Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: bestfitnessgymintheworld.com |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: /8BvxwQdec3/index.php |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: S-%lu- |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: 2043a89613 |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: Dctooux.exe |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: Startup |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: cmd /C RMDIR /s/q |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: rundll32 |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: Programs |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: %USERPROFILE% |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: cred.dll|clip.dll| |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: http:// |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: https:// |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: /Plugins/ |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: &unit= |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: shell32.dll |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: kernel32.dll |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: GetNativeSystemInfo |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: ProgramData\ |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: AVAST Software |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: Kaspersky Lab |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: Panda Security |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: Doctor Web |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: 360TotalSecurity |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: Bitdefender |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: Norton |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: Sophos |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: Comodo |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: WinDefender |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: 0123456789 |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: Content-Type: multipart/form-data; boundary=---- |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: ------ |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: ?scr=1 |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: Content-Type: application/x-www-form-urlencoded |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: ComputerName |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_ |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: -unicode- |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\ |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: VideoID |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: DefaultSettings.XResolution |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: DefaultSettings.YResolution |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: ProductName |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: CurrentBuild |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: rundll32.exe |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: "taskkill /f /im " |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: " && timeout 1 && del |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: && Exit" |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: " && ren |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: Powershell.exe |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: -executionpolicy remotesigned -File " |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: shutdown -s -t 0 |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: random |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack |
String decryptor: hC{p`-6 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr |
String found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr |
String found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr |
String found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0 |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr |
String found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0 |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr |
String found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0L |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr |
String found in binary or memory: http://ocsps.ssl.com0 |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr |
String found in binary or memory: http://ocsps.ssl.com0? |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://s2.symcb.com0 |
Source: netsh.exe, 00000002.00000002.1709871097.00000000037C1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.micro |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr |
String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/ |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://sv.symcd.com0& |
Source: Amcache.hve.15.dr |
String found in binary or memory: http://upx.sf.net |
Source: XoWatcher.exe.2.dr |
String found in binary or memory: http://www.aignes.com |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr |
String found in binary or memory: http://www.aignes.com/helpd/bugreport.htmU |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr |
String found in binary or memory: http://www.aignes.comU |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr |
String found in binary or memory: http://www.aignes.comopen |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.00000000058F1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C15000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.000000000519C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, explorer.exe, 0000000B.00000002.1818871104.0000000004EB3000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F52000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.info-zip.org/ |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr |
String found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.vmware.com/0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.vmware.com/0/ |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr |
String found in binary or memory: https://www.ssl.com/repository0 |
Source: 2.2.netsh.exe.5ca8378.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.netsh.exe.522ff78.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 2.2.netsh.exe.5ca8f78.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 11.2.explorer.exe.4f46f78.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 2.2.netsh.exe.5c64a8a.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.WggZw957eT.exe.5b3ca0e.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 12.2.explorer.exe.4fe5378.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 11.2.explorer.exe.4f46378.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 12.2.explorer.exe.4fe5f78.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 11.2.explorer.exe.4f02a8a.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.netsh.exe.522f378.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.WggZw957eT.exe.5b3be0e.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.WggZw957eT.exe.5af8520.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 12.2.explorer.exe.4fa1a8a.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.netsh.exe.51eba8a.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: faultrep.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: dbgcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: olepro32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: explorerframe.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: pla.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: pdh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: tdh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: wevtapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ifmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mprapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasmontr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mfc42u.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: authfwcfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwpolicyiomgr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: firewallapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dhcpcmonitor.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dot3cfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dot3api.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: onex.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: eappcfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: eappprxy.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwcfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: hnetmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: netshell.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: netsetupapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: netiohlp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nshhttp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: httpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nshipsec.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: activeds.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: polstore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: winipsec.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: adsldpc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nshwfp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: p2pnetsh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: p2p.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rpcnsh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: whhelper.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wlancfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wlanapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wshelper.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wevtapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: peerdistsh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wcmapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rmclient.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mobilenetworking.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ktmw32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mprmsg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mstask.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: faultrep.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: dbgcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: olepro32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: explorerframe.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: pla.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: pdh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: tdh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: wevtapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: faultrep.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: dbgcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: olepro32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: explorerframe.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ifmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mprapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasmontr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mfc42u.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: authfwcfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwpolicyiomgr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: firewallapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dhcpcmonitor.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dot3cfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dot3api.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: onex.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: eappcfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: eappprxy.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwcfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: hnetmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: netshell.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: netsetupapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: netiohlp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nshhttp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: httpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nshipsec.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: activeds.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: polstore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: winipsec.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: adsldpc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nshwfp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: p2pnetsh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: p2p.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rpcnsh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: whhelper.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wlancfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wlanapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wshelper.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wevtapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: peerdistsh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wcmapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rmclient.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mobilenetworking.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ktmw32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mprmsg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mstask.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Amcache.hve.15.dr |
Binary or memory string: VMware |
Source: Amcache.hve.15.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: http://www.vmware.com/0 |
Source: Amcache.hve.15.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.15.dr |
Binary or memory string: VMware-42 27 c5 9a 47 85 d6 84-53 49 ec ec 87 a6 6d 67 |
Source: Amcache.hve.15.dr |
Binary or memory string: VMware, Inc. |
Source: explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMware, Inc.1!0 |
Source: Amcache.hve.15.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.15.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.15.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.15.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: http://www.vmware.com/0/ |
Source: Amcache.hve.15.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMware, Inc.1 |
Source: explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMware, Inc.0 |
Source: netsh.exe, 00000006.00000002.1805766913.000000000085A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllj |
Source: Amcache.hve.15.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.15.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.15.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: netsh.exe, 00000002.00000002.1709871097.000000000378A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: Amcache.hve.15.dr |
Binary or memory string: vmci.sys |
Source: explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: noreply@vmware.com0 |
Source: Amcache.hve.15.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.15.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.15.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.15.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.15.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.15.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.15.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.15.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.15.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.15.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.15.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.15.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.15.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.15.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.15.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |