Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\VMwareService] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\system\VMwareService.exe' = '%WINDIR%\system\VMwareService.exe:*:Enabled:Microsoft Enabled'
- %WINDIR%\system\VMwareService.exe
- <SYSTEM32>\dumprep.exe 1436 -dm 7 7 %TEMP%\WERef7b.dir00\explorer.exe.mdmp 16325836412028056
- %WINDIR%\Explorer.EXE
- ClassName: 'pediy06' WindowName: ''
- ClassName: 'GBDYLLO' WindowName: ''
- ClassName: 'OLLYDBG' WindowName: ''
- ClassName: 'MSNHiddenWindowClass' WindowName: ''
- %WINDIR%\system\VMwareService.exe
- %WINDIR%\system\VMwareService.exe
- '<Private IP address>':139
- '<Private IP address>':445
- ClassName: 'AIM_CSignOnWnd' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''