Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6FDF00 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard, |
4_2_6D6FDF00 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6FDFE0 OpenClipboard,MultiByteToWideChar,GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,CloseClipboard, |
4_2_6D6FDFE0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6FDF00 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard, |
4_2_6D6FDF00 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D721EA0 GetClientRect,QueryPerformanceCounter,GetForegroundWindow,ClientToScreen,SetCursorPos,GetCursorPos,ScreenToClient,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState, |
4_2_6D721EA0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D7227B9 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState, |
4_2_6D7227B9 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D70FD00 |
4_2_6D70FD00 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6FBDC0 |
4_2_6D6FBDC0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6E7C69 |
4_2_6D6E7C69 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6E7C75 |
4_2_6D6E7C75 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D73EC55 |
4_2_6D73EC55 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6DCC20 |
4_2_6D6DCC20 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6E7CE1 |
4_2_6D6E7CE1 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6E7CB6 |
4_2_6D6E7CB6 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6E9F10 |
4_2_6D6E9F10 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D710FF0 |
4_2_6D710FF0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D715F90 |
4_2_6D715F90 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6E7E34 |
4_2_6D6E7E34 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D71DEF0 |
4_2_6D71DEF0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D721EA0 |
4_2_6D721EA0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6E7959 |
4_2_6D6E7959 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D72C900 |
4_2_6D72C900 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6DA9D0 |
4_2_6D6DA9D0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D705850 |
4_2_6D705850 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D72A8D0 |
4_2_6D72A8D0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D70D8B0 |
4_2_6D70D8B0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6F08B0 |
4_2_6D6F08B0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D73FB20 |
4_2_6D73FB20 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D70CBF0 |
4_2_6D70CBF0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D741BCE |
4_2_6D741BCE |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6E7A74 |
4_2_6D6E7A74 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D73FA50 |
4_2_6D73FA50 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6DDAF0 |
4_2_6D6DDAF0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D705AB0 |
4_2_6D705AB0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D704AB0 |
4_2_6D704AB0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D700560 |
4_2_6D700560 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D742549 |
4_2_6D742549 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D713500 |
4_2_6D713500 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6E75E9 |
4_2_6D6E75E9 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D71E5C0 |
4_2_6D71E5C0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D70A580 |
4_2_6D70A580 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6FC460 |
4_2_6D6FC460 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D70C420 |
4_2_6D70C420 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6ED490 |
4_2_6D6ED490 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6FF490 |
4_2_6D6FF490 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D74048B |
4_2_6D74048B |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D722760 |
4_2_6D722760 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6ED700 |
4_2_6D6ED700 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6E9700 |
4_2_6D6E9700 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D7217F0 |
4_2_6D7217F0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D7227B9 |
4_2_6D7227B9 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D7197A0 |
4_2_6D7197A0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6E767E |
4_2_6D6E767E |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6E763E |
4_2_6D6E763E |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6FA6C0 |
4_2_6D6FA6C0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D70F160 |
4_2_6D70F160 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6E21D0 |
4_2_6D6E21D0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6EA070 |
4_2_6D6EA070 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D73B002 |
4_2_6D73B002 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6DD370 |
4_2_6D6DD370 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D7053F0 |
4_2_6D7053F0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D7123B0 |
4_2_6D7123B0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D71A3A0 |
4_2_6D71A3A0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6EA260 |
4_2_6D6EA260 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D701240 |
4_2_6D701240 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6E72E0 |
4_2_6D6E72E0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D7312A1 |
4_2_6D7312A1 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: String function: 6D6E1E70 appears 49 times |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: String function: 6D6E0DC0 appears 47 times |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: String function: 6D725970 appears 48 times |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: String function: 6D6DB6B0 appears 43 times |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: String function: 6D70FBC0 appears 36 times |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6DCC20 CreateToolhelp32Snapshot,Module32FirstW,Module32NextW,Module32NextW,CloseHandle,VirtualQuery, |
4_2_6D6DCC20 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7584 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7476:120:WilError_03 |
Source: unknown |
Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\main.dll" |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\main.dll",#1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\main.dll",#1 |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 776 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\main.dll",#1 |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\main.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Section loaded: opengl32.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Section loaded: glu32.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D721500 QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress, |
4_2_6D721500 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6EACF0 push ecx; mov dword ptr [esp], 00000000h |
4_2_6D6EAEA0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6EACF0 push ecx; mov dword ptr [esp], 00000000h |
4_2_6D6EAF27 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D715F90 push ecx; mov dword ptr [esp], 00000000h |
4_2_6D7184DD |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D715F90 push ecx; mov dword ptr [esp], 00000000h |
4_2_6D718B0F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D715F90 push ecx; mov dword ptr [esp], 00000000h |
4_2_6D718DDD |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6F7EA0 push ecx; mov dword ptr [esp], 3F800000h |
4_2_6D6F8197 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6EE990 push ecx; mov dword ptr [esp], 00000000h |
4_2_6D6EEAB4 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D70D8B0 push ecx; mov dword ptr [esp], 00000000h |
4_2_6D70D956 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6EABC0 push ecx; mov dword ptr [esp], 00000000h |
4_2_6D6EACA6 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D72545E push ecx; ret |
4_2_6D725471 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6EB000 push ecx; mov dword ptr [esp], 00000000h |
4_2_6D6EB29B |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6EB000 push ecx; mov dword ptr [esp], 00000000h |
4_2_6D6EB688 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.7.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.7.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.7.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.7.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.7.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.7.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.7.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.7.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.7.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.7.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.7.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.7.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.7.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.7.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.7.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.7.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.7.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.7.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.7.dr |
Binary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d |
Source: Amcache.hve.7.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D6D1920 GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,Sleep,GetModuleHandleA,LdrInitializeThunk,EnumWindows, |
4_2_6D6D1920 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D721500 QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress, |
4_2_6D721500 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D724EF5 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
4_2_6D724EF5 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D725853 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
4_2_6D725853 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6D728776 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
4_2_6D728776 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress, |
4_2_6D721500 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetKeyboardLayout,GetLocaleInfoA, |
4_2_6D7214C0 |
Source: Amcache.hve.7.dr |
Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe |
Source: Amcache.hve.7.dr |
Binary or memory string: msmpeng.exe |
Source: Amcache.hve.7.dr |
Binary or memory string: c:\program files\windows defender\msmpeng.exe |
Source: Amcache.hve.7.dr |
Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe |
Source: Amcache.hve.7.dr |
Binary or memory string: MsMpEng.exe |