Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB61B910 | 3_2_00007FFDFB61B910 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB624FF0 | 3_2_00007FFDFB624FF0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB60D170 | 3_2_00007FFDFB60D170 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB69D0C0 | 3_2_00007FFDFB69D0C0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6720F8 | 3_2_00007FFDFB6720F8 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6237B0 | 3_2_00007FFDFB6237B0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB692BD8 | 3_2_00007FFDFB692BD8 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB622BB0 | 3_2_00007FFDFB622BB0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB689B7C | 3_2_00007FFDFB689B7C |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB621AC0 | 3_2_00007FFDFB621AC0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB65AAC0 | 3_2_00007FFDFB65AAC0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB685ACC | 3_2_00007FFDFB685ACC |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB617AA0 | 3_2_00007FFDFB617AA0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB632A90 | 3_2_00007FFDFB632A90 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB62AA90 | 3_2_00007FFDFB62AA90 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB65AA60 | 3_2_00007FFDFB65AA60 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB64BB10 | 3_2_00007FFDFB64BB10 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB640B00 | 3_2_00007FFDFB640B00 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6529B0 | 3_2_00007FFDFB6529B0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB656A30 | 3_2_00007FFDFB656A30 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB69CA24 | 3_2_00007FFDFB69CA24 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB61CA10 | 3_2_00007FFDFB61CA10 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB620860 | 3_2_00007FFDFB620860 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB68A930 | 3_2_00007FFDFB68A930 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB61D900 | 3_2_00007FFDFB61D900 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6228E0 | 3_2_00007FFDFB6228E0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB61CFC0 | 3_2_00007FFDFB61CFC0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB621FA0 | 3_2_00007FFDFB621FA0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB68BF70 | 3_2_00007FFDFB68BF70 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB63AEB0 | 3_2_00007FFDFB63AEB0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB622E90 | 3_2_00007FFDFB622E90 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB668E90 | 3_2_00007FFDFB668E90 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB620E80 | 3_2_00007FFDFB620E80 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB63FF50 | 3_2_00007FFDFB63FF50 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB68DF3C | 3_2_00007FFDFB68DF3C |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB685F04 | 3_2_00007FFDFB685F04 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB650EE0 | 3_2_00007FFDFB650EE0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB61FD60 | 3_2_00007FFDFB61FD60 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB634E50 | 3_2_00007FFDFB634E50 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB602E10 | 3_2_00007FFDFB602E10 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB63ACD0 | 3_2_00007FFDFB63ACD0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB668CA0 | 3_2_00007FFDFB668CA0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB64AC80 | 3_2_00007FFDFB64AC80 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB684D20 | 3_2_00007FFDFB684D20 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB69ACE8 | 3_2_00007FFDFB69ACE8 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6683D0 | 3_2_00007FFDFB6683D0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6843BC | 3_2_00007FFDFB6843BC |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB636390 | 3_2_00007FFDFB636390 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB68543C | 3_2_00007FFDFB68543C |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB64E420 | 3_2_00007FFDFB64E420 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB60C260 | 3_2_00007FFDFB60C260 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB637350 | 3_2_00007FFDFB637350 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB694324 | 3_2_00007FFDFB694324 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6881B9 | 3_2_00007FFDFB6881B9 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6841B8 | 3_2_00007FFDFB6841B8 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB63A190 | 3_2_00007FFDFB63A190 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB635160 | 3_2_00007FFDFB635160 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6330B0 | 3_2_00007FFDFB6330B0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6850B8 | 3_2_00007FFDFB6850B8 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6690A6 | 3_2_00007FFDFB6690A6 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB69306C | 3_2_00007FFDFB69306C |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6337C0 | 3_2_00007FFDFB6337C0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6647C0 | 3_2_00007FFDFB6647C0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB66A7A0 | 3_2_00007FFDFB66A7A0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB64D7A0 | 3_2_00007FFDFB64D7A0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB64A7A0 | 3_2_00007FFDFB64A7A0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB679760 | 3_2_00007FFDFB679760 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB668760 | 3_2_00007FFDFB668760 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB669768 | 3_2_00007FFDFB669768 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB628810 | 3_2_00007FFDFB628810 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB67B6C0 | 3_2_00007FFDFB67B6C0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB634750 | 3_2_00007FFDFB634750 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6936EC | 3_2_00007FFDFB6936EC |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6845C0 | 3_2_00007FFDFB6845C0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6185E0 | 3_2_00007FFDFB6185E0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB622480 | 3_2_00007FFDFB622480 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB63B470 | 3_2_00007FFDFB63B470 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB65D520 | 3_2_00007FFDFB65D520 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB66E510 | 3_2_00007FFDFB66E510 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB64B4F0 | 3_2_00007FFDFB64B4F0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 3_2_00007FFDFB6694E8 | 3_2_00007FFDFB6694E8 |
Source: rundll32.exe, 00000005.00000003.1887910801.000002D302596000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-lun-parser_31bf3856ad364e35_10.0.19041.1_none_b6d8bfc73f89cc96 |
Source: rundll32.exe, 00000005.00000003.1887910801.000002D302596000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.19041.1645_none_fe1307608fa06d8c |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364; |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.19041.1_none_25a2ff96aac272dd |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.19041.1741_none_1bf0e7c12b78479b\r1\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.19041.1_none_2246f2e6f0441379 |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1909066385.000002D3025BB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1920379752.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.2006_none_f93d3f541072d580 |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\rPc |
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\r6ce2\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\f\\* |
Source: rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f1125d |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\f\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\f\* |
Source: rundll32.exe, 00000005.00000003.1887910801.000002D302596000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07ab5380c24 |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920a2 |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1741_none_b62736d427ac1a0c\* |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ee8ada67d246bda |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.19041.1_none_2246f2e6f0441379\X |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ccb9f4751718744 |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_299ac5951a49c2de |
Source: rundll32.exe, 00000005.00000003.1887910801.000002D302596000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7c |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_3 |
Source: rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f5fec1\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8\r\\*= |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..nthfcvdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_6ca4b4247e291981H |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_299ac5951a49c2de0 |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2edb07518552135\* |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e22f8x |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3e0d97c4c052586 |
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: S\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1741_none_78a9b11b7a3cc41b\r6171 |
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1741_none_78a9b11b7a3cc41b\r*d3 |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vsQ |
Source: rundll32.exe, 00000004.00000003.1901513130.000002615D9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\f |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\fWb |
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\r15ba\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\a\*/b |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf38M |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b |
Source: rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\rbe |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp.resources_31bf3856ad364e35_10.0.19041.1_en-us_369e8b635061fdb3 |
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-deb |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\r\lc |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vidq |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.19041.1_en-gb_7788797720472f2d\\* |
Source: rundll32.exe, 00000005.00000003.1891196628.000002D302597000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887910801.000002D302596000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.19041.1_none_a7bb53746630ebd3bd5[ |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.1741_none_a3a0448c191b2fda\f\ |
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f\*\*Df |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8\f\* |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e22f8 |
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364 |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1741_none_b62736d427ac1a0c6\* |
Source: rundll32.exe, 00000005.00000003.1909066385.000002D3025BB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1920379752.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.19041.1_en-us_d314f4eb3925c8b5\* |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.19041.1_en-gb_7788797720472f2dH |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.19041.1741_none_1bf0e7c12b78479b |
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f\fc1\*$d |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.19041.1_en-us_4373d0692dcd3a06\*] |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-h..t-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_ddaeabc80a3525d6 |
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\fb1 |
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\r9485\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8\f |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ccb9f4751718744\p |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_50c23e4c771f203a |
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31b |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ccb9f47517187443a\** |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.19041.746_none_6fbcad1699b89a67= |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.19041.1889_none_46e4953b6f70cc79\r\vmbkmclr.sysb3\*P |
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7\r7\** |
Source: rundll32.exe, 00000004.00000003.1901513130.000002615D9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: S\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\r\ |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8 |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.1741_none_b365912b94b35a98\r\* |
Source: rundll32.exe, 00000005.00000003.1783977136.000002D3042B9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\wow64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.1_none_97e0d8d7edeea164r\* |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364m |
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\r\* |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1741_none_78a9b11b7a3cc41 |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.867_none_b57fce26790eec1389a67 |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2edb07518552135 |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\r\* |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.19041.1_en-us_8e6d1518accc0bf5h |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2edb07518552135r\*h |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.19041.1_en-us_d314f4eb3925c8b58 |
Source: rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\rcbc |
Source: rundll32.exe, 00000004.00000003.1901513130.000002615D9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10 |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.19041.1_none_555170071aa29c2c9d |
Source: rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\rf3 |
Source: rundll32.exe, 00000003.00000002.4200455288.000002C9DD568000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<<( |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\f\\* |
Source: rundll32.exe, 00000004.00000003.1853116730.000002615F47B000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\red4f |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2\r2\*X |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1bys |
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.1~> |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.19041.1_none_50b60ffc14c70fb2 |
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f3715a\* |
Source: rundll32.exe, 00000003.00000003.1909295269.000002C9DD5DC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\r\.a |
Source: rundll32.exe, 00000005.00000003.1891196628.000002D302597000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887910801.000002D302596000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa.resources_31bf3856ad364e35_10.0.19041.1_en-us_168291f09487ebd5Z |
Source: rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f\122\*g |
Source: rundll32.exe, 00000004.00000003.1853116730.000002615F47B000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\raae06 |
Source: rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\fe16d |
Source: rundll32.exe, 00000004.00000003.1887489849.000002615D996000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1741_none_b62736d427ac1a0cP |
Source: rundll32.exe, 00000004.00000003.1853116730.000002615F47B000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f8f0d0\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.19041.1_en-us_4373d0692dcd3a06M |
Source: rundll32.exe, 00000005.00000003.2046771711.000002D3040C2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1908853614.000002D3040C0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1920128896.000002D3040C1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2265742426.000002D3040C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1849571773.000002D3040B1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1849626245.000002D3040C2000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\r\8fb\* |
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: ws\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07ab5380c24\rmicr |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid.resources_31bf3856ad364e35_10.0.19041.1_en-us_447494df1222bcd81c |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.19041.1_en-us_4373d0692dcd3a06\ |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.1741_none_a3a0448c191b2fda\fc\*bb |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: S\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920f0c\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1901513130.000002615D9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66 |
Source: rundll32.exe, 00000004.00000003.1901513130.000002615D9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041. |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.19041.1_none_a87cce111f2d21d5c8b5 |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.19041.1_en-us_4373d0692dcd3a06h |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..-client.snapinabout_31bf3856ad364e35_10.0.19041.1_none_43a9017744e82ca8( |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_en-gb_71570953289cd4d0X |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3e0d97c4c052586\* |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.2006_none_f93d3f541072d580H |
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vs |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2\rf590\* |
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\r509d3\* |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.19041.1_none_a2ace16370124ff4 |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: ws\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7\rr0\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_299ac5951a49c2de0\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\r** |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\r\vmms.exe\*x |
Source: rundll32.exe, 00000005.00000003.1891196628.000002D302597000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887910801.000002D302596000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1741_none_78a9b11b7a3cc41b |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.2006_none_f93d3f541072d580] |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.19041.1_en-us_fc0cba9450a52790\ |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.19041.1_en-us_fc0cba9450a52790 |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\f |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\f\5\* |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\f\ |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\f] |
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf385B> |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.19041.423_en-us_f14a4bbefe65ac87 |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\fP |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\fAc |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\r |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.19041.1889_none_e7d7bde611c8c141p |
Source: rundll32.exe, 00000004.00000003.1853116730.000002615F47B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\r\*\* |
Source: rundll32.exe, 00000005.00000003.1920538202.000002D302583000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1920469417.000002D30257C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920 |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077f% |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.17I |
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.h> |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.19041.1_none_fc5d2e67adee5611ru |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.19041.1889_none_46e4953b6f70cc79 w: |
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1741_none |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_299ac5951a49c2de135\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\f |
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e3L> |
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f69514\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-h..t-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_ddaeabc80a3525d6\\*M |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\r |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.19041.1_none_2246f2e6f044137925d6\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920f*\* |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.[ |
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none$== |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2edb075185521358b5\*x |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8\rd0\*X |
Source: rundll32.exe, 00000003.00000003.1889983582.000002C9DD65D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0 |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_299ac5951a49c2de\*M |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_587 |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b\f\*` |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07 |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\f |
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\r\ |
Source: rundll32.exe, 00000003.00000003.1890021751.000002C9DD5F1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1892014006.000002C9DD5F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1889881649.000002C9DD5EB000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.19041.1889_none_e7d7bde611c8c141\r |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.19041.1_en-us_b3d1ef0d088d6955d |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.19041.1_en-us_b3d1ef0d088d6955a |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.19041.1_none_2246f2e6f0441379\*-c |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3e0d97c4c052586\ |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.1741_none_b365912b94b35a98X |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3e0d97c4c052586f5\*m |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\rcc |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66\r6\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ccb9f4751718744* |
Source: rundll32.exe, 00000005.00000003.1887910801.000002D302596000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.19041.1_none_34b87765e20dcc15X |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1741_none_b62736d427ac1a0c} |
Source: rundll32.exe, 00000005.00000003.1891196628.000002D302594000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-passth |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2\*a7\*- |
Source: rundll32.exe, 00000004.00000003.2273884370.000002615F472000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1908850102.000002615F472000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1853183068.000002615F45B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1873729562.000002615F472000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f6395c\* |
Source: rundll32.exe, 00000004.00000002.4200428925.000002615D922000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.4200331623.000002D302538000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: t-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7\rr |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8s |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8\f\\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.19041.1889_none_46e4953b6f70cc79\vmbkmclr.sys2ca8\* |
Source: rundll32.exe, 00000004.00000003.1853116730.000002615F47B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\* |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1741_none_b62736d427ac1a0ch |
Source: rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\re3bc\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.1741_none_a3a0448c191b2fda\r\ |
Source: rundll32.exe, 00000004.00000003.1901513130.000002615D9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1741_none_78a9b11 |
Source: rundll32.exe, 00000004.00000003.1890838160.000002615F4BE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1741_none_b62736d427ac1a0c\r\vmicrdv.dllationmodel.datatransfer.dllSettings.dllgement.dllan64e35E |
Source: rundll32.exe, 00000005.00000003.1887744959.000002D3025BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1887882253.000002D3025C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2\f52790\* |
Source: rundll32.exe, 00000004.00000003.1853116730.000002615F47B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1849480439.000002D3040CD000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f\* |
Source: rundll32.exe, 00000003.00000003.1889855855.000002C9DD5F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920\* |
Source: rundll32.exe, 00000004.00000003.1887489849.000002615D996000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.19041.1_en-us_b3d1ef0d088d6955p |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.19041.1_none_93cc37f483916b614$ |
Source: rundll32.exe, 00000004.00000003.1901513130.000002615D9A1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: ws\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07ab5380c24\r\* |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.19041.1741_none_4fe99c993cb84326 |
Source: rundll32.exe, 00000005.00000003.1879854890.000002D3025BA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.1741_none_a3a0448c191b2fda |
Source: rundll32.exe, 00000003.00000003.1873712596.000002C9DF0F9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040\f74140 |
Source: rundll32.exe, 00000004.00000003.1887468846.000002615D99C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.19041.1_en-us_8e6d1518accc0bf5aa7\* |