Source: explorer.exe, 00000001.00000000.1742331928.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1743944804.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704520251.0000000008D01000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2706757154.0000000008D01000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0 |
Source: explorer.exe, 00000001.00000000.1742331928.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1743944804.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704520251.0000000008D01000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2706757154.0000000008D01000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07 |
Source: explorer.exe, 00000001.00000000.1742331928.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1743944804.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704520251.0000000008D01000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2706757154.0000000008D01000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0 |
Source: explorer.exe, 00000001.00000000.1742331928.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1743944804.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704520251.0000000008D01000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2706757154.0000000008D01000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: explorer.exe, 00000001.00000000.1742331928.00000000078AD000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di |
Source: explorer.exe, 00000001.00000000.1746657492.000000000CA42000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.mi |
Source: explorer.exe, 00000001.00000000.1746657492.000000000CA42000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.micr |
Source: explorer.exe, 00000001.00000000.1743054691.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1744674085.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1743420076.0000000008720000.00000002.00000001.00040000.00000000.sdmp |
String found in binary or memory: http://schemas.micro |
Source: explorer.exe, 00000001.00000000.1745816371.000000000C893000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe |
Source: explorer.exe, 00000001.00000000.1742331928.00000000079FB000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/Vh5j3k |
Source: explorer.exe, 0000000A.00000003.2703383894.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2707695380.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2681117571.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/Vh5j3kI |
Source: explorer.exe, 0000000A.00000003.2703383894.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2707695380.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2681117571.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/odirm |
Source: explorer.exe, 00000001.00000000.1742331928.00000000079FB000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/odirmr |
Source: explorer.exe, 00000001.00000000.1745816371.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://android.notify.windows.com/iOS |
Source: explorer.exe, 00000001.00000000.1743944804.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2707695380.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.msn.com/ |
Source: explorer.exe, 0000000A.00000003.2705554465.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2707695380.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.msn.com/BA |
Source: explorer.exe, 00000001.00000000.1743944804.00000000097D4000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://api.msn.com/q |
Source: explorer.exe, 0000000A.00000003.2718077768.0000000008D93000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905595416.0000000008020000.00000004.00000001.00040000.00000000.sdmp |
String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind |
Source: explorer.exe, 0000000A.00000003.2705554465.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2707695380.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows? |
Source: explorer.exe, 00000001.00000000.1743944804.00000000096DF000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?& |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1743944804.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2904513919.00000000054FF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows? |
Source: explorer.exe, 0000000A.00000003.2705554465.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704520251.0000000008D01000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2706757154.0000000008D01000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://arc.msn.com |
Source: explorer.exe, 00000001.00000000.1743944804.00000000096DF000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://arc.msn.comi |
Source: explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg |
Source: explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings |
Source: explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg |
Source: explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bing.c |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark |
Source: explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm |
Source: explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm-dark |
Source: explorer.exe, 00000001.00000000.1742331928.00000000078AD000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu |
Source: explorer.exe, 00000001.00000000.1742331928.00000000078AD000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark |
Source: explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu |
Source: explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark |
Source: explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY |
Source: explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark |
Source: explorer.exe, 0000000A.00000003.2703067682.0000000008E70000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705262424.0000000008E70000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2712298809.0000000008E70000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711027366.0000000008E70000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2707506218.0000000008E70000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905595416.0000000008020000.00000004.00000001.00040000.00000000.sdmp |
String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn |
Source: explorer.exe, 00000001.00000000.1745816371.000000000C5E6000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://excel.office.com |
Source: explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://excel.office.comi |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img |
Source: explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img |
Source: explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBAJ56P.img |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img |
Source: explorer.exe, 00000001.00000000.1742331928.00000000078AD000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img |
Source: explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704520251.0000000008D01000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://outlook.comNES-PC |
Source: explorer.exe, 00000001.00000000.1745816371.000000000C5E6000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://outlook.com_ |
Source: explorer.exe, 00000001.00000000.1745816371.000000000C5E6000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://powerpoint.office.comcember |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/ |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew |
Source: explorer.exe, 00000001.00000000.1745816371.000000000C557000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://wns.windows.com/L |
Source: explorer.exe, 00000001.00000000.1745816371.000000000C5E6000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://word.office.com |
Source: explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://word.office.comCE |
Source: explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-ul |
Source: explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/lifestyle/home-and-garden/13-thx |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1 |
Source: explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi |
Source: explorer.exe, 00000001.00000000.1742331928.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re- |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow- |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar |
Source: explorer.exe, 00000001.00000000.1742331928.00000000078AD000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.msn.com:443/en-us/feed |
Source: explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/ |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Code function: 0_2_00401529 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_00401529 |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Code function: 0_2_00402FFA RtlCreateUserThread,NtTerminateProcess, |
0_2_00402FFA |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Code function: 0_2_00401541 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_00401541 |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Code function: 0_2_00401545 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_00401545 |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Code function: 0_2_00401553 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_00401553 |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Code function: 0_2_00402379 NtQuerySystemInformation, |
0_2_00402379 |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Code function: 0_2_0040237B NtQuerySystemInformation, |
0_2_0040237B |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Code function: 0_2_00401534 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_00401534 |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Code function: 0_2_004014DB NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
0_2_004014DB |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Code function: 0_2_004020EA NtQuerySystemInformation, |
0_2_004020EA |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Code function: 0_2_00402387 NtQuerySystemInformation, |
0_2_00402387 |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Code function: 0_2_00402397 NtQuerySystemInformation, |
0_2_00402397 |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Code function: 0_2_0040239B NtQuerySystemInformation, |
0_2_0040239B |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Code function: 0_2_0040239E NtQuerySystemInformation, |
0_2_0040239E |
Source: C:\Users\user\AppData\Roaming\djjergw |
Code function: 5_2_00401529 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
5_2_00401529 |
Source: C:\Users\user\AppData\Roaming\djjergw |
Code function: 5_2_00402FFA RtlCreateUserThread,NtTerminateProcess, |
5_2_00402FFA |
Source: C:\Users\user\AppData\Roaming\djjergw |
Code function: 5_2_00401541 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
5_2_00401541 |
Source: C:\Users\user\AppData\Roaming\djjergw |
Code function: 5_2_00401545 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
5_2_00401545 |
Source: C:\Users\user\AppData\Roaming\djjergw |
Code function: 5_2_00401553 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
5_2_00401553 |
Source: C:\Users\user\AppData\Roaming\djjergw |
Code function: 5_2_00402379 NtQuerySystemInformation, |
5_2_00402379 |
Source: C:\Users\user\AppData\Roaming\djjergw |
Code function: 5_2_0040237B NtQuerySystemInformation, |
5_2_0040237B |
Source: C:\Users\user\AppData\Roaming\djjergw |
Code function: 5_2_00401534 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
5_2_00401534 |
Source: C:\Users\user\AppData\Roaming\djjergw |
Code function: 5_2_004014DB NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, |
5_2_004014DB |
Source: C:\Users\user\AppData\Roaming\djjergw |
Code function: 5_2_004020EA NtQuerySystemInformation, |
5_2_004020EA |
Source: C:\Users\user\AppData\Roaming\djjergw |
Code function: 5_2_00402387 NtQuerySystemInformation, |
5_2_00402387 |
Source: C:\Users\user\AppData\Roaming\djjergw |
Code function: 5_2_00402397 NtQuerySystemInformation, |
5_2_00402397 |
Source: C:\Users\user\AppData\Roaming\djjergw |
Code function: 5_2_0040239B NtQuerySystemInformation, |
5_2_0040239B |
Source: C:\Users\user\AppData\Roaming\djjergw |
Code function: 5_2_0040239E NtQuerySystemInformation, |
5_2_0040239E |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\3312.PDF.scr |
Section loaded: msvcr100.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: mfsrcsnk.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\djjergw |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\djjergw |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\djjergw |
Section loaded: msvcr100.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: aepic.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: twinapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: ninput.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: starttiledata.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: idstore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wlidprov.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: usermgrcli.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.applicationmodel.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: appxdeploymentclient.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: usermgrproxy.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: sndvolsso.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: mmdevapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.ui.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windowmanagementapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: inputhost.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dcomp.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.staterepositoryclient.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.cloudstore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: d2d1.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: appextension.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.cloudstore.schema.shell.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: cldapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: fltlib.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dataexchange.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: tiledatarepository.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: staterepository.core.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.staterepository.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: explorerframe.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.staterepositorycore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: mrmcorer.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: languageoverlayutil.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: twinui.pcshell.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wincorlib.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: cdp.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dsreg.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: bcp47mrm.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.immersiveshell.serviceprovider.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: thumbcache.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: photometadatahandler.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: ntshrui.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: cscapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: twinui.appcore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: twinui.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: pdh.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: applicationframe.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: linkinfo.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: rmclient.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: ehstorshell.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: cscui.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: provsvc.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: holographicextensions.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: virtualmonitormanager.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.ui.immersive.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: abovelockapphost.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: npsm.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.shell.bluelightreduction.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.web.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: mscms.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: coloradapterclient.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.internal.signals.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: tdh.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.staterepositorybroker.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: mfplat.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: rtworkq.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: taskflowdataengine.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: structuredquery.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: actxprxy.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.security.authentication.web.core.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.system.launcher.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.shell.servicehostbuilder.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.data.activities.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.internal.ui.shell.windowtabmanager.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: notificationcontrollerps.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.devices.enumeration.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.globalization.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: icu.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: mswb7.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: devdispitemprovider.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.networking.connectivity.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.ui.core.textinput.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: uianimation.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windowsudk.shellcommon.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dictationmanager.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: npmproxy.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: stobject.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wmiclnt.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: workfoldersshell.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.fileexplorer.common.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: pcshellcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: shellcommoncommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: execmodelproxy.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: daxexec.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: container.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: cryptngc.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: cflapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: uiautomationcore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: capabilityaccessmanagerclient.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: samlib.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: batmeter.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: inputswitch.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.ui.shell.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: prnfldr.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: es.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dxp.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: atlthunk.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: syncreg.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: actioncenter.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wevtapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: audioses.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wscinterop.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wscapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: pnidui.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: mobilenetworking.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: netprofm.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: networkuxbroker.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: ethernetmediamanager.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dusmapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wlanapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wpnclient.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: ncsi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: werconcpl.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: framedynos.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wer.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: hcproviders.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wpdshserviceobj.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: portabledevicetypes.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: portabledeviceapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: cscobj.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: srchadmin.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.storage.search.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: synccenter.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: imapi2.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: ieproxy.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: storageusage.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: fhcfg.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: efsutil.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dsrole.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: windows.internal.system.userprofile.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: cloudexperiencehostbroker.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: credui.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dui70.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: wdscore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dbgcore.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: bluetoothapis.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: bluetoothapis.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: settingsync.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: settingsynccore.dll |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\ |
Source: explorer.exe, 0000000A.00000003.2757395584.000000000B84D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\ |
Source: explorer.exe, 0000000A.00000003.2731692731.000000000B7BB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000 |
Source: explorer.exe, 00000001.00000000.1743944804.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1743944804.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008DD7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008DD7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008D93000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008D93000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008DD7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008DD7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704520251.0000000008D93000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008D93000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008D93000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: explorer.exe, 0000000A.00000003.2703285048.0000000008DAC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000IO |
Source: explorer.exe, 0000000A.00000003.2772623817.000000000B73D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000 |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}xe@ |
Source: explorer.exe, 0000000A.00000002.2898393777.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWa |
Source: explorer.exe, 0000000A.00000003.2757395584.000000000B84D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000 |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\v |
Source: explorer.exe, 0000000A.00000003.2731692731.000000000B7BB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: en_NECVMWar&Prod_VMware_0 |
Source: explorer.exe, 0000000A.00000002.2905935716.0000000008D46000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}, |
Source: explorer.exe, 0000000A.00000003.2749269947.000000000B7ED000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: War&Prod_VMware_ |
Source: explorer.exe, 0000000A.00000003.2791404151.000000000B772000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: VMware SATA CD00 |
Source: explorer.exe, 00000001.00000000.1742331928.00000000078AD000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: NXTTAVMWare |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\xe= |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\xe |
Source: explorer.exe, 00000001.00000000.1743944804.0000000009815000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000 |
Source: explorer.exe, 0000000A.00000003.2757395584.000000000B84D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}xe |
Source: explorer.exe, 0000000A.00000003.2792005844.000000000B7EC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D: |
Source: explorer.exe, 0000000A.00000003.2757395584.000000000B84D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\ |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007A34000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWen-GBnx |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}exeP |
Source: explorer.exe, 00000001.00000000.1743944804.0000000009660000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er |
Source: explorer.exe, 0000000A.00000003.2792005844.000000000B7EC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 00000001.00000000.1740976335.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 0000000A.00000003.2703285048.0000000008DAC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: oneNECVMWar VMware SATA CD00eswindir=C:\Windol& |
Source: explorer.exe, 00000001.00000000.1744477786.00000000098A8000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000 |
Source: explorer.exe, 0000000A.00000003.2757395584.000000000B84D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b} |
Source: explorer.exe, 0000000A.00000003.2757395584.000000000B84D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: NECVMWarVMware SATA CD001.00 |
Source: explorer.exe, 00000001.00000000.1740976335.0000000001240000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000} |
Source: explorer.exe, 0000000A.00000002.2905935716.0000000008D46000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 0000000A.00000003.2731692731.000000000B7BB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000D& |
Source: explorer.exe, 0000000A.00000003.2792005844.000000000B7EC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}exe |
Source: explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Microsoft Hyper-V Generation Countersc%;Microsoft Hyper-V Generation Countercss.dll+0x191e6 |
Source: explorer.exe, 0000000A.00000003.2772623817.000000000B73D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000M |
Source: explorer.exe, 0000000A.00000003.2757395584.000000000B84D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\ |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}xeL |
Source: explorer.exe, 00000001.00000000.1743944804.0000000009815000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: NECVMWar VMware SATA CD00\w |
Source: explorer.exe, 00000001.00000000.1743944804.0000000009815000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$ |
Source: explorer.exe, 00000001.00000000.1744477786.00000000098A8000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000 |
Source: explorer.exe, 0000000A.00000002.2898393777.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000k |
Source: explorer.exe, 0000000A.00000003.2731692731.000000000B7BB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000@v |
Source: explorer.exe, 0000000A.00000003.2757395584.000000000B84D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}9507e |
Source: explorer.exe, 0000000A.00000002.2901365364.00000000048C4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: VMWare |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}exe |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\- |
Source: explorer.exe, 0000000A.00000002.2898393777.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000 |