Source: 19.0.rundll32.exe.754756.4.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 18.0.rundll32.exe.4764756.4.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 19.2.rundll32.exe.5b0000.0.unpack |
Avira: Label: TR/ATRAPS.Gen2 |
Source: 19.0.rundll32.exe.5b0000.0.unpack |
Avira: Label: TR/ATRAPS.Gen2 |
Source: 17.0.rundll32.exe.4af4756.1.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 17.2.rundll32.exe.f70000.0.unpack |
Avira: Label: TR/ATRAPS.Gen2 |
Source: 3.0.rundll32.exe.4df4756.4.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 0.2.loaddll32.exe.1250000.0.unpack |
Avira: Label: TR/ATRAPS.Gen2 |
Source: 3.0.rundll32.exe.3300000.0.unpack |
Avira: Label: TR/ATRAPS.Gen2 |
Source: 14.2.rundll32.exe.3464756.1.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 19.0.rundll32.exe.754756.1.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 19.0.rundll32.exe.5b0000.3.unpack |
Avira: Label: TR/ATRAPS.Gen2 |
Source: 18.0.rundll32.exe.4764756.1.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 18.2.rundll32.exe.c00000.0.unpack |
Avira: Label: TR/ATRAPS.Gen2 |
Source: 17.0.rundll32.exe.f70000.3.unpack |
Avira: Label: TR/ATRAPS.Gen2 |
Source: 3.0.rundll32.exe.3300000.3.unpack |
Avira: Label: TR/ATRAPS.Gen2 |
Source: 19.2.rundll32.exe.754756.1.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 4.2.rundll32.exe.e94756.1.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 18.2.rundll32.exe.4764756.1.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 16.0.rundll32.exe.b20000.3.unpack |
Avira: Label: TR/ATRAPS.Gen2 |
Source: 17.0.rundll32.exe.f70000.0.unpack |
Avira: Label: TR/ATRAPS.Gen2 |
Source: 16.0.rundll32.exe.b20000.0.unpack |
Avira: Label: TR/ATRAPS.Gen2 |
Source: 4.2.rundll32.exe.bd0000.0.unpack |
Avira: Label: TR/ATRAPS.Gen2 |
Source: 0.2.loaddll32.exe.15e4756.1.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 16.0.rundll32.exe.1144756.1.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 17.2.rundll32.exe.4af4756.1.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 3.0.rundll32.exe.4df4756.1.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 18.0.rundll32.exe.c00000.3.unpack |
Avira: Label: TR/ATRAPS.Gen2 |
Source: 17.0.rundll32.exe.4af4756.4.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 18.0.rundll32.exe.c00000.0.unpack |
Avira: Label: TR/ATRAPS.Gen2 |
Source: 14.2.rundll32.exe.fc0000.0.unpack |
Avira: Label: TR/ATRAPS.Gen2 |
Source: 16.0.rundll32.exe.1144756.4.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: |
Binary string: rpidebbfll.pdb source: SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll |
Source: |
Binary string: wntdll.pdbUGP source: rundll32.exe, 00000004.00000003.352818755.000000004B280000.00000004.00000001.sdmp, rundll32.exe, 0000000E.00000003.595500849.000000004B280000.00000004.00000001.sdmp |
Source: |
Binary string: wntdll.pdb source: rundll32.exe, 00000004.00000003.352818755.000000004B280000.00000004.00000001.sdmp, rundll32.exe, 0000000E.00000003.595500849.000000004B280000.00000004.00000001.sdmp |
Source: loaddll32.exe, 00000000.00000002.648422509.000000006ED0F000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.372865791.000000006ED0F000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.649740233.000000006ED0F000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000002.650585460.000000006ED0F000.00000002.00020000.sdmp, rundll32.exe, 00000010.00000000.600585830.000000006ED0F000.00000002.00020000.sdmp, rundll32.exe, 00000011.00000000.614963241.000000006ED0F000.00000002.00020000.sdmp, rundll32.exe, 00000012.00000000.640010436.000000006ED0F000.00000002.00020000.sdmp, rundll32.exe, 00000013.00000000.640637691.000000006ED0F000.00000002.00020000.sdmp |
String found in binary or memory: http://www.vomfass.deDVarFileInfo$ |
Source: Yara match |
File source: 17.0.rundll32.exe.6ecf0000.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 19.0.rundll32.exe.6ecf0000.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.rundll32.exe.6ecf0000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 18.2.rundll32.exe.6ecf0000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 19.2.rundll32.exe.6ecf0000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.rundll32.exe.6ecf0000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.0.rundll32.exe.6ecf0000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.loaddll32.exe.6ecf0000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 18.0.rundll32.exe.6ecf0000.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.0.rundll32.exe.6ecf0000.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 18.0.rundll32.exe.6ecf0000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.rundll32.exe.6ecf0000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.0.rundll32.exe.6ecf0000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.0.rundll32.exe.6ecf0000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 19.0.rundll32.exe.6ecf0000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0000000E.00000002.650424736.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000013.00000000.633029380.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.647984137.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000012.00000000.639692678.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000000.372154068.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000010.00000000.609752932.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000012.00000002.647602284.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000013.00000000.640582271.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000013.00000002.648668483.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.649606375.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000011.00000002.646115407.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000011.00000000.614518127.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000010.00000000.600008382.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000012.00000000.631903118.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000011.00000000.600571038.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED00754 |
0_2_6ED00754 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED09348 |
0_2_6ED09348 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ECF1494 |
0_2_6ECF1494 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ECF846C |
0_2_6ECF846C |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED01460 |
0_2_6ED01460 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED01D58 |
0_2_6ED01D58 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ECFA52C |
0_2_6ECFA52C |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ECF90CC |
0_2_6ECF90CC |
Source: unknown |
Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll' |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll',#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll,FFRgpmdlwwWde |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll',#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll',CheckTrust |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll',DllCanUnloadNow |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll',DllGetClassObject |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll',DownloadFile |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll',GetICifFileFromFile |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 664 |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 664 |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 664 |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 664 |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 664 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll',#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll,FFRgpmdlwwWde |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll',CheckTrust |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll',DllCanUnloadNow |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll',DllGetClassObject |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll',DownloadFile |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll',GetICifFileFromFile |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll',#1 |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 664 |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 664 |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 664 |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6120 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5964 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2212 |
Source: |
Binary string: rpidebbfll.pdb source: SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll |
Source: |
Binary string: wntdll.pdbUGP source: rundll32.exe, 00000004.00000003.352818755.000000004B280000.00000004.00000001.sdmp, rundll32.exe, 0000000E.00000003.595500849.000000004B280000.00000004.00000001.sdmp |
Source: |
Binary string: wntdll.pdb source: rundll32.exe, 00000004.00000003.352818755.000000004B280000.00000004.00000001.sdmp, rundll32.exe, 0000000E.00000003.595500849.000000004B280000.00000004.00000001.sdmp |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Last function: Thread delayed |
Source: C:\Windows\SysWOW64\rundll32.exe |
Last function: Thread delayed |
Source: C:\Windows\SysWOW64\rundll32.exe |
Last function: Thread delayed |
Source: C:\Windows\SysWOW64\rundll32.exe |
Last function: Thread delayed |
Source: C:\Windows\SysWOW64\rundll32.exe |
Last function: Thread delayed |
Source: WERD744.tmp.WERInternalMetadata.xml.29.dr |
Binary or memory string: <SystemManufacturer>VMware, Inc.</SystemManufacturer> |
Source: WERDCC3.tmp.xml.29.dr |
Binary or memory string: <arg nm="syspro" val="VMware7,1" /> |
Source: WERD744.tmp.WERInternalMetadata.xml.29.dr |
Binary or memory string: <SystemProductName>VMware7,1</SystemProductName> |
Source: WERDCC3.tmp.xml.29.dr |
Binary or memory string: <arg nm="sysmfg" val="VMware, Inc." /> |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ECF6D50 GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
0_2_6ECF6D50 |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Drixed-FJXE53A16BEA791.13728.dll',#1 |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 664 |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 664 |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 664 |
Jump to behavior |
Source: loaddll32.exe, 00000000.00000002.646808145.00000000019A0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.362283972.0000000003910000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.648957709.0000000003410000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000002.649564710.00000000039E0000.00000002.00020000.sdmp, rundll32.exe, 00000010.00000000.596800440.0000000003280000.00000002.00020000.sdmp, rundll32.exe, 00000011.00000000.590761143.0000000003610000.00000002.00020000.sdmp, rundll32.exe, 00000012.00000000.637219700.0000000003280000.00000002.00020000.sdmp, rundll32.exe, 00000013.00000000.632972734.0000000003280000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: loaddll32.exe, 00000000.00000002.646808145.00000000019A0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.362283972.0000000003910000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.648957709.0000000003410000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000002.649564710.00000000039E0000.00000002.00020000.sdmp, rundll32.exe, 00000010.00000000.596800440.0000000003280000.00000002.00020000.sdmp, rundll32.exe, 00000011.00000000.590761143.0000000003610000.00000002.00020000.sdmp, rundll32.exe, 00000012.00000000.637219700.0000000003280000.00000002.00020000.sdmp, rundll32.exe, 00000013.00000000.632972734.0000000003280000.00000002.00020000.sdmp |
Binary or memory string: Progman |
Source: loaddll32.exe, 00000000.00000002.646808145.00000000019A0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.362283972.0000000003910000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.648957709.0000000003410000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000002.649564710.00000000039E0000.00000002.00020000.sdmp, rundll32.exe, 00000010.00000000.596800440.0000000003280000.00000002.00020000.sdmp, rundll32.exe, 00000011.00000000.590761143.0000000003610000.00000002.00020000.sdmp, rundll32.exe, 00000012.00000000.637219700.0000000003280000.00000002.00020000.sdmp, rundll32.exe, 00000013.00000000.632972734.0000000003280000.00000002.00020000.sdmp |
Binary or memory string: SProgram Managerl |
Source: loaddll32.exe, 00000000.00000002.646808145.00000000019A0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.362283972.0000000003910000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.648957709.0000000003410000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000002.649564710.00000000039E0000.00000002.00020000.sdmp, rundll32.exe, 00000010.00000000.596800440.0000000003280000.00000002.00020000.sdmp, rundll32.exe, 00000011.00000000.590761143.0000000003610000.00000002.00020000.sdmp, rundll32.exe, 00000012.00000000.637219700.0000000003280000.00000002.00020000.sdmp, rundll32.exe, 00000013.00000000.632972734.0000000003280000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd, |
Source: loaddll32.exe, 00000000.00000002.646808145.00000000019A0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.362283972.0000000003910000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.648957709.0000000003410000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000002.649564710.00000000039E0000.00000002.00020000.sdmp, rundll32.exe, 00000010.00000000.596800440.0000000003280000.00000002.00020000.sdmp, rundll32.exe, 00000011.00000000.590761143.0000000003610000.00000002.00020000.sdmp, rundll32.exe, 00000012.00000000.637219700.0000000003280000.00000002.00020000.sdmp, rundll32.exe, 00000013.00000000.632972734.0000000003280000.00000002.00020000.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Windows\System32\loaddll32.exe |
Code function: GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
0_2_6ECF6D50 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ECF6D50 GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
0_2_6ECF6D50 |