Source: |
Binary string: profapi.pdb! source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 00000007.00000003.668453300.0000000002EE5000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668264334.0000000002EE5000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668240835.0000000004F50000.00000004.00000001.sdmp |
Source: |
Binary string: shlwapi.pdb+ source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: sfc_os.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: bcrypt.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: |
Binary string: dwmapi.pdb" source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb source: loaddll32.exe, 00000000.00000003.667178698.000000004B280000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668889853.0000000002EDF000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668259172.0000000002EDF000.00000004.00000001.sdmp |
Source: |
Binary string: winspool.pdb5 source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdb- source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: propsys.pdb3 source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668644186.0000000002EEB000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668269654.0000000002EEB000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668457629.0000000002EEB000.00000004.00000001.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: mpr.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: |
Binary string: setupapi.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wUxTheme.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: imagehlp.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: dwmapi.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: RFFGTEQ.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.28165.dll |
Source: |
Binary string: wntdll.pdb( source: WerFault.exe, 00000007.00000003.668889853.0000000002EDF000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668259172.0000000002EDF000.00000004.00000001.sdmp |
Source: |
Binary string: shcore.pdbk source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: ws2_32.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: winspool.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: |
Binary string: shell32.pdbk source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: msctf.pdbN source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: propsys.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdbUGP source: loaddll32.exe, 00000000.00000003.667178698.000000004B280000.00000004.00000001.sdmp |
Source: |
Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: mpr.pdb^ source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdbk source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: msctf.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: AcLayers.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: |
Binary string: sfc.pdb] source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: setupapi.pdb? source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb( source: WerFault.exe, 00000007.00000003.668644186.0000000002EEB000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668269654.0000000002EEB000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668457629.0000000002EEB000.00000004.00000001.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb( source: WerFault.exe, 00000007.00000003.668453300.0000000002EE5000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668264334.0000000002EE5000.00000004.00000001.sdmp |
Source: |
Binary string: rundll32.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: |
Binary string: oleaut32.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: sfc.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: Yara match |
File source: 0.2.loaddll32.exe.6e750000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.0.rundll32.exe.6e750000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.rundll32.exe.6e750000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.0.rundll32.exe.6e750000.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000002.00000000.663271333.000000006E751000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.1053702891.000000006E751000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000000.664478156.000000006E751000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000002.695754483.000000006E751000.00000020.00020000.sdmp, type: MEMORY |
Source: unknown |
Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.28165.dll" |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.28165.dll",#1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.28165.dll",#1 |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 684 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.28165.dll",#1 |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.28165.dll",#1 |
Jump to behavior |
Source: |
Binary string: profapi.pdb! source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 00000007.00000003.668453300.0000000002EE5000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668264334.0000000002EE5000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668240835.0000000004F50000.00000004.00000001.sdmp |
Source: |
Binary string: shlwapi.pdb+ source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: sfc_os.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: bcrypt.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: |
Binary string: dwmapi.pdb" source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb source: loaddll32.exe, 00000000.00000003.667178698.000000004B280000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668889853.0000000002EDF000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668259172.0000000002EDF000.00000004.00000001.sdmp |
Source: |
Binary string: winspool.pdb5 source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdb- source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: propsys.pdb3 source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668644186.0000000002EEB000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668269654.0000000002EEB000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668457629.0000000002EEB000.00000004.00000001.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: mpr.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: |
Binary string: setupapi.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wUxTheme.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: imagehlp.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: dwmapi.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: RFFGTEQ.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.28165.dll |
Source: |
Binary string: wntdll.pdb( source: WerFault.exe, 00000007.00000003.668889853.0000000002EDF000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668259172.0000000002EDF000.00000004.00000001.sdmp |
Source: |
Binary string: shcore.pdbk source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: ws2_32.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: winspool.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: |
Binary string: shell32.pdbk source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: msctf.pdbN source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: propsys.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdbUGP source: loaddll32.exe, 00000000.00000003.667178698.000000004B280000.00000004.00000001.sdmp |
Source: |
Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: mpr.pdb^ source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdbk source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: msctf.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: AcLayers.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: |
Binary string: sfc.pdb] source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: setupapi.pdb? source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb( source: WerFault.exe, 00000007.00000003.668644186.0000000002EEB000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668269654.0000000002EEB000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668457629.0000000002EEB000.00000004.00000001.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 00000007.00000003.672793536.0000000005290000.00000004.00000040.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb( source: WerFault.exe, 00000007.00000003.668453300.0000000002EE5000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.668264334.0000000002EE5000.00000004.00000001.sdmp |
Source: |
Binary string: rundll32.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: |
Binary string: oleaut32.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: sfc.pdb source: WerFault.exe, 00000007.00000003.672800912.0000000005296000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 00000007.00000003.672783661.00000000052C1000.00000004.00000001.sdmp |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware |
Source: Amcache.hve.7.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000 |
Source: Amcache.hve.7.dr |
Binary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000 |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware-42 35 9c fb 73 fa 4e 1b-fb a4 60 e7 7b e5 4a ed |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware, Inc. |
Source: WerFault.exe, 00000007.00000002.691773134.0000000004E90000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAWp |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Devicehbin |
Source: Amcache.hve.7.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware7,1 |
Source: Amcache.hve.7.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.7.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: WerFault.exe, 00000007.00000003.686993932.0000000004F63000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000002.694219293.0000000004F63000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.7.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.7.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware, Inc.me |
Source: Amcache.hve.7.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000 |
Source: Amcache.hve.7.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6E756D0C GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
0_2_6E756D0C |
Source: loaddll32.exe, 00000000.00000002.1053413526.0000000000F40000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.664234752.0000000003790000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.662485231.0000000003790000.00000002.00020000.sdmp |
Binary or memory string: Program Manager |
Source: loaddll32.exe, 00000000.00000002.1053413526.0000000000F40000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.664234752.0000000003790000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.662485231.0000000003790000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: loaddll32.exe, 00000000.00000002.1053413526.0000000000F40000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.664234752.0000000003790000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.662485231.0000000003790000.00000002.00020000.sdmp |
Binary or memory string: Progman |
Source: loaddll32.exe, 00000000.00000002.1053413526.0000000000F40000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.664234752.0000000003790000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.662485231.0000000003790000.00000002.00020000.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Windows\System32\loaddll32.exe |
Code function: GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
0_2_6E756D0C |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6E756D0C GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
0_2_6E756D0C |