Source: explorer.exe, 00000001.00000000.1742331928.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1743944804.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704520251.0000000008D01000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2706757154.0000000008D01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0 |
Source: explorer.exe, 00000001.00000000.1742331928.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1743944804.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704520251.0000000008D01000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2706757154.0000000008D01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07 |
Source: explorer.exe, 00000001.00000000.1742331928.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1743944804.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704520251.0000000008D01000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2706757154.0000000008D01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0 |
Source: explorer.exe, 00000001.00000000.1742331928.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1743944804.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704520251.0000000008D01000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2706757154.0000000008D01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0 |
Source: explorer.exe, 00000001.00000000.1742331928.00000000078AD000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di |
Source: explorer.exe, 00000001.00000000.1746657492.000000000CA42000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://schemas.mi |
Source: explorer.exe, 00000001.00000000.1746657492.000000000CA42000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://schemas.micr |
Source: explorer.exe, 00000001.00000000.1743054691.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1744674085.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1743420076.0000000008720000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://schemas.micro |
Source: explorer.exe, 00000001.00000000.1745816371.000000000C893000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe |
Source: explorer.exe, 00000001.00000000.1742331928.00000000079FB000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/Vh5j3k |
Source: explorer.exe, 0000000A.00000003.2703383894.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2707695380.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2681117571.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/Vh5j3kI |
Source: explorer.exe, 0000000A.00000003.2703383894.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2707695380.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2681117571.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/odirm |
Source: explorer.exe, 00000001.00000000.1742331928.00000000079FB000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/odirmr |
Source: explorer.exe, 00000001.00000000.1745816371.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://android.notify.windows.com/iOS |
Source: explorer.exe, 00000001.00000000.1743944804.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2707695380.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/ |
Source: explorer.exe, 0000000A.00000003.2705554465.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2707695380.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/BA |
Source: explorer.exe, 00000001.00000000.1743944804.00000000097D4000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/q |
Source: explorer.exe, 0000000A.00000003.2718077768.0000000008D93000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905595416.0000000008020000.00000004.00000001.00040000.00000000.sdmp | String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind |
Source: explorer.exe, 0000000A.00000003.2705554465.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2707695380.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows? |
Source: explorer.exe, 00000001.00000000.1743944804.00000000096DF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?& |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1743944804.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2904513919.00000000054FF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows? |
Source: explorer.exe, 0000000A.00000003.2705554465.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704520251.0000000008D01000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2706757154.0000000008D01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://arc.msn.com |
Source: explorer.exe, 00000001.00000000.1743944804.00000000096DF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://arc.msn.comi |
Source: explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg |
Source: explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings |
Source: explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg |
Source: explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bing.c |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark |
Source: explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm |
Source: explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm-dark |
Source: explorer.exe, 00000001.00000000.1742331928.00000000078AD000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu |
Source: explorer.exe, 00000001.00000000.1742331928.00000000078AD000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark |
Source: explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu |
Source: explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark |
Source: explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY |
Source: explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark |
Source: explorer.exe, 0000000A.00000003.2703067682.0000000008E70000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705262424.0000000008E70000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2712298809.0000000008E70000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711027366.0000000008E70000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2707506218.0000000008E70000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905595416.0000000008020000.00000004.00000001.00040000.00000000.sdmp | String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn |
Source: explorer.exe, 00000001.00000000.1745816371.000000000C5E6000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://excel.office.com |
Source: explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://excel.office.comi |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img |
Source: explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img |
Source: explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBAJ56P.img |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img |
Source: explorer.exe, 00000001.00000000.1742331928.00000000078AD000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img |
Source: explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704520251.0000000008D01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://outlook.comNES-PC |
Source: explorer.exe, 00000001.00000000.1745816371.000000000C5E6000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://outlook.com_ |
Source: explorer.exe, 00000001.00000000.1745816371.000000000C5E6000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://powerpoint.office.comcember |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/ |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew |
Source: explorer.exe, 00000001.00000000.1745816371.000000000C557000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://wns.windows.com/L |
Source: explorer.exe, 00000001.00000000.1745816371.000000000C5E6000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://word.office.com |
Source: explorer.exe, 0000000A.00000003.2703383894.0000000008C9D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704102871.0000000008CC7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://word.office.comCE |
Source: explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-ul |
Source: explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/lifestyle/home-and-garden/13-thx |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1 |
Source: explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi |
Source: explorer.exe, 00000001.00000000.1742331928.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re- |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow- |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar |
Source: explorer.exe, 00000001.00000000.1742331928.00000000078AD000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com:443/en-us/feed |
Source: explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/ |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2664553474.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2667600786.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2671116139.00000000047FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe |
Source: C:\Users\user\Desktop\3312.PDF.scr | Code function: 0_2_00401529 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, | 0_2_00401529 |
Source: C:\Users\user\Desktop\3312.PDF.scr | Code function: 0_2_00402FFA RtlCreateUserThread,NtTerminateProcess, | 0_2_00402FFA |
Source: C:\Users\user\Desktop\3312.PDF.scr | Code function: 0_2_00401541 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, | 0_2_00401541 |
Source: C:\Users\user\Desktop\3312.PDF.scr | Code function: 0_2_00401545 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, | 0_2_00401545 |
Source: C:\Users\user\Desktop\3312.PDF.scr | Code function: 0_2_00401553 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, | 0_2_00401553 |
Source: C:\Users\user\Desktop\3312.PDF.scr | Code function: 0_2_00402379 NtQuerySystemInformation, | 0_2_00402379 |
Source: C:\Users\user\Desktop\3312.PDF.scr | Code function: 0_2_0040237B NtQuerySystemInformation, | 0_2_0040237B |
Source: C:\Users\user\Desktop\3312.PDF.scr | Code function: 0_2_00401534 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, | 0_2_00401534 |
Source: C:\Users\user\Desktop\3312.PDF.scr | Code function: 0_2_004014DB NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, | 0_2_004014DB |
Source: C:\Users\user\Desktop\3312.PDF.scr | Code function: 0_2_004020EA NtQuerySystemInformation, | 0_2_004020EA |
Source: C:\Users\user\Desktop\3312.PDF.scr | Code function: 0_2_00402387 NtQuerySystemInformation, | 0_2_00402387 |
Source: C:\Users\user\Desktop\3312.PDF.scr | Code function: 0_2_00402397 NtQuerySystemInformation, | 0_2_00402397 |
Source: C:\Users\user\Desktop\3312.PDF.scr | Code function: 0_2_0040239B NtQuerySystemInformation, | 0_2_0040239B |
Source: C:\Users\user\Desktop\3312.PDF.scr | Code function: 0_2_0040239E NtQuerySystemInformation, | 0_2_0040239E |
Source: C:\Users\user\AppData\Roaming\djjergw | Code function: 5_2_00401529 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, | 5_2_00401529 |
Source: C:\Users\user\AppData\Roaming\djjergw | Code function: 5_2_00402FFA RtlCreateUserThread,NtTerminateProcess, | 5_2_00402FFA |
Source: C:\Users\user\AppData\Roaming\djjergw | Code function: 5_2_00401541 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, | 5_2_00401541 |
Source: C:\Users\user\AppData\Roaming\djjergw | Code function: 5_2_00401545 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, | 5_2_00401545 |
Source: C:\Users\user\AppData\Roaming\djjergw | Code function: 5_2_00401553 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, | 5_2_00401553 |
Source: C:\Users\user\AppData\Roaming\djjergw | Code function: 5_2_00402379 NtQuerySystemInformation, | 5_2_00402379 |
Source: C:\Users\user\AppData\Roaming\djjergw | Code function: 5_2_0040237B NtQuerySystemInformation, | 5_2_0040237B |
Source: C:\Users\user\AppData\Roaming\djjergw | Code function: 5_2_00401534 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, | 5_2_00401534 |
Source: C:\Users\user\AppData\Roaming\djjergw | Code function: 5_2_004014DB NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, | 5_2_004014DB |
Source: C:\Users\user\AppData\Roaming\djjergw | Code function: 5_2_004020EA NtQuerySystemInformation, | 5_2_004020EA |
Source: C:\Users\user\AppData\Roaming\djjergw | Code function: 5_2_00402387 NtQuerySystemInformation, | 5_2_00402387 |
Source: C:\Users\user\AppData\Roaming\djjergw | Code function: 5_2_00402397 NtQuerySystemInformation, | 5_2_00402397 |
Source: C:\Users\user\AppData\Roaming\djjergw | Code function: 5_2_0040239B NtQuerySystemInformation, | 5_2_0040239B |
Source: C:\Users\user\AppData\Roaming\djjergw | Code function: 5_2_0040239E NtQuerySystemInformation, | 5_2_0040239E |
Source: C:\Users\user\Desktop\3312.PDF.scr | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\3312.PDF.scr | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\3312.PDF.scr | Section loaded: msvcr100.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: taskschd.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: mfsrcsnk.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\djjergw | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\djjergw | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\djjergw | Section loaded: msvcr100.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: aepic.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: twinapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dwmapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: ninput.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: starttiledata.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: idstore.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wlidprov.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: usermgrcli.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.applicationmodel.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: appxdeploymentclient.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: usermgrproxy.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: sndvolsso.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: mmdevapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: devobj.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.ui.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windowmanagementapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: inputhost.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dcomp.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.staterepositoryclient.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: d3d11.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: resourcepolicyclient.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: d3d10warp.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.cloudstore.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dxcore.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: d2d1.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dwrite.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: appextension.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.cloudstore.schema.shell.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: xmllite.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: cldapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: fltlib.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dataexchange.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: tiledatarepository.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: staterepository.core.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.staterepository.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: explorerframe.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.staterepositorycore.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: mrmcorer.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: languageoverlayutil.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: twinui.pcshell.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wincorlib.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: cdp.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dsreg.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: bcp47mrm.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.immersiveshell.serviceprovider.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: thumbcache.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: photometadatahandler.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: ntshrui.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: cscapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: twinui.appcore.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: twinui.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: pdh.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: applicationframe.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: linkinfo.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: rmclient.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: ehstorshell.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: cscui.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: provsvc.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: vcruntime140_1.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: msvcp140.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: holographicextensions.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: virtualmonitormanager.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: resourcepolicyclient.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.ui.immersive.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: abovelockapphost.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: npsm.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.shell.bluelightreduction.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.web.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: mscms.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: coloradapterclient.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.internal.signals.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: tdh.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.staterepositorybroker.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: mfplat.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: rtworkq.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: taskflowdataengine.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: structuredquery.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: actxprxy.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.security.authentication.web.core.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.system.launcher.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.shell.servicehostbuilder.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.data.activities.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.internal.ui.shell.windowtabmanager.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: notificationcontrollerps.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.devices.enumeration.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.globalization.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: icu.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: mswb7.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: devdispitemprovider.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.networking.connectivity.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.ui.core.textinput.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: uianimation.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windowsudk.shellcommon.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dictationmanager.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: npmproxy.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: taskschd.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: stobject.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wmiclnt.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: workfoldersshell.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.fileexplorer.common.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: pcshellcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: shellcommoncommonproxystub.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: execmodelproxy.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: daxexec.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: container.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: cryptngc.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: cflapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: uiautomationcore.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: capabilityaccessmanagerclient.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: samlib.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: batmeter.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: inputswitch.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.ui.shell.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: prnfldr.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: es.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dxp.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: shdocvw.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: atlthunk.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: syncreg.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: actioncenter.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: audioses.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wscinterop.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wscapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: pnidui.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: mobilenetworking.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: netprofm.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: networkuxbroker.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: ethernetmediamanager.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dusmapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wlanapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wpnclient.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: ncsi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: werconcpl.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: framedynos.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wer.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: hcproviders.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wpdshserviceobj.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: portabledevicetypes.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: portabledeviceapi.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: cscobj.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: srchadmin.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.storage.search.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: synccenter.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: imapi2.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: ieproxy.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: storageusage.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: fhcfg.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: efsutil.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: netapi32.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dsrole.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: windows.internal.system.userprofile.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: cloudexperiencehostbroker.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: credui.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dui70.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: wdscore.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: dbgcore.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: bluetoothapis.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: bluetoothapis.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: settingsync.dll | Jump to behavior |
Source: C:\Windows\explorer.exe | Section loaded: settingsynccore.dll | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\ |
Source: explorer.exe, 0000000A.00000003.2757395584.000000000B84D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\ |
Source: explorer.exe, 0000000A.00000003.2731692731.000000000B7BB000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000 |
Source: explorer.exe, 00000001.00000000.1743944804.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1743944804.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2725520938.0000000008DD7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008DD7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000002.2905935716.0000000008D93000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2705554465.0000000008D93000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2718077768.0000000008DD7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008DD7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2704520251.0000000008D93000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2703383894.0000000008D93000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000003.2711340708.0000000008D93000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: explorer.exe, 0000000A.00000003.2703285048.0000000008DAC000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000IO |
Source: explorer.exe, 0000000A.00000003.2772623817.000000000B73D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000 |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}xe@ |
Source: explorer.exe, 0000000A.00000002.2898393777.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAWa |
Source: explorer.exe, 0000000A.00000003.2757395584.000000000B84D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000 |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\v |
Source: explorer.exe, 0000000A.00000003.2731692731.000000000B7BB000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: en_NECVMWar&Prod_VMware_0 |
Source: explorer.exe, 0000000A.00000002.2905935716.0000000008D46000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}, |
Source: explorer.exe, 0000000A.00000003.2749269947.000000000B7ED000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: War&Prod_VMware_ |
Source: explorer.exe, 0000000A.00000003.2791404151.000000000B772000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: VMware SATA CD00 |
Source: explorer.exe, 00000001.00000000.1742331928.00000000078AD000.00000004.00000001.00020000.00000000.sdmp | Binary or memory string: NXTTAVMWare |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\xe= |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\xe |
Source: explorer.exe, 00000001.00000000.1743944804.0000000009815000.00000004.00000001.00020000.00000000.sdmp | Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000 |
Source: explorer.exe, 0000000A.00000003.2757395584.000000000B84D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}xe |
Source: explorer.exe, 0000000A.00000003.2792005844.000000000B7EC000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D: |
Source: explorer.exe, 0000000A.00000003.2757395584.000000000B84D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\ |
Source: explorer.exe, 00000001.00000000.1742331928.0000000007A34000.00000004.00000001.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAWen-GBnx |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}exeP |
Source: explorer.exe, 00000001.00000000.1743944804.0000000009660000.00000004.00000001.00020000.00000000.sdmp | Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er |
Source: explorer.exe, 0000000A.00000003.2792005844.000000000B7EC000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 00000001.00000000.1740976335.0000000001240000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 0000000A.00000003.2703285048.0000000008DAC000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: oneNECVMWar VMware SATA CD00eswindir=C:\Windol& |
Source: explorer.exe, 00000001.00000000.1744477786.00000000098A8000.00000004.00000001.00020000.00000000.sdmp | Binary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000 |
Source: explorer.exe, 0000000A.00000003.2757395584.000000000B84D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b} |
Source: explorer.exe, 0000000A.00000003.2757395584.000000000B84D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: NECVMWarVMware SATA CD001.00 |
Source: explorer.exe, 00000001.00000000.1740976335.0000000001240000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000} |
Source: explorer.exe, 0000000A.00000002.2905935716.0000000008D46000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 0000000A.00000003.2731692731.000000000B7BB000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000D& |
Source: explorer.exe, 0000000A.00000003.2792005844.000000000B7EC000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}exe |
Source: explorer.exe, 0000000A.00000002.2901365364.00000000047FE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Microsoft Hyper-V Generation Countersc%;Microsoft Hyper-V Generation Countercss.dll+0x191e6 |
Source: explorer.exe, 0000000A.00000003.2772623817.000000000B73D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000M |
Source: explorer.exe, 0000000A.00000003.2757395584.000000000B84D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\ |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}xeL |
Source: explorer.exe, 00000001.00000000.1743944804.0000000009815000.00000004.00000001.00020000.00000000.sdmp | Binary or memory string: NECVMWar VMware SATA CD00\w |
Source: explorer.exe, 00000001.00000000.1743944804.0000000009815000.00000004.00000001.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$ |
Source: explorer.exe, 00000001.00000000.1744477786.00000000098A8000.00000004.00000001.00020000.00000000.sdmp | Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000 |
Source: explorer.exe, 0000000A.00000002.2898393777.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000k |
Source: explorer.exe, 0000000A.00000003.2731692731.000000000B7BB000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000@v |
Source: explorer.exe, 0000000A.00000003.2757395584.000000000B84D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}9507e |
Source: explorer.exe, 0000000A.00000002.2901365364.00000000048C4000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: VMWare |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}exe |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 0000000A.00000003.2745342068.000000000B84E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\- |
Source: explorer.exe, 0000000A.00000002.2898393777.0000000000DE3000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000 |