |
Source: C:\Windows\explorer.exe | Process created: C:\Users\user\AppData\Local\YTBx\tcmsetup.exe C:\Users\user\AppData\Local\YTBx\tcmsetup.exe |
Source: unknown | Process created: C:\Windows\explorer.exe explorer.exe |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\2JlIMkLNXh.dll',#1 |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\2JlIMkLNXh.dll,CreateXmlReader |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\2JlIMkLNXh.dll,CreateXmlReaderInputWithEncodingCodePage |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\2JlIMkLNXh.dll,CreateXmlReaderInputWithEncodingName |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\2JlIMkLNXh.dll',#1 |
Source: C:\Windows\explorer.exe | Process created: C:\Windows\System32\mstsc.exe C:\Windows\system32\mstsc.exe |
Source: C:\Windows\explorer.exe | Process created: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe |
Source: C:\Windows\explorer.exe | Process created: C:\Windows\System32\tcmsetup.exe C:\Windows\system32\tcmsetup.exe |
Source: C:\Windows\explorer.exe | Process created: C:\Users\user\AppData\Local\YTBx\tcmsetup.exe C:\Users\user\AppData\Local\YTBx\tcmsetup.exe |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .qkm |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .cvjb |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .tlmkv |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .wucsxe |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .fltwtj |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .sfplio |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .rpg |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .bewzc |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .vksvaw |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .wmhg |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .kswemc |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .kaxfk |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .pjf |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .retjqj |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .mizn |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .rsrub |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .susbqq |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .jeojcw |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .vwl |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .mub |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .xwxpmb |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .aea |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .lwpch |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .nzgp |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .qimx |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .jbqbr |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .kxxxil |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .drpaa |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .lepjc |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .ywrsat |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .ialjct |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .ujrqkf |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .lwaoje |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .pces |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .zuizg |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .upz |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .wxuh |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .fsdfq |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .xxlo |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .hcxtgl |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .owbx |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .phg |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .trmoj |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .zaixaf |
Source: 2JlIMkLNXh.dll | Static PE information: section name: .myzf |
Source: mstsc.exe.6.dr | Static PE information: section name: .didat |
Source: Secur32.dll.6.dr | Static PE information: section name: .qkm |
Source: Secur32.dll.6.dr | Static PE information: section name: .cvjb |
Source: Secur32.dll.6.dr | Static PE information: section name: .tlmkv |
Source: Secur32.dll.6.dr | Static PE information: section name: .wucsxe |
Source: Secur32.dll.6.dr | Static PE information: section name: .fltwtj |
Source: Secur32.dll.6.dr | Static PE information: section name: .sfplio |
Source: Secur32.dll.6.dr | Static PE information: section name: .rpg |
Source: Secur32.dll.6.dr | Static PE information: section name: .bewzc |
Source: Secur32.dll.6.dr | Static PE information: section name: .vksvaw |
Source: Secur32.dll.6.dr | Static PE information: section name: .wmhg |
Source: Secur32.dll.6.dr | Static PE information: section name: .kswemc |
Source: Secur32.dll.6.dr | Static PE information: section name: .kaxfk |
Source: Secur32.dll.6.dr | Static PE information: section name: .pjf |
Source: Secur32.dll.6.dr | Static PE information: section name: .retjqj |
Source: Secur32.dll.6.dr | Static PE information: section name: .mizn |
Source: Secur32.dll.6.dr | Static PE information: section name: .rsrub |
Source: Secur32.dll.6.dr | Static PE information: section name: .susbqq |
Source: Secur32.dll.6.dr | Static PE information: section name: .jeojcw |
Source: Secur32.dll.6.dr | Static PE information: section name: .vwl |
Source: Secur32.dll.6.dr | Static PE information: section name: .mub |
Source: Secur32.dll.6.dr | Static PE information: section name: .xwxpmb |
Source: Secur32.dll.6.dr | Static PE information: section name: .aea |
Source: Secur32.dll.6.dr | Static PE information: section name: .lwpch |
Source: Secur32.dll.6.dr | Static PE information: section name: .nzgp |
Source: Secur32.dll.6.dr | Static PE information: section name: .qimx |
Source: Secur32.dll.6.dr | Static PE information: section name: .jbqbr |
Source: Secur32.dll.6.dr | Static PE information: section name: .kxxxil |
Source: Secur32.dll.6.dr | Static PE information: section name: .drpaa |
Source: Secur32.dll.6.dr | Static PE information: section name: .lepjc |
Source: Secur32.dll.6.dr | Static PE information: section name: .ywrsat |
Source: Secur32.dll.6.dr | Static PE information: section name: .ialjct |
Source: Secur32.dll.6.dr | Static PE information: section name: .ujrqkf |
Source: Secur32.dll.6.dr | Static PE information: section name: .lwaoje |
Source: Secur32.dll.6.dr | Static PE information: section name: .pces |
Source: Secur32.dll.6.dr | Static PE information: section name: .zuizg |
Source: Secur32.dll.6.dr | Static PE information: section name: .upz |
Source: Secur32.dll.6.dr | Static PE information: section name: .wxuh |
Source: Secur32.dll.6.dr | Static PE information: section name: .fsdfq |
Source: Secur32.dll.6.dr | Static PE information: section name: .xxlo |
Source: Secur32.dll.6.dr | Static PE information: section name: .hcxtgl |
Source: Secur32.dll.6.dr | Static PE information: section name: .owbx |
Source: Secur32.dll.6.dr | Static PE information: section name: .phg |
Source: Secur32.dll.6.dr | Static PE information: section name: .trmoj |
Source: Secur32.dll.6.dr | Static PE information: section name: .zaixaf |
Source: Secur32.dll.6.dr | Static PE information: section name: .myzf |
Source: Secur32.dll.6.dr | Static PE information: section name: .jdkzt |
Source: TAPI32.dll.6.dr | Static PE information: section name: .qkm |
Source: TAPI32.dll.6.dr | Static PE information: section name: .cvjb |
Source: TAPI32.dll.6.dr | Static PE information: section name: .tlmkv |
Source: TAPI32.dll.6.dr | Static PE information: section name: .wucsxe |
Source: TAPI32.dll.6.dr | Static PE information: section name: .fltwtj |
Source: TAPI32.dll.6.dr | Static PE information: section name: .sfplio |
Source: TAPI32.dll.6.dr | Static PE information: section name: .rpg |
Source: TAPI32.dll.6.dr | Static PE information: section name: .bewzc |
Source: TAPI32.dll.6.dr | Static PE information: section name: .vksvaw |
Source: TAPI32.dll.6.dr | Static PE information: section name: .wmhg |
Source: TAPI32.dll.6.dr | Static PE information: section name: .kswemc |
Source: TAPI32.dll.6.dr | Static PE information: section name: .kaxfk |
Source: TAPI32.dll.6.dr | Static PE information: section name: .pjf |
Source: TAPI32.dll.6.dr | Static PE information: section name: .retjqj |
Source: TAPI32.dll.6.dr | Static PE information: section name: .mizn |
Source: TAPI32.dll.6.dr | Static PE information: section name: .rsrub |
Source: TAPI32.dll.6.dr | Static PE information: section name: .susbqq |
Source: TAPI32.dll.6.dr | Static PE information: section name: .jeojcw |
Source: TAPI32.dll.6.dr | Static PE information: section name: .vwl |
Source: TAPI32.dll.6.dr | Static PE information: section name: .mub |
Source: TAPI32.dll.6.dr | Static PE information: section name: .xwxpmb |
Source: TAPI32.dll.6.dr | Static PE information: section name: .aea |
Source: TAPI32.dll.6.dr | Static PE information: section name: .lwpch |
Source: TAPI32.dll.6.dr | Static PE information: section name: .nzgp |
Source: TAPI32.dll.6.dr | Static PE information: section name: .qimx |
Source: TAPI32.dll.6.dr | Static PE information: section name: .jbqbr |
Source: TAPI32.dll.6.dr | Static PE information: section name: .kxxxil |
Source: TAPI32.dll.6.dr | Static PE information: section name: .drpaa |
Source: TAPI32.dll.6.dr | Static PE information: section name: .lepjc |
Source: TAPI32.dll.6.dr | Static PE information: section name: .ywrsat |
Source: TAPI32.dll.6.dr | Static PE information: section name: .ialjct |
Source: TAPI32.dll.6.dr | Static PE information: section name: .ujrqkf |
Source: TAPI32.dll.6.dr | Static PE information: section name: .lwaoje |
Source: TAPI32.dll.6.dr | Static PE information: section name: .pces |
Source: TAPI32.dll.6.dr | Static PE information: section name: .zuizg |
Source: TAPI32.dll.6.dr | Static PE information: section name: .upz |
Source: TAPI32.dll.6.dr | Static PE information: section name: .wxuh |
Source: TAPI32.dll.6.dr | Static PE information: section name: .fsdfq |
Source: TAPI32.dll.6.dr | Static PE information: section name: .xxlo |
Source: TAPI32.dll.6.dr | Static PE information: section name: .hcxtgl |
Source: TAPI32.dll.6.dr | Static PE information: section name: .owbx |
Source: TAPI32.dll.6.dr | Static PE information: section name: .phg |
Source: TAPI32.dll.6.dr | Static PE information: section name: .trmoj |
Source: TAPI32.dll.6.dr | Static PE information: section name: .zaixaf |
Source: TAPI32.dll.6.dr | Static PE information: section name: .myzf |
Source: TAPI32.dll.6.dr | Static PE information: section name: .shcm |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF6603239A0 SetFocus,LoadCursorW,SetCursor,DefWindowProcW,GetClientRect,IsIconic,memset,GetTitleBarInfo,GetCursorPos,SendMessageW, |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF66031F5A4 DefWindowProcW,IsIconic,GetClientRect,GetLastError,VariantClear,DefWindowProcW, |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF66039C560 GetWindowRect,IsWindow,IsIconic,GetSystemMetrics,GetSystemMetrics,GetWindowRect,PtInRect,PtInRect,SystemParametersInfoW,CopyRect,SetWindowPos, |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF66031CE48 IsIconic,GetWindowPlacement,GetLastError, |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF660319A6C IsIconic,GetWindowPlacement,GetWindowRect, |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF66031CF28 IsIconic,GetWindowPlacement,GetLastError,IsZoomed,SetWindowPlacement,GetLastError,SetWindowPos,SetWindowPos,GetClientRect,MoveWindow, |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF660321B44 lstrcmpW,LockWindowUpdate,IsIconic,GetWindowPlacement,GetWindowLongW,SetWindowLongW,SetWindowLongW,VariantInit,VariantClear,GetRgnBox,OffsetRgn,VariantClear,ShowWindow,SetWindowPos,SetWindowPos,SetWindowRgn,LockWindowUpdate, |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF660322F5C IsWindowVisible,IsIconic, |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF660322884 GetWindowRect,GetWindowLongW,GetWindowLongW,memset,CopyRect,IntersectRect,MoveWindow,IsIconic,memset,GetWindowPlacement, |
Source: C:\Users\user\AppData\Local\fJxx4Zu\mstsc.exe | Code function: 22_2_00007FF6603204F8 IsZoomed,IsIconic,EnableMenuItem,EnableMenuItem,EnableMenuItem,EnableMenuItem,EnableMenuItem,EnableMenuItem, |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: explorer.exe, 0000001C.00000003.478164779.0000000008602000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B1 |
Source: explorer.exe, 0000001C.00000002.789331719.0000000008516000.00000004.00000001.sdmp | Binary or memory string: VMware SATA CD00dRom0 |
Source: explorer.exe, 0000001C.00000002.787223635.00000000082AD000.00000004.00000001.sdmp | Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000 |
Source: explorer.exe, 0000001C.00000003.458285250.00000000085F9000.00000004.00000001.sdmp | Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D: |
Source: explorer.exe, 0000001C.00000003.468597864.0000000008588000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 0000001C.00000003.705432808.000000000EA41000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}GONSERV |
Source: explorer.exe, 0000001C.00000003.456622279.0000000006B27000.00000004.00000001.sdmp | Binary or memory string: k\\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}esgZ |
Source: explorer.exe, 0000001C.00000003.713931534.00000000082DC000.00000004.00000001.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 0000001C.00000003.456244015.0000000008516000.00000004.00000001.sdmp | Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000 |
Source: explorer.exe, 00000006.00000000.252365474.00000000011B3000.00000004.00000020.sdmp | Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000tft\0 |
Source: explorer.exe, 00000006.00000000.285201603.00000000089B5000.00000004.00000001.sdmp | Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000002 |
Source: explorer.exe, 0000001C.00000002.799922387.000000000EA40000.00000004.00000001.sdmp | Binary or memory string: #{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f |
Source: explorer.exe, 0000001C.00000002.787223635.00000000082AD000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}indows.Cortana_cw5n1h2txyewB |
Source: explorer.exe, 0000001C.00000003.458285250.00000000085F9000.00000004.00000001.sdmp | Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D:& |
Source: explorer.exe, 0000001C.00000002.799922387.000000000EA40000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}U |
Source: explorer.exe, 0000001C.00000003.705432808.000000000EA41000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}I |
Source: explorer.exe, 0000001C.00000003.707657930.00000000082D2000.00000004.00000001.sdmp | Binary or memory string: 0000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B |
Source: explorer.exe, 0000001C.00000003.478182163.0000000008605000.00000004.00000001.sdmp | Binary or memory string: 63}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 0000001C.00000003.713931534.00000000082DC000.00000004.00000001.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}e`~ |
Source: explorer.exe, 00000006.00000000.285663277.0000000008A9D000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}:: |
Source: explorer.exe, 0000001C.00000003.411015605.0000000006AFC000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}escriptionGIf p |
Source: explorer.exe, 0000001C.00000003.466074498.0000000008456000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"" |
Source: explorer.exe, 00000006.00000000.285201603.00000000089B5000.00000004.00000001.sdmp | Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000% |
Source: explorer.exe, 0000001C.00000003.707002128.0000000006A87000.00000004.00000001.sdmp | Binary or memory string: \?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}< |
Source: explorer.exe, 0000001C.00000003.713931534.00000000082DC000.00000004.00000001.sdmp | Binary or memory string: VMware SATA CD00dh |
Source: explorer.exe, 0000001C.00000003.709433811.00000000082D3000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Local |
Source: explorer.exe, 0000001C.00000003.477096819.0000000008594000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} 032: "33" |
Source: explorer.exe, 0000001C.00000003.469308444.0000000008453000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Bx |
Source: explorer.exe, 0000001C.00000003.713931534.00000000082DC000.00000004.00000001.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}e |
Source: explorer.exe, 0000001C.00000002.799922387.000000000EA40000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}* |
Source: explorer.exe, 0000001C.00000003.705969758.00000000085F9000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Bj |
Source: explorer.exe, 0000001C.00000003.707657930.00000000082D2000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B |
Source: explorer.exe, 0000001C.00000003.467430701.0000000008458000.00000004.00000001.sdmp | Binary or memory string: 00000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"" |
Source: explorer.exe, 0000001C.00000003.459210102.0000000006B27000.00000004.00000001.sdmp | Binary or memory string: k\\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 0000001C.00000003.477081008.0000000008589000.00000004.00000001.sdmp | Binary or memory string: 806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf- |
Source: explorer.exe, 0000001C.00000003.707657930.00000000082D2000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}BC_C |
Source: explorer.exe, 0000001C.00000003.477013843.00000000085F9000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Bg |
Source: explorer.exe, 0000001C.00000003.707591229.000000000EA9C000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G |
Source: explorer.exe, 0000001C.00000003.459210102.0000000006B27000.00000004.00000001.sdmp | Binary or memory string: k\\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}9:b |
Source: explorer.exe, 0000001C.00000003.707657930.00000000082D2000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}BY |
Source: explorer.exe, 0000001C.00000003.708597221.0000000006B78000.00000004.00000001.sdmp | Binary or memory string: 2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B |
Source: explorer.exe, 0000001C.00000003.468687386.0000000008450000.00000004.00000001.sdmp | Binary or memory string: 11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f563q |
Source: explorer.exe, 0000001C.00000002.783735126.0000000006A87000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}< |
Source: explorer.exe, 0000001C.00000003.713873275.0000000006B7A000.00000004.00000001.sdmp | Binary or memory string: #{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 0000001C.00000003.478451454.0000000008602000.00000004.00000001.sdmp | Binary or memory string: 11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Bj |
Source: explorer.exe, 0000001C.00000003.707566012.000000000EA94000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}@ |
Source: explorer.exe, 0000001C.00000003.705432808.000000000EA41000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}lesPSM |
Source: explorer.exe, 0000001C.00000003.455188887.00000000084EE000.00000004.00000001.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 0000001C.00000003.705432808.000000000EA41000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ProgramN |
Source: explorer.exe, 0000001C.00000003.705432808.000000000EA41000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ows\Sys |
Source: explorer.exe, 00000006.00000000.255467881.00000000053C4000.00000004.00000001.sdmp | Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>'R\" |
Source: explorer.exe, 0000001C.00000003.466988755.00000000085F9000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B| |
Source: explorer.exe, 0000001C.00000003.705432808.000000000EA41000.00000004.00000001.sdmp | Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}am File |
Source: explorer.exe, 0000001C.00000002.787930036.00000000083C3000.00000004.00000001.sdmp | Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000 |