Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.307864938.0000000000CF6000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.307347881.0000000004C00000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.307414987.0000000000CF6000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: nCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 00000008.00000002.323657432.0000000000782000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: loaddll32.exe, 00000001.00000003.307015548.000000004B280000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.308326568.0000000000CF0000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.307409840.0000000000CF0000.00000004.00000001.sdmp |
Source: | Binary string: combase.pdbL source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb\1 source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb$ source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdbJ source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdbW source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb_0 source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000008.00000003.307420438.0000000000CFC000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.307772141.0000000000CFC000.00000004.00000001.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdbP source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: RFFGTEQ.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.11362.dll |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 00000008.00000003.308326568.0000000000CF0000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.307409840.0000000000CF0000.00000004.00000001.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: ws2_32.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdbUGP source: loaddll32.exe, 00000001.00000003.307015548.000000004B280000.00000004.00000001.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: ws2_32.pdb^ source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdbt source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdbx source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: wsspicli.pdbn source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: setupapi.pdbF source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdbr source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000008.00000003.307420438.0000000000CFC000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.307772141.0000000000CFC000.00000004.00000001.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb" source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000008.00000003.307864938.0000000000CF6000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.307414987.0000000000CF6000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: sechost.pdb` source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: Yara match | File source: 4.2.rundll32.exe.6ecf0000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.rundll32.exe.6ecf0000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.rundll32.exe.6ecf0000.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.loaddll32.exe.6ecf0000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000001.00000002.693021141.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.334490741.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.301040628.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.303124420.000000006ECF1000.00000020.00020000.sdmp, type: MEMORY |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.11362.dll" | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.11362.dll",#1 | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.11362.dll",#1 | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 696 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.11362.dll",#1 | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.11362.dll",#1 | Jump to behavior |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.307864938.0000000000CF6000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.307347881.0000000004C00000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.307414987.0000000000CF6000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: nCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 00000008.00000002.323657432.0000000000782000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: loaddll32.exe, 00000001.00000003.307015548.000000004B280000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.308326568.0000000000CF0000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.307409840.0000000000CF0000.00000004.00000001.sdmp |
Source: | Binary string: combase.pdbL source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb\1 source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb$ source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdbJ source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdbW source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb_0 source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000008.00000003.307420438.0000000000CFC000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.307772141.0000000000CFC000.00000004.00000001.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdbP source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: RFFGTEQ.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.11362.dll |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 00000008.00000003.308326568.0000000000CF0000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.307409840.0000000000CF0000.00000004.00000001.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: ws2_32.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdbUGP source: loaddll32.exe, 00000001.00000003.307015548.000000004B280000.00000004.00000001.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: ws2_32.pdb^ source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdbt source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdbx source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: wsspicli.pdbn source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: setupapi.pdbF source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdbr source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000008.00000003.307420438.0000000000CFC000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.307772141.0000000000CFC000.00000004.00000001.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb" source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000008.00000003.312997657.0000000005040000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000008.00000003.307864938.0000000000CF6000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.307414987.0000000000CF6000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000008.00000003.312989033.0000000004EC1000.00000004.00000001.sdmp |
Source: | Binary string: sechost.pdb` source: WerFault.exe, 00000008.00000003.313002553.0000000005046000.00000004.00000040.sdmp |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: Amcache.hve.8.dr | Binary or memory string: VMware |
Source: Amcache.hve.8.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000 |
Source: Amcache.hve.8.dr | Binary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000 |
Source: Amcache.hve.8.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.8.dr | Binary or memory string: VMware, Inc. |
Source: Amcache.hve.8.dr | Binary or memory string: VMware Virtual disk SCSI Disk Devicehbin |
Source: Amcache.hve.8.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.8.dr | Binary or memory string: VMware7,1 |
Source: Amcache.hve.8.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.8.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.8.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: WerFault.exe, 00000008.00000002.324457894.0000000004B70000.00000004.00000001.sdmp, WerFault.exe, 00000008.00000003.322684693.0000000004B70000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.8.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.8.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.8.dr | Binary or memory string: VMware, Inc.me |
Source: Amcache.hve.8.dr | Binary or memory string: VMware-42 35 d8 20 48 cb c7 ff-aa 5e d0 37 a0 49 53 d7 |
Source: Amcache.hve.8.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000 |
Source: WerFault.exe, 00000008.00000002.324337692.0000000004B30000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW` |
Source: Amcache.hve.8.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000 |
Source: loaddll32.exe, 00000001.00000002.692606291.0000000001A00000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.303018264.0000000002FA0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.300956661.0000000002FA0000.00000002.00020000.sdmp | Binary or memory string: Program Manager |
Source: loaddll32.exe, 00000001.00000002.692606291.0000000001A00000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.303018264.0000000002FA0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.300956661.0000000002FA0000.00000002.00020000.sdmp | Binary or memory string: Shell_TrayWnd |
Source: loaddll32.exe, 00000001.00000002.692606291.0000000001A00000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.303018264.0000000002FA0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.300956661.0000000002FA0000.00000002.00020000.sdmp | Binary or memory string: Progman |
Source: loaddll32.exe, 00000001.00000002.692606291.0000000001A00000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.303018264.0000000002FA0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.300956661.0000000002FA0000.00000002.00020000.sdmp | Binary or memory string: Progmanlock |