Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF977C0 FindFirstFileA,FindNextFileA,FindClose, |
8_2_00007FFD9DF977C0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF994A8 FindFirstFileA,_local_unwind,FindNextFileA,DeleteFileA,FindClose, |
8_2_00007FFD9DF994A8 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFB81B4 FindFirstFileExW, |
8_2_00007FFD9DFB81B4 |
Source: file.dll |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: file.dll |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: file.dll |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: file.dll |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: file.dll |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: file.dll |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: file.dll |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: file.dll |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: file.dll |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: file.dll |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: file.dll |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: file.dll |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: file.dll |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: Amcache.hve.11.dr |
String found in binary or memory: http://upx.sf.net |
Source: file.dll |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF9D740 |
8_2_00007FFD9DF9D740 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF91F64 |
8_2_00007FFD9DF91F64 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF91520 |
8_2_00007FFD9DF91520 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFB2660 |
8_2_00007FFD9DFB2660 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFB6690 |
8_2_00007FFD9DFB6690 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF9DE90 |
8_2_00007FFD9DF9DE90 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF9475C |
8_2_00007FFD9DF9475C |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFB7FA8 |
8_2_00007FFD9DFB7FA8 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF957E0 |
8_2_00007FFD9DF957E0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF99010 |
8_2_00007FFD9DF99010 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFA5858 |
8_2_00007FFD9DFA5858 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF9DCA8 |
8_2_00007FFD9DF9DCA8 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF957E0 |
8_2_00007FFD9DF957E0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFBA4F4 |
8_2_00007FFD9DFBA4F4 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFB4588 |
8_2_00007FFD9DFB4588 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFB1DC8 |
8_2_00007FFD9DFB1DC8 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFBD5E4 |
8_2_00007FFD9DFBD5E4 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFA8E14 |
8_2_00007FFD9DFA8E14 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFA5ADC |
8_2_00007FFD9DFA5ADC |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFAE2EC |
8_2_00007FFD9DFAE2EC |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF92BCC |
8_2_00007FFD9DF92BCC |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFC0BF8 |
8_2_00007FFD9DFC0BF8 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF953F0 |
8_2_00007FFD9DF953F0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFAAC50 |
8_2_00007FFD9DFAAC50 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFAF87C |
8_2_00007FFD9DFAF87C |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFB6074 |
8_2_00007FFD9DFB6074 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFB4588 |
8_2_00007FFD9DFB4588 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFAE8C0 |
8_2_00007FFD9DFAE8C0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFA8908 |
8_2_00007FFD9DFA8908 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF97988 |
8_2_00007FFD9DF97988 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFB81B4 |
8_2_00007FFD9DFB81B4 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFAB204 |
8_2_00007FFD9DFAB204 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFBCA2C |
8_2_00007FFD9DFBCA2C |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5956:120:WilError_03 |
Source: C:\Windows\System32\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6664 |
Source: unknown |
Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\file.dll" |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1 |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\file.dll |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,CheckMozJavaPlugins |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1 |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,DllCanUnloadNow |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,DllGetClassObject |
|
Source: C:\Windows\System32\rundll32.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6664 -s 348 |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\file.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,CheckMozJavaPlugins |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,DllCanUnloadNow |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,DllGetClassObject |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: file.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: file.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: file.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: file.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: file.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: file.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: file.dll |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: file.dll |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: file.dll |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: file.dll |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: file.dll |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF96D4C _snwprintf_s,LoadLibraryA,_snwprintf_s,LoadLibraryA,_snwprintf_s,LoadLibraryA,GetProcAddress,_Wcsftime,FreeLibrary, |
8_2_00007FFD9DF96D4C |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF977C0 FindFirstFileA,FindNextFileA,FindClose, |
8_2_00007FFD9DF977C0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF994A8 FindFirstFileA,_local_unwind,FindNextFileA,DeleteFileA,FindClose, |
8_2_00007FFD9DF994A8 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFB81B4 FindFirstFileExW, |
8_2_00007FFD9DFB81B4 |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.11.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.11.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.11.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.11.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20 |
Source: Amcache.hve.11.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.11.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.11.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.11.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.11.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.11.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.11.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.11.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.11.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.11.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.11.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.11.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.11.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.11.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.11.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF96D4C _snwprintf_s,LoadLibraryA,_snwprintf_s,LoadLibraryA,_snwprintf_s,LoadLibraryA,GetProcAddress,_Wcsftime,FreeLibrary, |
8_2_00007FFD9DF96D4C |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFA3E7C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
8_2_00007FFD9DFA3E7C |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DFA0398 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
8_2_00007FFD9DFA0398 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 8_2_00007FFD9DF9F94C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
8_2_00007FFD9DF9F94C |
Source: Amcache.hve.11.dr |
Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe |
Source: Amcache.hve.11.dr |
Binary or memory string: msmpeng.exe |
Source: Amcache.hve.11.dr |
Binary or memory string: c:\program files\windows defender\msmpeng.exe |
Source: Amcache.hve.11.dr |
Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe |
Source: Amcache.hve.11.dr |
Binary or memory string: MsMpEng.exe |