Source: |
Binary string: \??\C:\Windows\exe\wab.pdb_j source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: wab.exe, 0000000E.00000002.1940497135.00000000244F2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: wab.pdbVowV source: wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.pdbd source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: System.Management.Automation.pdb-2476756634-1003_Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32 source: powershell.exe, 00000002.00000002.1633571805.0000000008667000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Xml.pdbd source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: \??\C:\Windows\exe\wab.pdbwj source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\wab.pdb source: wab.exe, 0000000E.00000002.1940497135.00000000244F2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: wab.pdbGCTL source: wab.exe, 0000000E.00000002.1940497135.00000000244F2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Xml.ni.pdbRSDS# source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: System.Core.ni.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: Microsoft.VisualBasic.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdb7j source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: n(C:\Windows\wab.pdb source: wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.ni.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: nC:\Program Files (x86)\windows mail\wab.pdb source: wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: C:\Program Files (x86)\windows mail\wab.PDB source: wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.ni.pdbRSDScUN source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: CallSite.Targetore.pdbC source: powershell.exe, 00000002.00000002.1633101698.0000000008600000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Core.pdb122658-3693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32 source: powershell.exe, 00000002.00000002.1633571805.0000000008667000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: BO$ .pdb source: wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: wab.pdb-21-2246122658-3693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Servererver32``oj source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Xml.ni.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdblb source: wab.exe, 0000000E.00000002.1925821576.00000000065A8000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.pdb@ source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: wab.pdbaD source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.ni.pdbRSDS source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000002.00000002.1633571805.0000000008667000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: n.pdb source: wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Program Files (x86)\windows mail\wab.PDB_ source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdbBX source: powershell.exe, 00000002.00000002.1622648515.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.ni.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: mscorlib.ni.pdbRSDS source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: !symbols\exe\wab.pdb30 source: wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: wab.pdbws\wab.pdbpdbwab.pdbmail\wab.pdb source: wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\wab.pdbiB source: wab.exe, 0000000E.00000002.1940497135.00000000244F2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Windows.Forms.pdb` source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: System.Xml.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: System.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: wab.pdb source: wab.exe, 0000000E.00000002.1940497135.00000000244F2000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Program Files (x86)\windows mail\wab.pdb source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Windows.Forms.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: mscorlib.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: tem.Core.pdb source: powershell.exe, 00000002.00000002.1630220347.00000000075E1000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\wab.pdb source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdbWj% source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Core.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb| source: wab.exe, 0000000E.00000002.1925821576.00000000065A8000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Microsoft.VisualBasic.pdb& source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: C:\Windows\wab.pdbpdbwab.pdbq source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb6 source: wab.exe, 0000000E.00000002.1925821576.00000000065A8000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.ni.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: System.Core.ni.pdbRSDS source: WER5987.tmp.dmp.18.dr |
Source: wab.exe, 0000000E.00000002.1939925448.0000000021F71000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://aborters.duckdns.org:8081 |
Source: wab.exe, 0000000E.00000002.1939925448.0000000021F71000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://anotherarmy.dns.army:8081 |
Source: wab.exe, 0000000E.00000002.1939925448.0000000022033000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.com |
Source: wab.exe, 0000000E.00000002.1939925448.0000000022033000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.comd |
Source: wab.exe, 0000000E.00000002.1939925448.0000000022033000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 0000000E.00000002.1939925448.000000002201C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: wab.exe, 0000000E.00000002.1939925448.0000000021F71000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: wab.exe, 0000000E.00000002.1939925448.0000000022033000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.orgd |
Source: powershell.exe, 00000002.00000002.1630220347.00000000075E1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.micro |
Source: powershell.exe, 00000002.00000002.1630220347.000000000754A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.microw |
Source: Confirmation transfer Note AGS # 22-00379.exe, Confirmation transfer Note AGS # 22-00379.exe.2.dr |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: powershell.exe, 00000002.00000002.1627675553.0000000005E66000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000002.00000002.1624752959.0000000004F56000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1630220347.000000000750A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: Confirmation transfer Note AGS # 22-00379.exe, Confirmation transfer Note AGS # 22-00379.exe.2.dr |
String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: Confirmation transfer Note AGS # 22-00379.exe, Confirmation transfer Note AGS # 22-00379.exe.2.dr |
String found in binary or memory: http://s.symcd.com06 |
Source: powershell.exe, 00000002.00000002.1624752959.0000000004E01000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 0000000E.00000002.1939925448.0000000021F71000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Confirmation transfer Note AGS # 22-00379.exe, Confirmation transfer Note AGS # 22-00379.exe.2.dr |
String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: Confirmation transfer Note AGS # 22-00379.exe, Confirmation transfer Note AGS # 22-00379.exe.2.dr |
String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: Confirmation transfer Note AGS # 22-00379.exe, Confirmation transfer Note AGS # 22-00379.exe.2.dr |
String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: Amcache.hve.18.dr |
String found in binary or memory: http://upx.sf.net |
Source: wab.exe, 0000000E.00000002.1939925448.0000000021F71000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://varders.kozow.com:8081 |
Source: powershell.exe, 00000002.00000002.1624752959.0000000004F56000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1630220347.000000000750A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000002.00000002.1624752959.0000000004E01000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB |
Source: powershell.exe, 00000002.00000002.1627675553.0000000005E66000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000002.00000002.1627675553.0000000005E66000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000002.00000002.1627675553.0000000005E66000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: Confirmation transfer Note AGS # 22-00379.exe, Confirmation transfer Note AGS # 22-00379.exe.2.dr |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: Confirmation transfer Note AGS # 22-00379.exe, Confirmation transfer Note AGS # 22-00379.exe.2.dr |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: Confirmation transfer Note AGS # 22-00379.exe, Confirmation transfer Note AGS # 22-00379.exe.2.dr |
String found in binary or memory: https://d.symcb.com/rpa0. |
Source: powershell.exe, 00000002.00000002.1624752959.0000000004F56000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1630220347.000000000750A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000002.00000002.1627675553.0000000005E66000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: wab.exe, 0000000E.00000002.1925821576.00000000065E1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.reap.skyestates.com.mt/ |
Source: wab.exe, 0000000E.00000002.1925821576.00000000065E1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.reap.skyestates.com.mt/wp-includes/NTivwvgavzbeiE97.bin |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: napinsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: pnrpnsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshbth.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: winrnr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: |
Binary string: \??\C:\Windows\exe\wab.pdb_j source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: wab.exe, 0000000E.00000002.1940497135.00000000244F2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: wab.pdbVowV source: wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.pdbd source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: System.Management.Automation.pdb-2476756634-1003_Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32 source: powershell.exe, 00000002.00000002.1633571805.0000000008667000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Xml.pdbd source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: \??\C:\Windows\exe\wab.pdbwj source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\wab.pdb source: wab.exe, 0000000E.00000002.1940497135.00000000244F2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: wab.pdbGCTL source: wab.exe, 0000000E.00000002.1940497135.00000000244F2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Xml.ni.pdbRSDS# source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: System.Core.ni.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: Microsoft.VisualBasic.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdb7j source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: n(C:\Windows\wab.pdb source: wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.ni.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: nC:\Program Files (x86)\windows mail\wab.pdb source: wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: C:\Program Files (x86)\windows mail\wab.PDB source: wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.ni.pdbRSDScUN source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: CallSite.Targetore.pdbC source: powershell.exe, 00000002.00000002.1633101698.0000000008600000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Core.pdb122658-3693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32 source: powershell.exe, 00000002.00000002.1633571805.0000000008667000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: BO$ .pdb source: wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: wab.pdb-21-2246122658-3693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Servererver32``oj source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Xml.ni.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdblb source: wab.exe, 0000000E.00000002.1925821576.00000000065A8000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.pdb@ source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: wab.pdbaD source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.ni.pdbRSDS source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000002.00000002.1633571805.0000000008667000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: n.pdb source: wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Program Files (x86)\windows mail\wab.PDB_ source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdbBX source: powershell.exe, 00000002.00000002.1622648515.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.ni.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: mscorlib.ni.pdbRSDS source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: !symbols\exe\wab.pdb30 source: wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: wab.pdbws\wab.pdbpdbwab.pdbmail\wab.pdb source: wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\wab.pdbiB source: wab.exe, 0000000E.00000002.1940497135.00000000244F2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Windows.Forms.pdb` source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: System.Xml.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: System.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: wab.pdb source: wab.exe, 0000000E.00000002.1940497135.00000000244F2000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000E.00000002.1939724868.0000000021E37000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Program Files (x86)\windows mail\wab.pdb source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Windows.Forms.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: mscorlib.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: tem.Core.pdb source: powershell.exe, 00000002.00000002.1630220347.00000000075E1000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\wab.pdb source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdbWj% source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Core.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb| source: wab.exe, 0000000E.00000002.1925821576.00000000065A8000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Microsoft.VisualBasic.pdb& source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: C:\Windows\wab.pdbpdbwab.pdbq source: wab.exe, 0000000E.00000002.1925821576.000000000665E000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb6 source: wab.exe, 0000000E.00000002.1925821576.00000000065A8000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.ni.pdb source: WER5987.tmp.dmp.18.dr |
Source: |
Binary string: System.Core.ni.pdbRSDS source: WER5987.tmp.dmp.18.dr |
Source: C:\Users\user\Desktop\Confirmation transfer Note AGS # 22-00379.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Amcache.hve.18.dr |
Binary or memory string: VMware |
Source: Amcache.hve.18.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.18.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.18.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.18.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.18.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.18.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.18.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: wab.exe, 0000000E.00000002.1925821576.00000000065FF000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.18.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.18.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.18.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.18.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.18.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.18.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.18.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.18.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: wab.exe, 0000000E.00000002.1925821576.00000000065A8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW8]` |
Source: Amcache.hve.18.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.18.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.18.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.18.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.18.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.18.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.18.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.18.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.18.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.18.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.18.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.18.dr |
Binary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d |
Source: Amcache.hve.18.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |