Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_01061BC7 | 0_2_01061BC7 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_0109C16C | 0_2_0109C16C |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_0109C170 | 0_2_0109C170 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_010950B7 | 0_2_010950B7 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_010950C0 | 0_2_010950C0 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_0106B0E6 | 0_2_0106B0E6 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_01093360 | 0_2_01093360 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_01074399 | 0_2_01074399 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_010952E0 | 0_2_010952E0 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_01071521 | 0_2_01071521 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_0108A57D | 0_2_0108A57D |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_0106B4FE | 0_2_0106B4FE |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_010727AF | 0_2_010727AF |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_0106B933 | 0_2_0106B933 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_010759B4 | 0_2_010759B4 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_0106ABF2 | 0_2_0106ABF2 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_01071A93 | 0_2_01071A93 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_010B0AC0 | 0_2_010B0AC0 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_01073AD7 | 0_2_01073AD7 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_01069D44 | 0_2_01069D44 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_0106BD68 | 0_2_0106BD68 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_01070FB6 | 0_2_01070FB6 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_01071521 | 2_2_01071521 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_0106B933 | 2_2_0106B933 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_01069D44 | 2_2_01069D44 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_0106BD68 | 2_2_0106BD68 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_010759B4 | 2_2_010759B4 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_0106B0E6 | 2_2_0106B0E6 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_0106B4FE | 2_2_0106B4FE |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_01074399 | 2_2_01074399 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_010727AF | 2_2_010727AF |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_01070FB6 | 2_2_01070FB6 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_01061BC7 | 2_2_01061BC7 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_0106ABF2 | 2_2_0106ABF2 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_01071A93 | 2_2_01071A93 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_01073AD7 | 2_2_01073AD7 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_01061BC7 | 3_2_01061BC7 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_0109C16C | 3_2_0109C16C |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_0109C170 | 3_2_0109C170 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_010950B7 | 3_2_010950B7 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_010950C0 | 3_2_010950C0 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_0106B0E6 | 3_2_0106B0E6 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_01093360 | 3_2_01093360 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_01074399 | 3_2_01074399 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_010952E0 | 3_2_010952E0 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_01071521 | 3_2_01071521 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_0108A57D | 3_2_0108A57D |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_0106B4FE | 3_2_0106B4FE |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_010727AF | 3_2_010727AF |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_0106B933 | 3_2_0106B933 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_010759B4 | 3_2_010759B4 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_0106ABF2 | 3_2_0106ABF2 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_01071A93 | 3_2_01071A93 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_010B0AC0 | 3_2_010B0AC0 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_01073AD7 | 3_2_01073AD7 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_01069D44 | 3_2_01069D44 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_0106BD68 | 3_2_0106BD68 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 3_2_01070FB6 | 3_2_01070FB6 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 4_2_0040A2A5 | 4_2_0040A2A5 |
Source: 00000004.00000002.726038979.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000004.00000002.726038979.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000004.00000002.726953085.0000000000BEA000.00000004.00000020.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000004.00000002.726953085.0000000000BEA000.00000004.00000020.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.648648516.0000000001081000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000002.648648516.0000000001081000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000003.00000002.654174864.0000000001081000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000003.00000002.654174864.0000000001081000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000004.00000002.727594067.0000000003955000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000004.00000002.727594067.0000000003955000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 4.2.INV.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 4.2.INV.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 4.2.INV.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 4.2.INV.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 3.2.INV.exe.1060000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 3.2.INV.exe.1060000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.INV.exe.1060000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0.2.INV.exe.1060000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000007.00000003.658590255.0000000002FCA000.00000004.00000001.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000007.00000003.662352676.0000000004EE1000.00000004.00000001.sdmp |
Source: | Binary string: mscorlib.pdbx source: WerFault.exe, 00000007.00000003.661742223.0000000005180000.00000004.00000001.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000007.00000003.662352676.0000000004EE1000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000007.00000003.662352676.0000000004EE1000.00000004.00000001.sdmp |
Source: | Binary string: wntdll.pdb source: INV.exe, 00000000.00000003.647077119.0000000002C60000.00000004.00000001.sdmp, INV.exe, 00000003.00000003.653597565.00000000032E0000.00000004.00000001.sdmp, WerFault.exe, 00000007.00000003.658584638.0000000002FC4000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000007.00000003.662352676.0000000004EE1000.00000004.00000001.sdmp |
Source: | Binary string: clr.pdb source: WerFault.exe, 00000007.00000003.662436848.0000000004FDE000.00000004.00000040.sdmp |
Source: | Binary string: .ni.pdb source: WerFault.exe, 00000007.00000003.662359081.0000000004EF2000.00000004.00000001.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000007.00000003.662414796.0000000004FD0000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000007.00000003.662414796.0000000004FD0000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000007.00000003.662352676.0000000004EE1000.00000004.00000001.sdmp |
Source: | Binary string: wwin32u.pdb7^ source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000007.00000003.662352676.0000000004EE1000.00000004.00000001.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdb=^ source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000007.00000003.658722034.0000000002FCF000.00000004.00000001.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000007.00000003.662414796.0000000004FD0000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.ni.pdb source: WerFault.exe, 00000007.00000003.661742223.0000000005180000.00000004.00000001.sdmp, WERD26.tmp.dmp.7.dr |
Source: | Binary string: oleaut32.pdb]^ source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: mscoree.pdb source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: crypt32.pdb;^ source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 00000007.00000003.658584638.0000000002FC4000.00000004.00000001.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: wuser32.pdb)^ source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000007.00000003.662414796.0000000004FD0000.00000004.00000040.sdmp |
Source: | Binary string: WLDP.pdb source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000007.00000003.662376905.0000000004FD1000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdbUGP source: INV.exe, 00000000.00000003.647077119.0000000002C60000.00000004.00000001.sdmp, INV.exe, 00000003.00000003.653597565.00000000032E0000.00000004.00000001.sdmp |
Source: | Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 00000007.00000003.662436848.0000000004FDE000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: msvcr120_clr0400.i386.pdb% source: WerFault.exe, 00000007.00000003.662436848.0000000004FDE000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.ni.pdbRSDS source: WERD26.tmp.dmp.7.dr |
Source: | Binary string: mscoree.pdbs^ source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: wintrust.pdb source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: msasn1.pdb[^ source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.ni.pdbx source: WerFault.exe, 00000007.00000003.661742223.0000000005180000.00000004.00000001.sdmp |
Source: | Binary string: msasn1.pdb source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000007.00000003.662414796.0000000004FD0000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.pdb source: WerFault.exe, 00000007.00000003.661742223.0000000005180000.00000004.00000001.sdmp, WERD26.tmp.dmp.7.dr |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000007.00000003.662352676.0000000004EE1000.00000004.00000001.sdmp |
Source: | Binary string: sechost.pdbk source: WerFault.exe, 00000007.00000003.662376905.0000000004FD1000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000007.00000003.658722034.0000000002FCF000.00000004.00000001.sdmp |
Source: | Binary string: mscoreei.pdb source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000007.00000003.662352676.0000000004EE1000.00000004.00000001.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000007.00000003.662376905.0000000004FD1000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdba^ source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000007.00000003.662424702.0000000004FD4000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000007.00000003.662376905.0000000004FD1000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdbk source: WerFault.exe, 00000007.00000003.662424702.0000000004FD4000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000007.00000003.658590255.0000000002FCA000.00000004.00000001.sdmp |
Source: | Binary string: combase.pdbk source: WerFault.exe, 00000007.00000003.662376905.0000000004FD1000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdbo^ source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdbk source: WerFault.exe, 00000007.00000003.662376905.0000000004FD1000.00000004.00000040.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: | Binary string: .pdbEE source: WerFault.exe, 00000007.00000003.662359081.0000000004EF2000.00000004.00000001.sdmp |
Source: | Binary string: crypt32.pdb source: WerFault.exe, 00000007.00000003.662383535.0000000004FD7000.00000004.00000040.sdmp |
Source: C:\Users\user\Desktop\INV.exe | Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW, | 0_2_0106E15F |
Source: C:\Users\user\Desktop\INV.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free, | 0_2_010660C8 |
Source: C:\Users\user\Desktop\INV.exe | Code function: EnumSystemLocalesW, | 0_2_0106E3D3 |
Source: C:\Users\user\Desktop\INV.exe | Code function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage, | 0_2_0106E52F |
Source: C:\Users\user\Desktop\INV.exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, | 0_2_0106755A |
Source: C:\Users\user\Desktop\INV.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free, | 0_2_0106458E |
Source: C:\Users\user\Desktop\INV.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, | 0_2_0106E42F |
Source: C:\Users\user\Desktop\INV.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, | 0_2_0106E4AC |
Source: C:\Users\user\Desktop\INV.exe | Code function: EnumSystemLocalesW, | 0_2_0106771D |
Source: C:\Users\user\Desktop\INV.exe | Code function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage, | 0_2_0106E724 |
Source: C:\Users\user\Desktop\INV.exe | Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_memmove,_memmove,_memmove,_free,_free,_free,_free,_free,_free,_free,_free,_free, | 0_2_0106A73D |
Source: C:\Users\user\Desktop\INV.exe | Code function: GetLocaleInfoW, | 0_2_010677A3 |
Source: C:\Users\user\Desktop\INV.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, | 0_2_010666CA |
Source: C:\Users\user\Desktop\INV.exe | Code function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s, | 0_2_0106E9CF |
Source: C:\Users\user\Desktop\INV.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 0_2_0106E84E |
Source: C:\Users\user\Desktop\INV.exe | Code function: GetLocaleInfoW,_GetPrimaryLen, | 0_2_0106E8FB |
Source: C:\Users\user\Desktop\INV.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free, | 0_2_01065C88 |
Source: C:\Users\user\Desktop\INV.exe | Code function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage, | 2_2_0106E52F |
Source: C:\Users\user\Desktop\INV.exe | Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW, | 2_2_0106E15F |
Source: C:\Users\user\Desktop\INV.exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, | 2_2_0106755A |
Source: C:\Users\user\Desktop\INV.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free, | 2_2_0106458E |
Source: C:\Users\user\Desktop\INV.exe | Code function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s, | 2_2_0106E9CF |
Source: C:\Users\user\Desktop\INV.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, | 2_2_0106E42F |
Source: C:\Users\user\Desktop\INV.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 2_2_0106E84E |
Source: C:\Users\user\Desktop\INV.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free, | 2_2_01065C88 |
Source: C:\Users\user\Desktop\INV.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, | 2_2_0106E4AC |
Source: C:\Users\user\Desktop\INV.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free, | 2_2_010660C8 |
Source: C:\Users\user\Desktop\INV.exe | Code function: GetLocaleInfoW,_GetPrimaryLen, | 2_2_0106E8FB |
Source: C:\Users\user\Desktop\INV.exe | Code function: EnumSystemLocalesW, | 2_2_0106771D |
Source: C:\Users\user\Desktop\INV.exe | Code function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage, | 2_2_0106E724 |
Source: C:\Users\user\Desktop\INV.exe | Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_memmove,_memmove,_memmove,_free,_free,_free,_free,_free,_free,_free,_free,_free, | 2_2_0106A73D |
Source: C:\Users\user\Desktop\INV.exe | Code function: GetLocaleInfoW, | 2_2_010677A3 |
Source: C:\Users\user\Desktop\INV.exe | Code function: EnumSystemLocalesW, | 2_2_0106E3D3 |
Source: C:\Users\user\Desktop\INV.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, | 2_2_010666CA |
Source: C:\Users\user\Desktop\INV.exe | Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW, | 3_2_0106E15F |
Source: C:\Users\user\Desktop\INV.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free, | 3_2_010660C8 |
Source: C:\Users\user\Desktop\INV.exe | Code function: EnumSystemLocalesW, | 3_2_0106E3D3 |
Source: C:\Users\user\Desktop\INV.exe | Code function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage, | 3_2_0106E52F |
Source: C:\Users\user\Desktop\INV.exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, | 3_2_0106755A |
Source: C:\Users\user\Desktop\INV.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free, | 3_2_0106458E |
Source: C:\Users\user\Desktop\INV.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, | 3_2_0106E42F |
Source: C:\Users\user\Desktop\INV.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, | 3_2_0106E4AC |
Source: C:\Users\user\Desktop\INV.exe | Code function: EnumSystemLocalesW, | 3_2_0106771D |
Source: C:\Users\user\Desktop\INV.exe | Code function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage, | 3_2_0106E724 |
Source: C:\Users\user\Desktop\INV.exe | Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_memmove,_memmove,_memmove,_free,_free,_free,_free,_free,_free,_free,_free,_free, | 3_2_0106A73D |
Source: C:\Users\user\Desktop\INV.exe | Code function: GetLocaleInfoW, | 3_2_010677A3 |
Source: C:\Users\user\Desktop\INV.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, | 3_2_010666CA |
Source: C:\Users\user\Desktop\INV.exe | Code function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s, | 3_2_0106E9CF |
Source: C:\Users\user\Desktop\INV.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 3_2_0106E84E |
Source: C:\Users\user\Desktop\INV.exe | Code function: GetLocaleInfoW,_GetPrimaryLen, | 3_2_0106E8FB |
Source: C:\Users\user\Desktop\INV.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free, | 3_2_01065C88 |