Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: bestfitnessgymintheworld.com |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: /8BvxwQdec3/index.php |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: S-%lu- |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: 2043a89613 |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: Dctooux.exe |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: Startup |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: cmd /C RMDIR /s/q |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: rundll32 |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: Programs |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: %USERPROFILE% |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: cred.dll|clip.dll| |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: http:// |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: https:// |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: /Plugins/ |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: &unit= |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: shell32.dll |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: kernel32.dll |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: GetNativeSystemInfo |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: ProgramData\ |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: AVAST Software |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: Kaspersky Lab |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: Panda Security |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: Doctor Web |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: 360TotalSecurity |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: Bitdefender |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: Norton |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: Sophos |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: Comodo |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: WinDefender |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: 0123456789 |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: Content-Type: multipart/form-data; boundary=---- |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: ------ |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: ?scr=1 |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: Content-Type: application/x-www-form-urlencoded |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: ComputerName |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_ |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: -unicode- |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\ |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: VideoID |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: DefaultSettings.XResolution |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: DefaultSettings.YResolution |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: ProductName |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: CurrentBuild |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: rundll32.exe |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: "taskkill /f /im " |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: " && timeout 1 && del |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: && Exit" |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: " && ren |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: Powershell.exe |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: -executionpolicy remotesigned -File " |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: shutdown -s -t 0 |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: random |
Source: 6.2.netsh.exe.57700c8.7.raw.unpack | String decryptor: hC{p`-6 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr | String found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr | String found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr | String found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0 |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr | String found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0 |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr | String found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0A |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0C |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0L |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0O |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr | String found in binary or memory: http://ocsps.ssl.com0 |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr | String found in binary or memory: http://ocsps.ssl.com0? |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://s2.symcb.com0 |
Source: netsh.exe, 00000002.00000002.1709871097.00000000037C1000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://schemas.micro |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr | String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/ |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://sv.symcd.com0& |
Source: Amcache.hve.15.dr | String found in binary or memory: http://upx.sf.net |
Source: XoWatcher.exe.2.dr | String found in binary or memory: http://www.aignes.com |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr | String found in binary or memory: http://www.aignes.com/helpd/bugreport.htmU |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr | String found in binary or memory: http://www.aignes.comU |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr | String found in binary or memory: http://www.aignes.comopen |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.00000000058F1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C15000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.000000000519C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, explorer.exe, 0000000B.00000002.1818871104.0000000004EB3000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F52000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.info-zip.org/ |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr | String found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.symauth.com/cps0( |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.symauth.com/rpa00 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.vmware.com/0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.vmware.com/0/ |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://d.symcb.com/cps0% |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://d.symcb.com/rpa0 |
Source: WggZw957eT.exe, 00000000.00000002.1460790930.0000000005AF1000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.1710460337.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000006.00000002.1806775372.00000000051E5000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1818871104.0000000004EFC000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: WggZw957eT.exe, XoWatcher.exe.2.dr | String found in binary or memory: https://www.ssl.com/repository0 |
Source: 2.2.netsh.exe.5ca8378.4.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.netsh.exe.522ff78.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 2.2.netsh.exe.5ca8f78.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 11.2.explorer.exe.4f46f78.5.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 2.2.netsh.exe.5c64a8a.5.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.WggZw957eT.exe.5b3ca0e.4.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 12.2.explorer.exe.4fe5378.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 11.2.explorer.exe.4f46378.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 12.2.explorer.exe.4fe5f78.5.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 11.2.explorer.exe.4f02a8a.4.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.netsh.exe.522f378.5.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.WggZw957eT.exe.5b3be0e.5.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.WggZw957eT.exe.5af8520.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 12.2.explorer.exe.4fa1a8a.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.netsh.exe.51eba8a.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: faultrep.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: dbgcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: olepro32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: explorerframe.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: pla.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: pdh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: tdh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Section loaded: shdocvw.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ifmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mprapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasmontr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mfc42u.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: authfwcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwpolicyiomgr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: firewallapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dhcpcmonitor.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dot3cfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dot3api.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: onex.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: eappcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: eappprxy.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: hnetmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netshell.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netsetupapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netiohlp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: httpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshipsec.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: activeds.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: polstore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winipsec.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: adsldpc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshwfp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: p2pnetsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: p2p.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rpcnsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: whhelper.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wlancfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wlanapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wshelper.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: peerdistsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wcmapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rmclient.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mobilenetworking.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ktmw32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mprmsg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: shdocvw.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: taskschd.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: xmllite.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mstask.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: faultrep.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: dbgcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: olepro32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: explorerframe.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: pla.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: pdh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: tdh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: shdocvw.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: faultrep.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: dbgcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: olepro32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: explorerframe.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ifmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mprapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasmontr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mfc42u.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: authfwcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwpolicyiomgr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: firewallapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dhcpcmonitor.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dot3cfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dot3api.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: onex.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: eappcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: eappprxy.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: hnetmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netshell.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netsetupapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netiohlp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: httpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshipsec.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: activeds.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: polstore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winipsec.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: adsldpc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshwfp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: p2pnetsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: p2p.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rpcnsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: whhelper.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wlancfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wlanapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wshelper.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: peerdistsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wcmapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rmclient.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mobilenetworking.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ktmw32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mprmsg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: shdocvw.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mstask.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: shdocvw.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: shdocvw.dll | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\WggZw957eT.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: Amcache.hve.15.dr | Binary or memory string: VMware |
Source: Amcache.hve.15.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: http://www.vmware.com/0 |
Source: Amcache.hve.15.dr | Binary or memory string: vmci.syshbin |
Source: Amcache.hve.15.dr | Binary or memory string: VMware-42 27 c5 9a 47 85 d6 84-53 49 ec ec 87 a6 6d 67 |
Source: Amcache.hve.15.dr | Binary or memory string: VMware, Inc. |
Source: explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMware, Inc.1!0 |
Source: Amcache.hve.15.dr | Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.15.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.15.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.15.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: http://www.vmware.com/0/ |
Source: Amcache.hve.15.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMware, Inc.1 |
Source: explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMware, Inc.0 |
Source: netsh.exe, 00000006.00000002.1805766913.000000000085A000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllj |
Source: Amcache.hve.15.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.15.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.15.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: netsh.exe, 00000002.00000002.1709871097.000000000378A000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: Amcache.hve.15.dr | Binary or memory string: vmci.sys |
Source: explorer.exe, 0000000C.00000002.1806222806.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: noreply@vmware.com0 |
Source: Amcache.hve.15.dr | Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.15.dr | Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.15.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.15.dr | Binary or memory string: VMware20,1 |
Source: Amcache.hve.15.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.15.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.15.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.15.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.15.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.15.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.15.dr | Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.15.dr | Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.15.dr | Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.15.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.15.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |