Source: | Binary string: ws2_32.pdb;. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdbq. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000006.00000003.268112270.0000000004C5D000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.269479129.0000000004C5D000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.269438809.0000000002E16000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.268022167.0000000002E16000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.269822443.0000000004C5E000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.273891782.0000000004C5E000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: loaddll32.exe, 00000000.00000003.266556290.000000004B280000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.268157671.0000000002E10000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.269628951.0000000002E10000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: dwmapi.pdbD; source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000006.00000003.268035308.0000000002E1C000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.269053101.0000000002E1C000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.268187692.0000000002E1C000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdbk. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdbg. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: RFFGTEQ.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.4295.dll |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 00000006.00000003.268157671.0000000002E10000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.269628951.0000000002E10000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdbS. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: ws2_32.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdbU. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdbUGP source: loaddll32.exe, 00000000.00000003.266556290.000000004B280000.00000004.00000001.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdbc source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdb=. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdbO. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdbY. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdbm. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000006.00000003.268035308.0000000002E1C000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.269053101.0000000002E1C000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.268187692.0000000002E1C000.00000004.00000001.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000006.00000003.269438809.0000000002E16000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.268022167.0000000002E16000.00000004.00000001.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdbA. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: Yara match | File source: 2.0.rundll32.exe.6e830000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.6e830000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.6e830000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.rundll32.exe.6e830000.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000002.00000000.263879217.000000006E831000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.654367413.000000006E831000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.303178231.000000006E831000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000000.261899992.000000006E831000.00000020.00020000.sdmp, type: MEMORY |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E840730 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E849370 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E831494 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E83A4E8 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E838428 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E84143C |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.4295.dll" |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.4295.dll",#1 |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.4295.dll",#1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 684 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.4295.dll",#1 |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.4295.dll",#1 |
Source: | Binary string: ws2_32.pdb;. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdbq. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000006.00000003.268112270.0000000004C5D000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.269479129.0000000004C5D000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.269438809.0000000002E16000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.268022167.0000000002E16000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.269822443.0000000004C5E000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.273891782.0000000004C5E000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: loaddll32.exe, 00000000.00000003.266556290.000000004B280000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.268157671.0000000002E10000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.269628951.0000000002E10000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: dwmapi.pdbD; source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000006.00000003.268035308.0000000002E1C000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.269053101.0000000002E1C000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.268187692.0000000002E1C000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdbk. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdbg. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: RFFGTEQ.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.4295.dll |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 00000006.00000003.268157671.0000000002E10000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.269628951.0000000002E10000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdbS. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: ws2_32.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdbU. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdbUGP source: loaddll32.exe, 00000000.00000003.266556290.000000004B280000.00000004.00000001.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdbc source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdb=. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdbO. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdbY. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdbm. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000006.00000003.268035308.0000000002E1C000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.269053101.0000000002E1C000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.268187692.0000000002E1C000.00000004.00000001.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000006.00000003.273937807.0000000004F70000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000006.00000003.269438809.0000000002E16000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.268022167.0000000002E16000.00000004.00000001.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdbA. source: WerFault.exe, 00000006.00000003.273943910.0000000004F76000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000006.00000003.273931070.0000000004FA1000.00000004.00000001.sdmp |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: Amcache.hve.6.dr | Binary or memory string: VMware |
Source: Amcache.hve.6.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000 |
Source: WerFault.exe, 00000006.00000002.300730624.0000000004D80000.00000004.00000001.sdmp | Binary or memory string: b22QUZ75IJ0oxf8uXs8ORQTXAigDL/YBgFxxlWW337gwFSpqRrW7Dm/pkMMyleiJcRpTb5Kjzq0y7BPtkA4ocCKlrIQ7Va2TuRRwF3k5ASuviPY9IvyzzFOX/TfTx3gYkP0gwxQvUFe2WOzL30PIraXbKi9hRCAf5GAeXP2C/9FmM1rIsqMJ/apH69q14qvL9DHMOHe6fJGyUCWWVmnO5Hx1tnBmQMBjYtV4/5Mh63P6WDNc4OGdKTWUA/JWZrCq5UW5c882LNEa0BiwQjUDZgAACN/Vp1vg4nFTiAG4Lg5QwFRZaKsCfv4AgLKfm7J9ObZmFxjfl4duRxk4nY/MJzFhGFSe7ubN/TpYPRjQ3lmszvxiBiRiCAO+CbX115XXe9ZLwr3hY3t7Bef5AiNuwmZXUfpjY4Cfho5lgDEHHH4plkDQ7UFtGZ24pKrQRdcPmcCZH58oSw3HEyDJJ7+eLgNKAAyAhn53zud4F+84JwS07NF43VwxynI5fr9AOiNXikdtd2J60pExA7yxO+5Sz19bZt9MS5ScJzfC5G2kngfkEL0Evm7f1+aA5+KIXGqOzoSoR1RHE7CceBIlKiuIz3cZdB4GZ2JiTF5+ZrQ46aLGtIPpLWEGhIJdSz64r5A1N47484WaWlGEIHCvjbysSrvrKBF+OxIZhy6Zi/TbMuuIT/kPQ1IvYZfTstWnF1BeTbh19zuQIyrKkowCpMuMMyhvU4OGWllsNUOTJpSuKD79LekJTH00kiZ/xyJ7v5mHgd4PanmPE+7R7gg0wq6zMycNrgRe98aqXOvFQHvLO8XpmoeCyrYB&p=<WlidToken><Version>1.0</Version><Type>0</Type><AuthorizationToken><Flags>0</Flags><Ticket Type="urn:passport:compact">t=EwC4AlN5BAAUfXuGwOqhW7gpJJ36LAbhOJHjZ2kAAfy20W7WGr2H1Dd3s1L4CyDOlJhVjZKa310V3lmO8QvaAXeY4EeGZSzjy6P/rXiwk3ipb22QUZ75IJ0oxf8uXs8ORQTXAigDL/YBgFxxlWW337gwFSpqRrW7Dm/pkMMyleiJcRpTb5Kjzq0y7BPtkA4ocCKlrIQ7Va2TuRRwF3k5ASuviPY9IvyzzFOX/TfTx3gYkP0gwxQvUFe2WOzL30PIraXbKi9hRCAf5GAeXP2C/9FmM1rIsqMJ/apH69q14qvL9DHMOHe6fJGyUCWWVmnO5Hx1tnBmQMBjYtV4/5Mh63P6WDNc4OGdKTWUA/JWZrCq5UW5c882LNEa0BiwQjUDZgAACN/Vp1vg4nFTiAG4Lg5QwFRZaKsCfv4AgLKfm7J9ObZmFxjfl4duRxk4nY/MJzFhGFSe7ubN/TpYPRjQ3lmszvxiBiRiCAO+CbX115XXe9ZLwr3hY3t7Bef5AiNuwmZXUfpjY4Cfho5lgDEHHH4plkDQ7UFtGZ24pKrQRdcPmcCZH58oSw3HEyDJJ7+eLgNKAAyAhn53zud4F+84JwS07NF43VwxynI5fr9AOiNXikdtd2J60pExA7yxO+5Sz19bZt9MS5ScJzfC5G2kngfkEL0Evm7f1+aA5+KIXGqOzoSoR1RHE7CceBIlKiuIz3cZdB4GZ2JiTF5+ZrQ46aLGtIPpLWEGhIJdSz64r5A1N47484WaWlGEIHCvjbysSrvrKBF+OxIZhy6Zi/TbMuuIT/kPQ1IvYZfTstWnF1BeTbh19zuQIyrKkowCpMuMMyhvU4OGWllsNUOTJpSuKD79LekJTH00kiZ/xyJ7v5mHgd4PanmPE+7R7gg0wq6zMycNrgRe98aqXOvFQHvLO8XpmoeCyrYB&p=</Ticket></AuthorizationToken></WlidToken> |
Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.6.dr | Binary or memory string: VMware, Inc. |
Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual disk SCSI Disk Devicehbin |
Source: WerFault.exe, 00000006.00000002.300730624.0000000004D80000.00000004.00000001.sdmp | Binary or memory string: t=EwC4AlN5BAAUfXuGwOqhW7gpJJ36LAbhOJHjZ2kAAfy20W7WGr2H1Dd3s1L4CyDOlJhVjZKa310V3lmO8QvaAXeY4EeGZSzjy6P/rXiwk3ipb22QUZ75IJ0oxf8uXs8ORQTXAigDL/YBgFxxlWW337gwFSpqRrW7Dm/pkMMyleiJcRpTb5Kjzq0y7BPtkA4ocCKlrIQ7Va2TuRRwF3k5ASuviPY9IvyzzFOX/TfTx3gYkP0gwxQvUFe2WOzL30PIraXbKi9hRCAf5GAeXP2C/9FmM1rIsqMJ/apH69q14qvL9DHMOHe6fJGyUCWWVmnO5Hx1tnBmQMBjYtV4/5Mh63P6WDNc4OGdKTWUA/JWZrCq5UW5c882LNEa0BiwQjUDZgAACN/Vp1vg4nFTiAG4Lg5QwFRZaKsCfv4AgLKfm7J9ObZmFxjfl4duRxk4nY/MJzFhGFSe7ubN/TpYPRjQ3lmszvxiBiRiCAO+CbX115XXe9ZLwr3hY3t7Bef5AiNuwmZXUfpjY4Cfho5lgDEHHH4plkDQ7UFtGZ24pKrQRdcPmcCZH58oSw3HEyDJJ7+eLgNKAAyAhn53zud4F+84JwS07NF43VwxynI5fr9AOiNXikdtd2J60pExA7yxO+5Sz19bZt9MS5ScJzfC5G2kngfkEL0Evm7f1+aA5+KIXGqOzoSoR1RHE7CceBIlKiuIz3cZdB4GZ2JiTF5+ZrQ46aLGtIPpLWEGhIJdSz64r5A1N47484WaWlGEIHCvjbysSrvrKBF+OxIZhy6Zi/TbMuuIT/kPQ1IvYZfTstWnF1BeTbh19zuQIyrKkowCpMuMMyhvU4OGWllsNUOTJpSuKD79LekJTH00kiZ/xyJ7v5mHgd4PanmPE+7R7gg0wq6zMycNrgRe98aqXOvFQHvLO8XpmoeCyrYB&p=''https://watson.telemetry.microsoft.com |
Source: WerFault.exe, 00000006.00000002.300618449.0000000004BA0000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.298385587.0000000004B9D000.00000004.00000001.sdmp | Binary or memory string: gpJJ36LAbhOJHjZ2kAAfy20W7WGr2H1Dd3s1L4CyDOlJhVjZKa310V3lmO8QvaAXeY4EeGZSzjy6P/rXiwk3ipb22QUZ75IJ0oxf8uXs8ORQTXAigDL/YBgFxxlWW337gwFSpqRrW7Dm/pkMMyleiJcRpTb5Kjzq0y7BPtkA4ocCKlrIQ7Va2TuRRwF3k5ASuviPY9IvyzzFOX/TfTx3gYkP0gwxQvUFe2WOzL30PIraXbKi9hRCAf5GAeXP2C/9FmM1rIsqMJ/apH69q14qvL9DHMOHe6fJGyUCWWVmnO5Hx1tnBmQMBjYtV4/5Mh63P6WDNc4OGdKTWUA/JWZrCq5UW5c882LNEa0BiwQjUDZgAACN/Vp1vg4nFTiAG4Lg5QwFRZaKsCfv4AgLKfm7J9ObZmFxjfl4duRxk4nY/MJzFhGFSe7ubN/TpYPRjQ3lmszvxiBiRiCAO+CbX115XXe9ZLwr3hY3t7Bef5AiNuwmZXUfpjY4Cfho5lgDEHHH4plkDQ7UFtGZ24pKrQRdcPmcCZH58oSw3HEyDJJ7+eLgNKAAyAhn53zud4F+84JwS07NF43VwxynI5fr9AOiNXikdtd2J60pExA7yxO+5Sz19bZt9MS5ScJzfC5G2kngfkEL0Evm7f1+aA5+KIXGqOzoSoR1RHE7CceBIlKiuIz3cZdB4GZ2JiTF5+ZrQ46aLGtIPpLWEGhIJdSz64r5A1N47484WaWlGEIHCvjbysSrvrKBF+OxIZhy6Zi/TbMuuIT/kPQ1IvYZfTstWnF1BeTbh19zuQIyrKkowCpMuMMyhvU4OGWllsNUOTJpSuKD79LekJTH00kiZ/xyJ7v5mHgd4PanmPE+7R7gg0wq6zMycNrgRe98aqXOvFQHvLO8XpmoeCyrYB&p= |
Source: WerFault.exe, 00000006.00000003.299584345.0000000004F50000.00000004.00000001.sdmp | Binary or memory string: e6fJGyUCWWVmnO5Hx1tnBmQMBjYtV4/5Mh63P6WDNc4OGdKTWUA/JWZrCq5UW5c882LNEa0BiwQjUDZgAACN/Vp1vg4nFTiAG4Lg5QwFRZaKsCfv4AgLKfm7J9ObZmFxjfl4duRxk4nY/MJzFhGFSe7ubN/TpYPRjQ3lmszvxiBiRiCAO+CbX115XXe9ZLwr3hY3t7Bef5AiNuwmZXUfpjY4Cfho5lgDEHHH4plkDQ7UFtGZ24pKrQRdcPmcCZH58oSw3HEyDJJ7+eLgNKAAyAhn53zud4F+84JwS07NF43VwxynI5fr9AOiNXikdtd2J60pExA7yxO+5Sz19bZt9Mx ;T6 |
Source: WerFault.exe, 00000006.00000002.300707776.0000000004C56000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.298409389.0000000004BB3000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.298362110.0000000004C56000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000002.300642542.0000000004BB3000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.298135731.0000000004C56000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW |
Source: WerFault.exe, 00000006.00000002.300618449.0000000004BA0000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.298385587.0000000004B9D000.00000004.00000001.sdmp | Binary or memory string: gpJJ36LAbhOJHjZ2kAAfy20W7WGr2H1Dd3s1L4CyDOlJhVjZKa310V3lmO8QvaAXeY4EeGZSzjy6P/rXiwk3ipb22QUZ75IJ0oxf8uXs8ORQTXAigDL/YBgFxxlWW337gwFSpqRrW7Dm/pkMMyleiJcRpTb5Kjzq0y7BPtkA4ocCKlrIQ7Va2TuRRwF3k5ASuviPY9IvyzzFOX/TfTx3gYkP0gwxQvUFe2WOzL30PIraXbKi9hRCAf5GAeXP2C/9FmM1rIsqMJ/apH69q14qvL9DHMOHe6fJGyUCWWVmnO5Hx1tnBmQMBjYtV4/5Mh63P6WDNc4OGdKTWUA/JWZrCq5UW5c882LNEa0BiwQjUDZgAACN/Vp1vg4nFTiAG4Lg5QwFRZaKsCfv4AgLKfm7J9ObZmFxjfl4duRxk4nY/MJzFhGFSe7ubN/TpYPRjQ3lmszvxiBiRiCAO+CbX115XXe9ZLwr3hY3t7Bef5AiNuwmZXUfpjY4Cfho5lgDEHHH4plkDQ7UFtGZ24pKrQRdcPmcCZH58oSw3HEyDJJ7+eLgNKAAyAhn53zud4F+84JwS07NF43VwxynI5fr9AOiNXikdtd2J60pExA7yxO+5Sz19bZt9MS5ScJzfC5G2kngfkEL0Evm7f1+aA5+KIXGqOzoSoR1RHE7CceBIlKiuIz3cZdB4GZ2JiTF5+ZrQ46aLGtIPpLWEGhIJdSz64r5A1N47484WaWlGEIHCvjbysSrvrKBF+OxIZhy6Zi/TbMuuIT/kPQ1IvYZfTstWnF1BeTbh19zuQIyrKkowCpMuMMyhvU4OGWllsNUOTJpSuKD79LekJTH00kiZ/xyJ7v5mHgd4PanmPE+7R7gg0wq6zMycNrgRe98aqXOvFQHvLO8XpmoeCyrYB&p=MSDWKeep-Alive |
Source: Amcache.hve.6.dr | Binary or memory string: VMware, Inc.me |
Source: Amcache.hve.6.dr | Binary or memory string: VMware-42 35 44 6e 75 85 11 47-bd a2 bb ed 21 43 9f 89 |
Source: WerFault.exe, 00000006.00000003.298135731.0000000004C56000.00000004.00000001.sdmp | Binary or memory string: MSA_DeviceTickett=EwC4AlN5BAAUfXuGwOqhW7gpJJ36LAbhOJHjZ2kAAfy20W7WGr2H1Dd3s1L4CyDOlJhVjZKa310V3lmO8QvaAXeY4EeGZSzjy6P/rXiwk3ipb22QUZ75IJ0oxf8uXs8ORQTXAigDL/YBgFxxlWW337gwFSpqRrW7Dm/pkMMyleiJcRpTb5Kjzq0y7BPtkA4ocCKlrIQ7Va2TuRRwF3k5ASuviPY9IvyzzFOX/TfTx3gYkP0gwxQvUFe2WOzL30PIraXbKi9hRCAf5GAeXP2C/9FmM1rIsqMJ/apH69q14qvL9DHMOHe6fJGyUCWWVmnO5Hx1tnBmQMBjYtV4/5Mh63P6WDNc4OGdKTWUA/JWZrCq5UW5c882LNEa0BiwQjUDZgAACN/Vp1vg4nFTiAG4Lg5QwFRZaKsCfv4AgLKfm7J9ObZmFxjfl4duRxk4nY/MJzFhGFSe7ubN/TpYPRjQ3lmszvxiBiRiCAO+CbX115XXe9ZLwr3hY3t7Bef5AiNuwmZXUfpjY4Cfho5lgDEHHH4plkDQ7UFtGZ24pKrQRdcPmcCZH58oSw3HEyDJJ7+eLgNKAAyAhn53zud4F+84JwS07NF43VwxynI5fr9AOiNXikdtd2J60pExA7yxO+5Sz19bZt9MS5ScJzfC5G2kngfkEL0Evm7f1+aA5+KIXGqOzoSoR1RHE7CceBIlKiuIz3cZdB4GZ2JiTF5+ZrQ46aLGtIPpLWEGhIJdSz64r5A1N47484WaWlGEIHCvjbysSrvrKBF+OxIZhy6Zi/TbMuuIT/kPQ1IvYZfTstWnF1BeTbh19zuQIyrKkowCpMuMMyhvU4OGWllsNUOTJpSuKD79LekJTH00kiZ/xyJ7v5mHgd4PanmPE+7R7gg0wq6zMycNrgRe98aqXOvFQHvLO8XpmoeCyrYB&p= |
Source: WerFault.exe, 00000006.00000003.298362110.0000000004C56000.00000004.00000001.sdmp | Binary or memory string: ceTickett=EwC4AlN5BAAUfXuGwOqhW7gpJJ36LAbhOJHjZ2kAAfy20W7WGr2H1Dd3s1L4CyDOlJhVjZKa310V3lmO8QvaAXeY4EeGZSzjy6P/rXiwk3ipb22QUZ75IJ0oxf8uXs8ORQTXAigDL/YBgFxxlWW337gwFSpqRrW7Dm/pkMMyleiJcRpTb5Kjzq0y7BPtkA4ocCKlrIQ7Va2TuRRwF3k5ASuviPY9IvyzzFOX/TfTx3gYkP0gwxQvUFe2WOzL30PIraXbKi9hRCAf5GAeXP2C/9FmM1rIsqMJ/apH69q14qvL9DHMOHe6fJGyUCWWVmnO5Hx1tnBmQMBjYtV4/5Mh63P6WDNc4OGdKTWUA/JWZrCq5UW5c882LNEa0BiwQjUDZgAACN/Vp1vg4nFTiAG4Lg5QwFRZaKsCfv4AgLKfm7J9ObZmFxjfl4duRxk4nY/MJzFhGFSe7ubN/TpYPRjQ3lmszvxiBiRiCAO+CbX115XXe9ZLwr3hY3t7Bef5AiNuwmZXUfpjY4Cfho5lgDEHHH4plkDQ7UFtGZ24pKrQRdcPmcCZH58oSw3HEyDJJ7+eLgNKAAyAhn53zud4F+84JwS07NF43VwxynI5fr9AOiNXikdtd2J60pExA7yxO+5Sz19bZt9MS5ScJzfC5G2kngfkEL0Evm7f1+aA5+KIXGqOzoSoR1RHE7CceBIlKiuIz3cZdB4GZ2JiTF5+ZrQ46aLGtIPpLWEGhIJdSz64r5A1N47484WaWlGEIHCvjbysSrvrKBF+OxIZhy6Zi/TbMuuIT/kPQ1IvYZfTstWnF1BeTbh19zuQIyrKkowCpMuMMyhvU4OGWllsNUOTJpSuKD79LekJTH00kiZ/xyJ7v5mHgd4PanmPE+7R7gg0wq6zMycNrgRe98aqXOvFQHvLO8XpmoeCyrYB&p= |
Source: Amcache.hve.6.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000 |
Source: Amcache.hve.6.dr | Binary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000 |
Source: WerFault.exe, 00000006.00000003.298409389.0000000004BB3000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000002.300642542.0000000004BB3000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAWZ |
Source: WerFault.exe, 00000006.00000003.298362110.0000000004C56000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000003.298135731.0000000004C56000.00000004.00000001.sdmp | Binary or memory string: t=EwC4AlN5BAAUfXuGwOqhW7gpJJ36LAbhOJHjZ2kAAfy20W7WGr2H1Dd3s1L4CyDOlJhVjZKa310V3lmO8QvaAXeY4EeGZSzjy6P/rXiwk3ipb22QUZ75IJ0oxf8uXs8ORQTXAigDL/YBgFxxlWW337gwFSpqRrW7Dm/pkMMyleiJcRpTb5Kjzq0y7BPtkA4ocCKlrIQ7Va2TuRRwF3k5ASuviPY9IvyzzFOX/TfTx3gYkP0gwxQvUFe2WOzL30PIraXbKi9hRCAf5GAeXP2C/9FmM1rIsqMJ/apH69q14qvL9DHMOHe6fJGyUCWWVmnO5Hx1tnBmQMBjYtV4/5Mh63P6WDNc4OGdKTWUA/JWZrCq5UW5c882LNEa0BiwQjUDZgAACN/Vp1vg4nFTiAG4Lg5QwFRZaKsCfv4AgLKfm7J9ObZmFxjfl4duRxk4nY/MJzFhGFSe7ubN/TpYPRjQ3lmszvxiBiRiCAO+CbX115XXe9ZLwr3hY3t7Bef5AiNuwmZXUfpjY4Cfho5lgDEHHH4plkDQ7UFtGZ24pKrQRdcPmcCZH58oSw3HEyDJJ7+eLgNKAAyAhn53zud4F+84JwS07NF43VwxynI5fr9AOiNXikdtd2J60pExA7yxO+5Sz19bZt9MS5ScJzfC5G2kngfkEL0Evm7f1+aA5+KIXGqOzoSoR1RHE7CceBIlKiuIz3cZdB4GZ2JiTF5+ZrQ46aLGtIPpLWEGhIJdSz64r5A1N47484WaWlGEIHCvjbysSrvrKBF+OxIZhy6Zi/TbMuuIT/kPQ1IvYZfTstWnF1BeTbh19zuQIyrKkowCpMuMMyhvU4OGWllsNUOTJpSuKD79LekJTH00kiZ/xyJ7v5mHgd4PanmPE+7R7gg0wq6zMycNrgRe98aqXOvFQHvLO8XpmoeCyrYB&p= |
Source: Amcache.hve.6.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.6.dr | Binary or memory string: VMware7,1 |
Source: Amcache.hve.6.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.6.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.6.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.6.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.6.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E836D0C GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
Source: loaddll32.exe, 00000000.00000002.653930606.00000000016C0000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.263678676.00000000038C0000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.260831521.00000000038C0000.00000002.00020000.sdmp | Binary or memory string: uProgram Manager |
Source: loaddll32.exe, 00000000.00000002.653930606.00000000016C0000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.263678676.00000000038C0000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.260831521.00000000038C0000.00000002.00020000.sdmp | Binary or memory string: Shell_TrayWnd |
Source: loaddll32.exe, 00000000.00000002.653930606.00000000016C0000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.263678676.00000000038C0000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.260831521.00000000038C0000.00000002.00020000.sdmp | Binary or memory string: Progman |
Source: loaddll32.exe, 00000000.00000002.653930606.00000000016C0000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.263678676.00000000038C0000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.260831521.00000000038C0000.00000002.00020000.sdmp | Binary or memory string: Progmanlock |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E836D0C GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |