Source: 14.0.rundll32.exe.4dc4756.4.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 1.2.loaddll32.exe.1150000.0.unpack | Avira: Label: TR/ATRAPS.Gen2 |
Source: 4.2.rundll32.exe.4094756.1.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 13.0.rundll32.exe.970000.3.unpack | Avira: Label: TR/ATRAPS.Gen2 |
Source: 12.0.rundll32.exe.680000.3.unpack | Avira: Label: TR/ATRAPS.Gen2 |
Source: 13.2.rundll32.exe.970000.0.unpack | Avira: Label: TR/ATRAPS.Gen2 |
Source: 10.2.rundll32.exe.3300000.0.unpack | Avira: Label: TR/ATRAPS.Gen2 |
Source: 14.2.rundll32.exe.4dc4756.1.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 4.2.rundll32.exe.520000.0.unpack | Avira: Label: TR/ATRAPS.Gen2 |
Source: 3.0.rundll32.exe.4224756.4.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 13.0.rundll32.exe.4444756.1.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 14.0.rundll32.exe.4dc4756.1.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 1.2.loaddll32.exe.1984756.1.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 11.0.rundll32.exe.46c4756.4.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 12.0.rundll32.exe.4224756.4.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 14.2.rundll32.exe.32d0000.0.unpack | Avira: Label: TR/ATRAPS.Gen2 |
Source: 11.0.rundll32.exe.29d0000.0.unpack | Avira: Label: TR/ATRAPS.Gen2 |
Source: 3.0.rundll32.exe.4224756.1.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 10.2.rundll32.exe.34e4756.1.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 11.0.rundll32.exe.46c4756.1.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 14.0.rundll32.exe.32d0000.0.unpack | Avira: Label: TR/ATRAPS.Gen2 |
Source: 13.0.rundll32.exe.4444756.4.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 3.0.rundll32.exe.380000.3.unpack | Avira: Label: TR/ATRAPS.Gen2 |
Source: 3.0.rundll32.exe.380000.0.unpack | Avira: Label: TR/ATRAPS.Gen2 |
Source: 12.0.rundll32.exe.680000.0.unpack | Avira: Label: TR/ATRAPS.Gen2 |
Source: 13.0.rundll32.exe.970000.0.unpack | Avira: Label: TR/ATRAPS.Gen2 |
Source: 14.0.rundll32.exe.32d0000.3.unpack | Avira: Label: TR/ATRAPS.Gen2 |
Source: 13.2.rundll32.exe.4444756.1.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 12.0.rundll32.exe.4224756.1.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 3.2.rundll32.exe.4224756.1.unpack | Avira: Label: TR/Patched.Ren.Gen |
Source: 11.0.rundll32.exe.29d0000.3.unpack | Avira: Label: TR/ATRAPS.Gen2 |
Source: 3.2.rundll32.exe.380000.0.unpack | Avira: Label: TR/ATRAPS.Gen2 |
Source: Yara match | File source: 12.0.rundll32.exe.6e450000.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.loaddll32.exe.6e450000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.0.rundll32.exe.6e450000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.rundll32.exe.6e450000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.0.rundll32.exe.6e450000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.6e450000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.rundll32.exe.6e450000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.0.rundll32.exe.6e450000.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.0.rundll32.exe.6e450000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.0.rundll32.exe.6e450000.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.rundll32.exe.6e450000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.6e450000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.rundll32.exe.6e450000.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.6e450000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.0.rundll32.exe.6e450000.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0000000E.00000000.1030167993.000000006E451000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000002.1066648413.000000006E451000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.1067915217.000000006E451000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.1024777204.000000006E451000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000B.00000000.1024816272.000000006E451000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.796812313.000000006E451000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.790073865.000000006E451000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000000.1033354874.000000006E451000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.1067406147.000000006E451000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000E.00000000.1036672572.000000006E451000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000000.1035590631.000000006E451000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000B.00000000.1019031495.000000006E451000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.1019345753.000000006E451000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.1068220487.000000006E451000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000E.00000002.1068071646.000000006E451000.00000020.00020000.sdmp, type: MEMORY |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll' | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll',#1 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll,FFRgpmdlwwWde | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll',#1 | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 804 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll',CheckTrust | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll',DllCanUnloadNow | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll',DllGetClassObject | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll',DownloadFile | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll',GetICifFileFromFile | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 664 | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 664 | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 664 | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 664 | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 664 | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 664 | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 664 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll',#1 | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll,FFRgpmdlwwWde | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll',CheckTrust | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll',DllCanUnloadNow | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll',DllGetClassObject | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll',DownloadFile | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll',GetICifFileFromFile | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXEDADFD868F1D.21569.dll',#1 | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 664 | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 664 | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 664 | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: WER45F.tmp.WERInternalMetadata.xml.24.dr | Binary or memory string: <SystemManufacturer>VMware, Inc.</SystemManufacturer> |
Source: Amcache.hve.9.dr | Binary or memory string: VMware |
Source: Amcache.hve.9.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000 |
Source: Amcache.hve.9.dr | Binary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000 |
Source: Amcache.hve.9.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.9.dr | Binary or memory string: VMware-42 35 9c fb 73 fa 4e 1b-fb a4 60 e7 7b e5 4a ed |
Source: Amcache.hve.9.dr | Binary or memory string: VMware, Inc. |
Source: WER45F.tmp.WERInternalMetadata.xml.24.dr | Binary or memory string: <SystemProductName>VMware7,1</SystemProductName> |
Source: Amcache.hve.9.dr | Binary or memory string: VMware Virtual disk SCSI Disk Devicehbin |
Source: Amcache.hve.9.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.9.dr | Binary or memory string: VMware7,1 |
Source: Amcache.hve.9.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.9.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.9.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: WerFault.exe, 00000017.00000002.1067853566.00000000047AD000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.9.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.9.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.9.dr | Binary or memory string: VMware, Inc.me |
Source: Amcache.hve.9.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000 |
Source: Amcache.hve.9.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000 |
Source: loaddll32.exe, 00000001.00000002.1067675169.0000000001D40000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.795147539.0000000002D40000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.1065615719.0000000002BB0000.00000002.00020000.sdmp, rundll32.exe, 0000000A.00000002.1066616696.00000000038B0000.00000002.00020000.sdmp, rundll32.exe, 0000000B.00000000.1023520294.00000000031E0000.00000002.00020000.sdmp, rundll32.exe, 0000000C.00000000.1019000448.0000000002D40000.00000002.00020000.sdmp, rundll32.exe, 0000000D.00000002.1064222966.0000000002F60000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000000.1032772643.00000000038E0000.00000002.00020000.sdmp | Binary or memory string: Program Manager |
Source: loaddll32.exe, 00000001.00000002.1067675169.0000000001D40000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.795147539.0000000002D40000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.1065615719.0000000002BB0000.00000002.00020000.sdmp, rundll32.exe, 0000000A.00000002.1066616696.00000000038B0000.00000002.00020000.sdmp, rundll32.exe, 0000000B.00000000.1023520294.00000000031E0000.00000002.00020000.sdmp, rundll32.exe, 0000000C.00000000.1019000448.0000000002D40000.00000002.00020000.sdmp, rundll32.exe, 0000000D.00000002.1064222966.0000000002F60000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000000.1032772643.00000000038E0000.00000002.00020000.sdmp | Binary or memory string: Shell_TrayWnd |
Source: loaddll32.exe, 00000001.00000002.1067675169.0000000001D40000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.795147539.0000000002D40000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.1065615719.0000000002BB0000.00000002.00020000.sdmp, rundll32.exe, 0000000A.00000002.1066616696.00000000038B0000.00000002.00020000.sdmp, rundll32.exe, 0000000B.00000000.1023520294.00000000031E0000.00000002.00020000.sdmp, rundll32.exe, 0000000C.00000000.1019000448.0000000002D40000.00000002.00020000.sdmp, rundll32.exe, 0000000D.00000002.1064222966.0000000002F60000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000000.1032772643.00000000038E0000.00000002.00020000.sdmp | Binary or memory string: Progman |
Source: loaddll32.exe, 00000001.00000002.1067675169.0000000001D40000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.795147539.0000000002D40000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.1065615719.0000000002BB0000.00000002.00020000.sdmp, rundll32.exe, 0000000A.00000002.1066616696.00000000038B0000.00000002.00020000.sdmp, rundll32.exe, 0000000B.00000000.1023520294.00000000031E0000.00000002.00020000.sdmp, rundll32.exe, 0000000C.00000000.1019000448.0000000002D40000.00000002.00020000.sdmp, rundll32.exe, 0000000D.00000002.1064222966.0000000002F60000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000000.1032772643.00000000038E0000.00000002.00020000.sdmp | Binary or memory string: Progmanlock |