Source: WerFault.exe, 00000005.00000003.653666644.0000000004CE0000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication |
Source: WerFault.exe, 00000005.00000003.653666644.0000000004CE0000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o |
Source: WerFault.exe, 00000005.00000003.653666644.0000000004CE0000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005 |
Source: WerFault.exe, 00000005.00000003.653666644.0000000004CE0000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid |
Source: WerFault.exe, 00000005.00000003.653666644.0000000004CE0000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200 |
Source: WerFault.exe, 00000005.00000003.653666644.0000000004CE0000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality |
Source: WerFault.exe, 00000005.00000003.653666644.0000000004CE0000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone |
Source: WerFault.exe, 00000005.00000003.653666644.0000000004CE0000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: WerFault.exe, 00000005.00000003.653666644.0000000004CE0000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier |
Source: WerFault.exe, 00000005.00000003.653666644.0000000004CE0000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone |
Source: WerFault.exe, 00000005.00000003.653666644.0000000004CE0000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/ |
Source: WerFault.exe, 00000005.00000003.653666644.0000000004CE0000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince |
Source: WerFault.exe, 00000005.00000003.653666644.0000000004CE0000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20 |
Source: WerFault.exe, 00000005.00000003.653666644.0000000004CE0000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/ |
Source: WerFault.exe, 00000005.00000003.653666644.0000000004CE0000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o |
Source: 00000000.00000002.646857656.00000000000B1000.00000004.00020000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000000.00000002.646857656.00000000000B1000.00000004.00020000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000003.645815699.0000000000D26000.00000004.00000001.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000003.645815699.0000000000D26000.00000004.00000001.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000002.667791715.0000000003915000.00000004.00000001.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.667791715.0000000003915000.00000004.00000001.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000002.666412273.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.666412273.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 2.2.INV.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 2.2.INV.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 2.2.INV.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 2.2.INV.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.INV.exe.90000.0.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0.2.INV.exe.90000.0.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_00091BC7 | 0_2_00091BC7 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_000C50B7 | 0_2_000C50B7 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_000C50C0 | 0_2_000C50C0 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_0009B0E6 | 0_2_0009B0E6 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_000CC16C | 0_2_000CC16C |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_000CC170 | 0_2_000CC170 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_000C52E0 | 0_2_000C52E0 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_000C3360 | 0_2_000C3360 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_000A4399 | 0_2_000A4399 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_0009B4FE | 0_2_0009B4FE |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_000A1521 | 0_2_000A1521 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_000BA57D | 0_2_000BA57D |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_000A27AF | 0_2_000A27AF |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_0009B933 | 0_2_0009B933 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_000A59B4 | 0_2_000A59B4 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_000A1A93 | 0_2_000A1A93 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_000E0AC0 | 0_2_000E0AC0 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_000A3AD7 | 0_2_000A3AD7 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_0009ABF2 | 0_2_0009ABF2 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_00099D44 | 0_2_00099D44 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_0009BD68 | 0_2_0009BD68 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 0_2_000A0FB6 | 0_2_000A0FB6 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_0009B0E6 | 2_2_0009B0E6 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_0009B4FE | 2_2_0009B4FE |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_000A1521 | 2_2_000A1521 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_0009B933 | 2_2_0009B933 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_00099D44 | 2_2_00099D44 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_0009BD68 | 2_2_0009BD68 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_000A59B4 | 2_2_000A59B4 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_000A1A93 | 2_2_000A1A93 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_000A3AD7 | 2_2_000A3AD7 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_000A4399 | 2_2_000A4399 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_000A27AF | 2_2_000A27AF |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_000A0FB6 | 2_2_000A0FB6 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_00091BC7 | 2_2_00091BC7 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_0009ABF2 | 2_2_0009ABF2 |
Source: C:\Users\user\Desktop\INV.exe | Code function: 2_2_0040A2A5 | 2_2_0040A2A5 |
Source: 00000000.00000002.646857656.00000000000B1000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000002.646857656.00000000000B1000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000003.645815699.0000000000D26000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000003.645815699.0000000000D26000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.667791715.0000000003915000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.667791715.0000000003915000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.666412273.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.666412273.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.2.INV.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.2.INV.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.2.INV.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.2.INV.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.INV.exe.90000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0.2.INV.exe.90000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: | Binary string: wintrust.pdbJ source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000005.00000003.650985591.00000000046CD000.00000004.00000001.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000005.00000003.654324403.00000000049B1000.00000004.00000001.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000005.00000003.654324403.00000000049B1000.00000004.00000001.sdmp |
Source: | Binary string: mscorlib.pdbx source: WerFault.exe, 00000005.00000003.653962430.0000000004CA0000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000005.00000003.654324403.00000000049B1000.00000004.00000001.sdmp |
Source: | Binary string: wntdll.pdb source: INV.exe, 00000000.00000003.644532557.0000000002410000.00000004.00000001.sdmp, WerFault.exe, 00000005.00000003.654324403.00000000049B1000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000005.00000003.654324403.00000000049B1000.00000004.00000001.sdmp |
Source: | Binary string: .ni.pdb source: WerFault.exe, 00000005.00000003.654329781.00000000049C2000.00000004.00000001.sdmp |
Source: | Binary string: clr.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000005.00000003.654358886.0000000004B90000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000005.00000003.654358886.0000000004B90000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000005.00000003.654324403.00000000049B1000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000005.00000003.654324403.00000000049B1000.00000004.00000001.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000005.00000003.654324403.00000000049B1000.00000004.00000001.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000005.00000003.654358886.0000000004B90000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.ni.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp, WER54C8.tmp.dmp.5.dr |
Source: | Binary string: mscoree.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000005.00000003.654358886.0000000004B90000.00000004.00000040.sdmp |
Source: | Binary string: WLDP.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000005.00000003.654340383.0000000004B91000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdbUGP source: INV.exe, 00000000.00000003.644532557.0000000002410000.00000004.00000001.sdmp |
Source: | Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: msvcr120_clr0400.i386.pdb% source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.ni.pdbRSDS source: WER54C8.tmp.dmp.5.dr |
Source: | Binary string: ole32.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: wintrust.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.ni.pdbx source: WerFault.exe, 00000005.00000003.653962430.0000000004CA0000.00000004.00000001.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000005.00000003.654358886.0000000004B90000.00000004.00000040.sdmp |
Source: | Binary string: msasn1.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.pdb source: WerFault.exe, 00000005.00000003.653962430.0000000004CA0000.00000004.00000001.sdmp, WER54C8.tmp.dmp.5.dr |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000005.00000003.654324403.00000000049B1000.00000004.00000001.sdmp |
Source: | Binary string: sechost.pdbk source: WerFault.exe, 00000005.00000003.654340383.0000000004B91000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000005.00000003.654340383.0000000004B91000.00000004.00000040.sdmp |
Source: | Binary string: mscoreei.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000005.00000003.654324403.00000000049B1000.00000004.00000001.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000005.00000003.654340383.0000000004B91000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000005.00000003.654362368.0000000004B94000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdbk source: WerFault.exe, 00000005.00000003.654362368.0000000004B94000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdbk source: WerFault.exe, 00000005.00000003.654340383.0000000004B91000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdbk source: WerFault.exe, 00000005.00000003.654340383.0000000004B91000.00000004.00000040.sdmp |
Source: | Binary string: .pdbEE source: WerFault.exe, 00000005.00000003.654329781.00000000049C2000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: | Binary string: crypt32.pdb source: WerFault.exe, 00000005.00000003.654365444.0000000004B97000.00000004.00000040.sdmp |
Source: C:\Users\user\Desktop\INV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\INV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\INV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\INV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\INV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\INV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\INV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\INV.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free, | 0_2_000960C8 |
Source: C:\Users\user\Desktop\INV.exe | Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW, | 0_2_0009E15F |
Source: C:\Users\user\Desktop\INV.exe | Code function: EnumSystemLocalesW, | 0_2_0009E3D3 |
Source: C:\Users\user\Desktop\INV.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, | 0_2_0009E42F |
Source: C:\Users\user\Desktop\INV.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, | 0_2_0009E4AC |
Source: C:\Users\user\Desktop\INV.exe | Code function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage, | 0_2_0009E52F |
Source: C:\Users\user\Desktop\INV.exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, | 0_2_0009755A |
Source: C:\Users\user\Desktop\INV.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free, | 0_2_0009458E |
Source: C:\Users\user\Desktop\INV.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, | 0_2_000966CA |
Source: C:\Users\user\Desktop\INV.exe | Code function: EnumSystemLocalesW, | 0_2_0009771D |
Source: C:\Users\user\Desktop\INV.exe | Code function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage, | 0_2_0009E724 |
Source: C:\Users\user\Desktop\INV.exe | Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_memmove,_memmove,_memmove,_free,_free,_free,_free,_free,_free,_free,_free,_free, | 0_2_0009A73D |
Source: C:\Users\user\Desktop\INV.exe | Code function: GetLocaleInfoW, | 0_2_000977A3 |
Source: C:\Users\user\Desktop\INV.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 0_2_0009E84E |
Source: C:\Users\user\Desktop\INV.exe | Code function: GetLocaleInfoW,_GetPrimaryLen, | 0_2_0009E8FB |
Source: C:\Users\user\Desktop\INV.exe | Code function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s, | 0_2_0009E9CF |
Source: C:\Users\user\Desktop\INV.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free, | 0_2_00095C88 |
Source: C:\Users\user\Desktop\INV.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, | 2_2_0009E42F |
Source: C:\Users\user\Desktop\INV.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 2_2_0009E84E |
Source: C:\Users\user\Desktop\INV.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free, | 2_2_00095C88 |
Source: C:\Users\user\Desktop\INV.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, | 2_2_0009E4AC |
Source: C:\Users\user\Desktop\INV.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free, | 2_2_000960C8 |
Source: C:\Users\user\Desktop\INV.exe | Code function: GetLocaleInfoW,_GetPrimaryLen, | 2_2_0009E8FB |
Source: C:\Users\user\Desktop\INV.exe | Code function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage, | 2_2_0009E52F |
Source: C:\Users\user\Desktop\INV.exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, | 2_2_0009755A |
Source: C:\Users\user\Desktop\INV.exe | Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW, | 2_2_0009E15F |
Source: C:\Users\user\Desktop\INV.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free, | 2_2_0009458E |
Source: C:\Users\user\Desktop\INV.exe | Code function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s, | 2_2_0009E9CF |
Source: C:\Users\user\Desktop\INV.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, | 2_2_000966CA |
Source: C:\Users\user\Desktop\INV.exe | Code function: EnumSystemLocalesW, | 2_2_0009771D |
Source: C:\Users\user\Desktop\INV.exe | Code function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage, | 2_2_0009E724 |
Source: C:\Users\user\Desktop\INV.exe | Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_memmove,_memmove,_memmove,_free,_free,_free,_free,_free,_free,_free,_free,_free, | 2_2_0009A73D |
Source: C:\Users\user\Desktop\INV.exe | Code function: GetLocaleInfoW, | 2_2_000977A3 |
Source: C:\Users\user\Desktop\INV.exe | Code function: EnumSystemLocalesW, | 2_2_0009E3D3 |