Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000007.00000003.303782308.0000000004B40000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.303942043.0000000000BC6000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.303834846.0000000000BC6000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.304271486.0000000000BC6000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: nCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 00000007.00000002.320531767.00000000005D2000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdbB source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: loaddll32.exe, 00000000.00000003.303520820.000000004B280000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.303914781.0000000000BC0000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.304429295.0000000000BC0000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb6 source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb* source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000007.00000003.303838980.0000000000BCC000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.304202527.0000000000BCC000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.303947553.0000000000BCC000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb8 source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: RFFGTEQ.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.23460.dll |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 00000007.00000003.303914781.0000000000BC0000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.304429295.0000000000BC0000.00000004.00000001.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: ws2_32.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdbe source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdbUGP source: loaddll32.exe, 00000000.00000003.303520820.000000004B280000.00000004.00000001.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: profapi.pdbD source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000007.00000003.303838980.0000000000BCC000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.304202527.0000000000BCC000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.303947553.0000000000BCC000.00000004.00000001.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000007.00000003.303942043.0000000000BC6000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.303834846.0000000000BC6000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.304271486.0000000000BC6000.00000004.00000001.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb, source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: sfc.pdbf source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: WerFault.exe, 00000007.00000002.321092369.0000000004ABC000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.319185333.0000000004ABC000.00000004.00000001.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: Amcache.hve.7.dr | String found in binary or memory: http://upx.sf.net |
Source: loaddll32.exe, 00000000.00000002.819400491.000000006EC4F000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.300427683.000000006EC4F000.00000002.00020000.sdmp | String found in binary or memory: http://www.n4pkg6fy8o.gaDVarFileInfo$ |
Source: Yara match | File source: 3.0.rundll32.exe.6ec30000.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.6ec30000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.rundll32.exe.6ec30000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.6ec30000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.819315155.000000006EC31000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.300409127.000000006EC31000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.329263853.000000006EC31000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.298329265.000000006EC31000.00000020.00020000.sdmp, type: MEMORY |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.23460.dll" | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.23460.dll",#1 | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.23460.dll",#1 | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 672 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.23460.dll",#1 | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.23460.dll",#1 | Jump to behavior |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000007.00000003.303782308.0000000004B40000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.303942043.0000000000BC6000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.303834846.0000000000BC6000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.304271486.0000000000BC6000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: nCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 00000007.00000002.320531767.00000000005D2000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdbB source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: loaddll32.exe, 00000000.00000003.303520820.000000004B280000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.303914781.0000000000BC0000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.304429295.0000000000BC0000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb6 source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb* source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000007.00000003.303838980.0000000000BCC000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.304202527.0000000000BCC000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.303947553.0000000000BCC000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb8 source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: RFFGTEQ.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.23460.dll |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 00000007.00000003.303914781.0000000000BC0000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.304429295.0000000000BC0000.00000004.00000001.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: ws2_32.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdbe source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdbUGP source: loaddll32.exe, 00000000.00000003.303520820.000000004B280000.00000004.00000001.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: profapi.pdbD source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000007.00000003.303838980.0000000000BCC000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.304202527.0000000000BCC000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.303947553.0000000000BCC000.00000004.00000001.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000007.00000003.308690044.0000000004EA0000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000007.00000003.303942043.0000000000BC6000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.303834846.0000000000BC6000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.304271486.0000000000BC6000.00000004.00000001.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb, source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000007.00000003.308675748.0000000004D71000.00000004.00000001.sdmp |
Source: | Binary string: sfc.pdbf source: WerFault.exe, 00000007.00000003.308694934.0000000004EA6000.00000004.00000040.sdmp |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: Amcache.hve.7.dr | Binary or memory string: VMware |
Source: Amcache.hve.7.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000 |
Source: Amcache.hve.7.dr | Binary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000 |
Source: Amcache.hve.7.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.7.dr | Binary or memory string: VMware, Inc. |
Source: Amcache.hve.7.dr | Binary or memory string: VMware Virtual disk SCSI Disk Devicehbin |
Source: Amcache.hve.7.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.7.dr | Binary or memory string: VMware7,1 |
Source: Amcache.hve.7.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.7.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.7.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: WerFault.exe, 00000007.00000002.321017706.0000000004A70000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.319269722.0000000004AB2000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000002.321082427.0000000004AB2000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.7.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.7.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.7.dr | Binary or memory string: VMware, Inc.me |
Source: Amcache.hve.7.dr | Binary or memory string: VMware-42 35 d8 20 48 cb c7 ff-aa 5e d0 37 a0 49 53 d7 |
Source: Amcache.hve.7.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000 |
Source: Amcache.hve.7.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6EC36D0C GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, | 0_2_6EC36D0C |
Source: loaddll32.exe, 00000000.00000002.818868274.00000000014D0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.297621027.0000000002B60000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.300203284.0000000002B60000.00000002.00020000.sdmp | Binary or memory string: Program Manager |
Source: loaddll32.exe, 00000000.00000002.818868274.00000000014D0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.297621027.0000000002B60000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.300203284.0000000002B60000.00000002.00020000.sdmp | Binary or memory string: Shell_TrayWnd |
Source: loaddll32.exe, 00000000.00000002.818868274.00000000014D0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.297621027.0000000002B60000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.300203284.0000000002B60000.00000002.00020000.sdmp | Binary or memory string: Progman |
Source: loaddll32.exe, 00000000.00000002.818868274.00000000014D0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.297621027.0000000002B60000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.300203284.0000000002B60000.00000002.00020000.sdmp | Binary or memory string: Progmanlock |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, | 0_2_6EC36D0C |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6EC36D0C GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, | 0_2_6EC36D0C |