Source: | Binary string: powrprof.pdbG source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000004.00000003.646924434.0000000003165000.00000004.00000001.sdmp |
Source: | Binary string: 7C:\Users\user\AppData\Local\Temp\maejgtwh\maejgtwh.pdb source: powershell.exe, 0000001E.00000002.910551161.0000026F5EBFA000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: version.pdb{ source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 00000004.00000003.646920068.000000000315F000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb} source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdbQ source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdbk source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: partial method>An expression tree may not contain an unsafe pointer operationAAn expression tree may not contain an anonymous method expressionHAn anonymous method expression cannot be converted to an expression tree@Range variable '%1!ls!' cannot be assigned to -- it is read onlyPThe range variable '%1!ls!' cannot have the same name as a method type parameterKThe contextual keyword 'var' cannot be used in a range variable declarationaThe best overloaded Add method '%1!ls!' for the collection initializer has some invalid argumentsAAn expression tree lambda may not contain an out or ref parameterJAn expression tree lambda may not contain a method with variable argumentsSSpecify debug information file name (default: output file name with .pdb extension)$Specify a Win32 manifest file (.xml))Do not include the default Win32 manifestNSpecify an application configuration file containing assembly binding settings8Output line and column of the end location of each errorFBuild a Windows Runtime intermediate file that is consumed by WinMDExp Build an Appcontainer executable+Specify the preferred output language name.3Could not write to output file '%2!ls!' -- '%1!ls!' source: csc.exe, 00000021.00000002.845354069.000001CB4A4D0000.00000002.00000001.sdmp, csc.exe, 00000023.00000002.855076730.000002D3EE650000.00000002.00000001.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdbM source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdbe source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 00000004.00000003.646920068.000000000315F000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdbc source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: 7C:\Users\user\AppData\Local\Temp\qxfma03s\qxfma03s.pdbXPS source: powershell.exe, 0000001E.00000002.910551161.0000026F5EBFA000.00000004.00000001.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: ntdll.pdbUGP source: loaddll32.exe, 00000000.00000003.863977808.0000000005670000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdb_ source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: version.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: wsspicli.pdbi source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdbGX source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdbm source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: 7C:\Users\user\AppData\Local\Temp\maejgtwh\maejgtwh.pdbXPS source: powershell.exe, 0000001E.00000002.910665056.0000026F5EC2E000.00000004.00000001.sdmp |
Source: | Binary string: sechost.pdbw source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdbK source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: 7C:\Users\user\AppData\Local\Temp\qxfma03s\qxfma03s.pdb source: powershell.exe, 0000001E.00000002.910375555.0000026F5EBB6000.00000004.00000001.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: comctl32v582.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000004.00000003.647057880.000000000316B000.00000004.00000001.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: ntdll.pdb source: loaddll32.exe, 00000000.00000003.863977808.0000000005670000.00000004.00000001.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000004.00000003.646924434.0000000003165000.00000004.00000001.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: comctl32.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0044C8CC NtdllDefWindowProc_A,GetCapture, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0042863C NtdllDefWindowProc_A, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0044281C GetSubMenu,SaveDC,RestoreDC,72E7B080,SaveDC,RestoreDC,NtdllDefWindowProc_A, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00439348 NtdllDefWindowProc_A, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00439AF0 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00439BA0 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02C914E8 NtCreateSection,memset, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02C9183B NtMapViewOfSection, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02C922C5 NtQueryVirtualMemory, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02F372D8 NtMapViewOfSection, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02F31371 GetProcAddress,NtCreateSection,memset, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02F37507 NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02F3B2F1 NtQueryVirtualMemory, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_0044C8CC NtdllDefWindowProc_A,GetCapture, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_0042863C NtdllDefWindowProc_A, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_0044281C GetSubMenu,SaveDC,RestoreDC,GetWindowDC,SaveDC,RestoreDC,NtdllDefWindowProc_A, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_00439348 NtdllDefWindowProc_A, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_00439AF0 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_00439BA0 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_045422C5 NtQueryVirtualMemory, |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DA14D0 NtQueryInformationProcess, |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DC20B4 NtQueryInformationProcess, |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DC4064 NtMapViewOfSection, |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DA7008 NtQueryInformationToken,NtQueryInformationToken,NtClose,NtClose, |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DA5DF4 RtlAllocateHeap,NtCreateSection, |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DC7278 NtWriteVirtualMemory, |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DA527C NtAllocateVirtualMemory, |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DB6A74 NtQuerySystemInformation, |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DB2FD0 NtQueryInformationProcess, |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DBFF54 NtReadVirtualMemory, |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DAEF1C NtSetContextThread,NtUnmapViewOfSection,NtClose, |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DB4B24 NtSetInformationProcess,CreateRemoteThread,ResumeThread,FindCloseChangeNotification,FindCloseChangeNotification, |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DDA002 NtProtectVirtualMemory,NtProtectVirtualMemory, |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00117008 NtQueryInformationToken,NtQueryInformationToken,NtClose, |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00134064 NtMapViewOfSection, |
Source: C:\Windows\System32\control.exe | Code function: 38_2_001320B4 NtQueryInformationProcess, |
Source: C:\Windows\System32\control.exe | Code function: 38_2_001114D0 NtQueryInformationProcess, |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00115DF4 NtCreateSection, |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00137278 NtWriteVirtualMemory, |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0011527C NtAllocateVirtualMemory, |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0011EF1C RtlAllocateHeap,NtSetContextThread,NtUnmapViewOfSection,NtClose, |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00124B24 NtSetInformationProcess,CreateRemoteThread,ResumeThread,FindCloseChangeNotification, |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0012FF54 NtReadVirtualMemory, |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0014A002 NtProtectVirtualMemory,NtProtectVirtualMemory, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0044281C |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00433840 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02C920A4 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02F323FC |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02F3936B |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_0044281C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_00433840 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_045420A4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_04521618 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DC0CDC |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DBA0C4 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DA58FC |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DB2080 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DAA8B8 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DB059C |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DBE178 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DB3520 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DC36F4 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DBAE94 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DA16B4 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DA7A0C |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DB537C |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DAEF1C |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DC40F8 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DA3088 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DBE87C |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DC5010 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DA4828 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DC2994 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DAD590 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DB154C |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DAB170 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DA6168 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DADD18 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DAAD03 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DB8504 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DB0134 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DA66D0 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DA1AD0 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DB6E88 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DC1A30 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DABF6C |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DAB730 |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DB3F2C |
Source: C:\Windows\explorer.exe | Code function: 37_2_04DACF24 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00130CDC |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0012059C |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0011EF1C |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00135010 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00114828 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0012E87C |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00122080 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00113088 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0011A8B8 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0012A0C4 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_001340F8 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_001158FC |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0011DD18 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0011AD03 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00128504 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00120134 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00123520 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0012154C |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0011B170 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0012E178 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00116168 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0011D590 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00132994 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00117A0C |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00131A30 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0012AE94 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00126E88 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_001116B4 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00111AD0 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_001166D0 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_001336F4 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0011B730 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0011CF24 |
Source: C:\Windows\System32\control.exe | Code function: 38_2_00123F2C |
Source: C:\Windows\System32\control.exe | Code function: 38_2_0012537C |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\yytr.dll' |
Source: unknown | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\yytr.dll',#1 |
Source: unknown | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 756 |
Source: unknown | Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding |
Source: unknown | Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6556 CREDAT:17410 /prefetch:2 |
Source: unknown | Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding |
Source: unknown | Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5988 CREDAT:17410 /prefetch:2 |
Source: unknown | Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding |
Source: unknown | Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4596 CREDAT:17410 /prefetch:2 |
Source: unknown | Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4596 CREDAT:82956 /prefetch:2 |
Source: unknown | Process created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>resizeTo(1,1);eval(new ActiveXObject('WScript.Shell').regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\54E80703-A337-A6B8-CDC8-873A517CAB0E\\\Audiinrt'));if(!window.flag)close()</script>' |
Source: unknown | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').Barclers)) |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\qxfma03s\qxfma03s.cmdline' |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RESCC08.tmp' 'c:\Users\user\AppData\Local\Temp\qxfma03s\CSC9A61D8937933426B894F97C05C536C75.TMP' |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\maejgtwh\maejgtwh.cmdline' |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RESDFCF.tmp' 'c:\Users\user\AppData\Local\Temp\maejgtwh\CSC5E7D34BFE3B047248BD36616B57FD91.TMP' |
Source: unknown | Process created: C:\Windows\System32\control.exe C:\Windows\system32\control.exe -h |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\yytr.dll',#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\System32\control.exe C:\Windows\system32\control.exe -h |
Source: C:\Program Files\internet explorer\iexplore.exe | Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6556 CREDAT:17410 /prefetch:2 |
Source: C:\Program Files\internet explorer\iexplore.exe | Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5988 CREDAT:17410 /prefetch:2 |
Source: C:\Program Files\internet explorer\iexplore.exe | Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4596 CREDAT:17410 /prefetch:2 |
Source: C:\Program Files\internet explorer\iexplore.exe | Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4596 CREDAT:82956 /prefetch:2 |
Source: C:\Windows\System32\mshta.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').Barclers)) |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\qxfma03s\qxfma03s.cmdline' |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\maejgtwh\maejgtwh.cmdline' |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RESCC08.tmp' 'c:\Users\user\AppData\Local\Temp\qxfma03s\CSC9A61D8937933426B894F97C05C536C75.TMP' |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RESDFCF.tmp' 'c:\Users\user\AppData\Local\Temp\maejgtwh\CSC5E7D34BFE3B047248BD36616B57FD91.TMP' |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\explorer.exe | Process created: unknown unknown |
Source: C:\Windows\System32\control.exe | Process created: unknown unknown |
Source: | Binary string: powrprof.pdbG source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000004.00000003.646924434.0000000003165000.00000004.00000001.sdmp |
Source: | Binary string: 7C:\Users\user\AppData\Local\Temp\maejgtwh\maejgtwh.pdb source: powershell.exe, 0000001E.00000002.910551161.0000026F5EBFA000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: version.pdb{ source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 00000004.00000003.646920068.000000000315F000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb} source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdbQ source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdbk source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: partial method>An expression tree may not contain an unsafe pointer operationAAn expression tree may not contain an anonymous method expressionHAn anonymous method expression cannot be converted to an expression tree@Range variable '%1!ls!' cannot be assigned to -- it is read onlyPThe range variable '%1!ls!' cannot have the same name as a method type parameterKThe contextual keyword 'var' cannot be used in a range variable declarationaThe best overloaded Add method '%1!ls!' for the collection initializer has some invalid argumentsAAn expression tree lambda may not contain an out or ref parameterJAn expression tree lambda may not contain a method with variable argumentsSSpecify debug information file name (default: output file name with .pdb extension)$Specify a Win32 manifest file (.xml))Do not include the default Win32 manifestNSpecify an application configuration file containing assembly binding settings8Output line and column of the end location of each errorFBuild a Windows Runtime intermediate file that is consumed by WinMDExp Build an Appcontainer executable+Specify the preferred output language name.3Could not write to output file '%2!ls!' -- '%1!ls!' source: csc.exe, 00000021.00000002.845354069.000001CB4A4D0000.00000002.00000001.sdmp, csc.exe, 00000023.00000002.855076730.000002D3EE650000.00000002.00000001.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdbM source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdbe source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 00000004.00000003.646920068.000000000315F000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdbc source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: 7C:\Users\user\AppData\Local\Temp\qxfma03s\qxfma03s.pdbXPS source: powershell.exe, 0000001E.00000002.910551161.0000026F5EBFA000.00000004.00000001.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: ntdll.pdbUGP source: loaddll32.exe, 00000000.00000003.863977808.0000000005670000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdb_ source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: version.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: wsspicli.pdbi source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdbGX source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdbm source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: 7C:\Users\user\AppData\Local\Temp\maejgtwh\maejgtwh.pdbXPS source: powershell.exe, 0000001E.00000002.910665056.0000026F5EC2E000.00000004.00000001.sdmp |
Source: | Binary string: sechost.pdbw source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdbK source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: 7C:\Users\user\AppData\Local\Temp\qxfma03s\qxfma03s.pdb source: powershell.exe, 0000001E.00000002.910375555.0000026F5EBB6000.00000004.00000001.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: comctl32v582.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000004.00000003.647057880.000000000316B000.00000004.00000001.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: ntdll.pdb source: loaddll32.exe, 00000000.00000003.863977808.0000000005670000.00000004.00000001.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000004.00000003.650889523.0000000005350000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000004.00000003.646924434.0000000003165000.00000004.00000001.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000004.00000003.650877052.0000000005381000.00000004.00000001.sdmp |
Source: | Binary string: comctl32.pdb source: WerFault.exe, 00000004.00000003.650896407.0000000005357000.00000004.00000040.sdmp |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00453E60 push 00453EEDh; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00406040 push 0040606Ch; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_004160F0 push ecx; mov dword ptr [esp], edx |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00418174 push ecx; mov dword ptr [esp], ecx |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00414104 push 00414151h; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00416134 push ecx; mov dword ptr [esp], edx |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_004143CF push 004144A8h; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0041447C push 004144A8h; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00428404 push 0042845Dh; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0041C53C push ecx; mov dword ptr [esp], edx |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0045860C push 0045863Fh; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00428A7C push 00428ABFh; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00428AF4 push 00428B20h; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00406ABC push ecx; mov dword ptr [esp], eax |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0043CB50 push 0043CB7Ch; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00458B58 push 00458B90h; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0040CB64 push ecx; mov dword ptr [esp], edx |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00428B2C push 00428B64h; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00428BC0 push 00428BECh; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00458BD4 push 00458C00h; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00458B9C push 00458BC8h; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00458C0C push 00458C32h; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0042EC2C push ecx; mov dword ptr [esp], edx |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00428CF0 push 00428D1Ch; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00426CF4 push 00426D32h; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00428C90 push 00428CC3h; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00406CA0 push 00406CCCh; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00428D40 push 00428D83h; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00426D74 push 00426DACh; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00402D00 push eax; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00454D10 push 00454D8Dh; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_004363F8 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0044E8A4 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0044F1C8 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_004393D0 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00425390 IsIconic,GetWindowPlacement,GetWindowRect, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00439AF0 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00439BA0 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0044DFF0 IsIconic,GetCapture, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_004363F8 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_0044E8A4 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_0044F1C8 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_004393D0 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_00425390 IsIconic,GetWindowPlacement,GetWindowRect, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_00439AF0 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_00439BA0 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 1_2_0044DFF0 IsIconic,GetCapture, |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\mshta.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\control.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoA,GetACP, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoA, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoA, |
Source: C:\Windows\System32\loaddll32.exe | Code function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoA, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoA,GetACP, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoA, |