Loading ...

Play interactive tourEdit tour

Analysis Report 4123.do1

Overview

General Information

Sample Name:4123.do1 (renamed file extension from do1 to dll)
Analysis ID:384021
MD5:f776deb4df137b37dcae5406c8f3a07a
SHA1:f6a31b594fca39c118927405fa4d14353b8fd49a
SHA256:93cc5e6a6b671d9b0124ade32ae8b09269de9f03c5c5e66347fbfc7a8c3b305e
Infos:

Most interesting Screenshot:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Performs DNS queries to domains with low reputation
Rundll32 performs DNS lookup (likely malicious behavior)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found decision node followed by non-executed suspicious APIs
One or more processes crash
PE file contains strange resources
Uses 32bit PE files

Classification

Startup

  • System is w10x64
  • loaddll32.exe (PID: 7088 cmdline: loaddll32.exe 'C:\Users\user\Desktop\4123.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)
    • cmd.exe (PID: 7100 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\4123.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 7132 cmdline: rundll32.exe 'C:\Users\user\Desktop\4123.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • WerFault.exe (PID: 6652 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 1008 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • rundll32.exe (PID: 7120 cmdline: rundll32.exe C:\Users\user\Desktop\4123.dll,DF1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • WerFault.exe (PID: 6636 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 1008 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • rundll32.exe (PID: 5752 cmdline: rundll32.exe 'C:\Users\user\Desktop\4123.dll',DF1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • WerFault.exe (PID: 5948 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 1008 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus detection for URL or domainShow sources
Source: http://veso2.xyz/campo/r/r1FAvira URL Cloud: Label: malware
Source: http://veso2.xyz/campo/r/r1C:Avira URL Cloud: Label: malware
Source: http://veso2.xyz/campo/r/r1Avira URL Cloud: Label: malware
Multi AV Scanner detection for domain / URLShow sources
Source: veso2.xyzVirustotal: Detection: 10%Perma Link
Multi AV Scanner detection for submitted fileShow sources
Source: 4123.dllVirustotal: Detection: 55%Perma Link
Source: 4123.dllReversingLabs: Detection: 62%
Source: 10.2.rundll32.exe.1190000.7.unpackAvira: Label: TR/Dropper.Gen
Source: 3.2.rundll32.exe.11b0000.7.unpackAvira: Label: TR/Dropper.Gen
Source: 10.2.rundll32.exe.d823b6.2.unpackAvira: Label: TR/Dropper.Gen
Source: 4.2.rundll32.exe.11a0000.7.unpackAvira: Label: TR/Dropper.Gen
Source: 4123.dllStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED
Source: Binary string: cryptbase.pdbP source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: pnrpnsp.pdbY source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: rsaenh.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: fltLib.pdb6 source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000008.00000003.636944028.0000000003386000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.636727331.0000000002DD7000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.642877334.00000000051BB000.00000004.00000001.sdmp
Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000008.00000003.641893367.00000000059C1000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642363725.0000000000AB1000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651005092.00000000056B1000.00000004.00000040.sdmp
Source: Binary string: NapiNSP.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000008.00000003.641867150.00000000057F1000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.642348712.0000000004E81000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.650931846.00000000056E1000.00000004.00000001.sdmp
Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000008.00000003.641942201.00000000059C0000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642409344.0000000000AB0000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651140195.00000000056B0000.00000004.00000040.sdmp
Source: Binary string: wntdll.pdb source: WerFault.exe, 00000008.00000003.636702692.0000000003380000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.637261679.0000000002DD1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.642507283.000000000337E000.00000004.00000001.sdmp
Source: Binary string: winnsi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: cryptsp.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: advapi32.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000008.00000003.641942201.00000000059C0000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642409344.0000000000AB0000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651140195.00000000056B0000.00000004.00000040.sdmp
Source: Binary string: bcrypt.pdb* source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: dwmapi.pdb, source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: fltLib.pdbS source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: msctf.pdb_ source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: rasadhlp.pdbq source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000008.00000003.636714132.000000000338C000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.637048796.0000000002DDD000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.642523716.000000000338A000.00000004.00000001.sdmp
Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: mpr.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: msasn1.pdb} source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: shcore.pdbk source: WerFault.exe, 00000008.00000003.641954637.00000000059C4000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642418429.0000000000AB4000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651005092.00000000056B1000.00000004.00000040.sdmp
Source: Binary string: advapi32.pdb& source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: ws2_32.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: msvcp60.pdb? source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: winspool.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: shell32.pdbk source: WerFault.exe, 00000008.00000003.641893367.00000000059C1000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642363725.0000000000AB1000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651005092.00000000056B1000.00000004.00000040.sdmp
Source: Binary string: iphlpapi.pdb} source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: rsaenh.pdb6 source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: shlwapi.pdbt source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: nsi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 00000008.00000003.641893367.00000000059C1000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642363725.0000000000AB1000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651005092.00000000056B1000.00000004.00000040.sdmp
Source: Binary string: powrprof.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: propsys.pdbh source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: NapiNSP.pdbc source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: AcLayers.pdb source: WerFault.exe, 00000008.00000003.641867150.00000000057F1000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.642348712.0000000004E81000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.650931846.00000000056E1000.00000004.00000001.sdmp
Source: Binary string: advapi32.pdbB source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: shlwapi.pdbe source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: userenv.pdbe source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: msasn1.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: dpapi.pdb? source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000008.00000003.641893367.00000000059C1000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642418429.0000000000AB4000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651005092.00000000056B1000.00000004.00000040.sdmp
Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000008.00000003.641942201.00000000059C0000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642409344.0000000000AB0000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651140195.00000000056B0000.00000004.00000040.sdmp
Source: Binary string: combase.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: winnsi.pdbh source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: msvcp60.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: wkernel32.pdb( source: WerFault.exe, 00000008.00000003.636944028.0000000003386000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.643200294.0000000003384000.00000004.00000001.sdmp
Source: Binary string: rundll32.pdb source: WerFault.exe, 00000008.00000002.658372686.00000000035C0000.00000002.00000001.sdmp, WerFault.exe, 00000009.00000002.656286484.00000000009C0000.00000002.00000001.sdmp, WerFault.exe, 0000000C.00000002.698870871.0000000003430000.00000002.00000001.sdmp
Source: Binary string: sfc.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: dpapi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: apphelp.pdb source: WerFault.exe, 00000008.00000003.641867150.00000000057F1000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.642348712.0000000004E81000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.650931846.00000000056E1000.00000004.00000001.sdmp
Source: Binary string: wimm32.pdbZ source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: profapi.pdb\ source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: wimm32.pdbU source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: rasadhlp.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: shlwapi.pdb0 source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: winnsi.pdbW source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: dhcpcsvc.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: cryptsp.pdbr source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: msasn1.pdb8 source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: sechost.pdbI source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: pnrpnsp.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: advapi32.pdbq source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: lbase.pdb source: WerFault.exe, 00000009.00000003.636822779.0000000004A2D000.00000004.00000001.sdmp
Source: Binary string: cryptsp.pdb{ source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: dhcpcsvc6.pdbS source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: rundll32.pdbGCTL source: WerFault.exe, 00000008.00000002.658372686.00000000035C0000.00000002.00000001.sdmp, WerFault.exe, 00000009.00000002.656286484.00000000009C0000.00000002.00000001.sdmp, WerFault.exe, 0000000C.00000002.698870871.0000000003430000.00000002.00000001.sdmp
Source: Binary string: shcore.pdb source: WerFault.exe, 00000008.00000003.641954637.00000000059C4000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642418429.0000000000AB4000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651005092.00000000056B1000.00000004.00000040.sdmp
Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000008.00000003.641867150.00000000057F1000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.642348712.0000000004E81000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.650931846.00000000056E1000.00000004.00000001.sdmp
Source: Binary string: combase.pdbD source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: fltLib.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: combase.pdbF source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: shell32.pdb source: WerFault.exe, 00000008.00000003.641893367.00000000059C1000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642363725.0000000000AB1000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651005092.00000000056B1000.00000004.00000040.sdmp
Source: Binary string: nsi.pdb{ source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: powrprof.pdb* source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000008.00000003.641867150.00000000057F1000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.642348712.0000000004E81000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.650931846.00000000056E1000.00000004.00000001.sdmp
Source: Binary string: sechost.pdb8 source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: dnsapi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: wimm32.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: userenv.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000008.00000003.641867150.00000000057F1000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.642348712.0000000004E81000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.650931846.00000000056E1000.00000004.00000001.sdmp
Source: Binary string: setupapi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: nlaapi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: iphlpapi.pdbf source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: l32.pdb source: WerFault.exe, 00000009.00000003.636822779.0000000004A2D000.00000004.00000001.sdmp
Source: Binary string: dhcpcsvc6.pdb5 source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: imagehlp.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: oleaut32.pdbN source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: iphlpapi.pdbr source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: wntdll.pdb( source: WerFault.exe, 00000008.00000003.636702692.0000000003380000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.642507283.000000000337E000.00000004.00000001.sdmp
Source: Binary string: profapi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: dhcpcsvc6.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: oleaut32.pdb` source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000008.00000003.641867150.00000000057F1000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.642348712.0000000004E81000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.650931846.00000000056E1000.00000004.00000001.sdmp
Source: Binary string: setupapi.pdb, source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: sfc_os.pdbG source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: sechost.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: nlaapi.pdbe source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: propsys.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000008.00000003.641893367.00000000059C1000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642418429.0000000000AB4000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651005092.00000000056B1000.00000004.00000040.sdmp
Source: Binary string: winspool.pdbx source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: winrnr.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: bcrypt.pdbc source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: msctf.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: wUxTheme.pdb5 source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: wmswsock.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: ws2_32.pdbf source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: dhcpcsvc.pdbY source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: wUxTheme.pdb> source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000008.00000003.641942201.00000000059C0000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642409344.0000000000AB0000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651140195.00000000056B0000.00000004.00000040.sdmp
Source: Binary string: setupapi.pdbL source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: wmswsock.pdb~ source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: msctf.pdb, source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: winspool.pdbr source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: winspool.pdbo source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: bcrypt.pdbt source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 00000008.00000003.636714132.000000000338C000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.642523716.000000000338A000.00000004.00000001.sdmp
Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000008.00000003.641942201.00000000059C0000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642409344.0000000000AB0000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651140195.00000000056B0000.00000004.00000040.sdmp
Source: Binary string: oleaut32.pdb{ source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: wuser32.pdb source: WerFault.exe, 00000008.00000003.641867150.00000000057F1000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.642348712.0000000004E81000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.650931846.00000000056E1000.00000004.00000001.sdmp
Source: Binary string: dhcpcsvc.pdb} source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: cryptbase.pdbn source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: crypt32.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp

Networking:

barindex
Performs DNS queries to domains with low reputationShow sources
Source: C:\Windows\SysWOW64\rundll32.exeDNS query: veso2.xyz
Source: C:\Windows\SysWOW64\rundll32.exeDNS query: veso2.xyz
Source: C:\Windows\SysWOW64\rundll32.exeDNS query: veso2.xyz
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04851640 wsprintfA,WSAStartup,socket,gethostbyname,htons,connect,send,recv,closesocket,WSACleanup,3_2_04851640
Source: unknownDNS traffic detected: queries for: veso2.xyz
Source: WerFault.exe, 00000009.00000003.655034598.0000000004A3A000.00000004.00000001.sdmpString found in binary or memory: http://crl.microsoft
Source: WerFault.exe, 0000000C.00000003.697579137.0000000005109000.00000004.00000001.sdmpString found in binary or memory: http://crl.microsoftH
Source: rundll32.exe, rundll32.exe, 0000000A.00000002.701579769.0000000000AAB000.00000004.00000010.sdmpString found in binary or memory: http://veso2.xyz/campo/r/r1
Source: rundll32.exe, 00000003.00000002.662513941.00000000011A4000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000002.668070742.0000000003372000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.667384317.0000000001150000.00000040.00000001.sdmp, rundll32.exe, 0000000A.00000002.703520436.00000000011B2000.00000002.00000001.sdmpString found in binary or memory: http://veso2.xyz/campo/r/r1C:
Source: rundll32.exe, 00000003.00000002.660720123.000000000090B000.00000004.00000010.sdmpString found in binary or memory: http://veso2.xyz/campo/r/r1F

System Summary:

barindex
Rundll32 performs DNS lookup (likely malicious behavior)Show sources
Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: veso2.xyz
Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: veso2.xyz
Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: veso2.xyz
Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\Windows\AppCompat\Programs\Amcache.hve.tmpJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100011403_2_10001140
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 1008
Source: 4123.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 4123.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 4123.dllStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED
Source: classification engineClassification label: mal80.troj.evad.winDLL@12/15@3/1
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CryptoJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7120
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7132
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5752
Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERA0B3.tmpJump to behavior
Source: 4123.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\4123.dll,DF1
Source: 4123.dllVirustotal: Detection: 55%
Source: 4123.dllReversingLabs: Detection: 62%
Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\4123.dll'
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\4123.dll',#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\4123.dll,DF1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\4123.dll',#1
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 1008
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 1008
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\4123.dll',DF1
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 1008
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\4123.dll',#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\4123.dll,DF1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\4123.dll',DF1Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\4123.dll',#1Jump to behavior
Source: Binary string: cryptbase.pdbP source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: pnrpnsp.pdbY source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: rsaenh.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: fltLib.pdb6 source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000008.00000003.636944028.0000000003386000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.636727331.0000000002DD7000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.642877334.00000000051BB000.00000004.00000001.sdmp
Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000008.00000003.641893367.00000000059C1000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642363725.0000000000AB1000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651005092.00000000056B1000.00000004.00000040.sdmp
Source: Binary string: NapiNSP.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000008.00000003.641867150.00000000057F1000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.642348712.0000000004E81000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.650931846.00000000056E1000.00000004.00000001.sdmp
Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000008.00000003.641942201.00000000059C0000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642409344.0000000000AB0000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651140195.00000000056B0000.00000004.00000040.sdmp
Source: Binary string: wntdll.pdb source: WerFault.exe, 00000008.00000003.636702692.0000000003380000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.637261679.0000000002DD1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.642507283.000000000337E000.00000004.00000001.sdmp
Source: Binary string: winnsi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: cryptsp.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: advapi32.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000008.00000003.641942201.00000000059C0000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642409344.0000000000AB0000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651140195.00000000056B0000.00000004.00000040.sdmp
Source: Binary string: bcrypt.pdb* source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: dwmapi.pdb, source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: fltLib.pdbS source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: msctf.pdb_ source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: rasadhlp.pdbq source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000008.00000003.636714132.000000000338C000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.637048796.0000000002DDD000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.642523716.000000000338A000.00000004.00000001.sdmp
Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: mpr.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: msasn1.pdb} source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: shcore.pdbk source: WerFault.exe, 00000008.00000003.641954637.00000000059C4000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642418429.0000000000AB4000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651005092.00000000056B1000.00000004.00000040.sdmp
Source: Binary string: advapi32.pdb& source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: ws2_32.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: msvcp60.pdb? source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: winspool.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: shell32.pdbk source: WerFault.exe, 00000008.00000003.641893367.00000000059C1000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642363725.0000000000AB1000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651005092.00000000056B1000.00000004.00000040.sdmp
Source: Binary string: iphlpapi.pdb} source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: rsaenh.pdb6 source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: shlwapi.pdbt source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: nsi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 00000008.00000003.641893367.00000000059C1000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642363725.0000000000AB1000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651005092.00000000056B1000.00000004.00000040.sdmp
Source: Binary string: powrprof.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: propsys.pdbh source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: NapiNSP.pdbc source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: AcLayers.pdb source: WerFault.exe, 00000008.00000003.641867150.00000000057F1000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.642348712.0000000004E81000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.650931846.00000000056E1000.00000004.00000001.sdmp
Source: Binary string: advapi32.pdbB source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: shlwapi.pdbe source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: userenv.pdbe source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: msasn1.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: dpapi.pdb? source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000008.00000003.641893367.00000000059C1000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642418429.0000000000AB4000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651005092.00000000056B1000.00000004.00000040.sdmp
Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000008.00000003.641942201.00000000059C0000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642409344.0000000000AB0000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651140195.00000000056B0000.00000004.00000040.sdmp
Source: Binary string: combase.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: winnsi.pdbh source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: msvcp60.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: wkernel32.pdb( source: WerFault.exe, 00000008.00000003.636944028.0000000003386000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.643200294.0000000003384000.00000004.00000001.sdmp
Source: Binary string: rundll32.pdb source: WerFault.exe, 00000008.00000002.658372686.00000000035C0000.00000002.00000001.sdmp, WerFault.exe, 00000009.00000002.656286484.00000000009C0000.00000002.00000001.sdmp, WerFault.exe, 0000000C.00000002.698870871.0000000003430000.00000002.00000001.sdmp
Source: Binary string: sfc.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: dpapi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: apphelp.pdb source: WerFault.exe, 00000008.00000003.641867150.00000000057F1000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.642348712.0000000004E81000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.650931846.00000000056E1000.00000004.00000001.sdmp
Source: Binary string: wimm32.pdbZ source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: profapi.pdb\ source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: wimm32.pdbU source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: rasadhlp.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: shlwapi.pdb0 source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: winnsi.pdbW source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: dhcpcsvc.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: cryptsp.pdbr source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: msasn1.pdb8 source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: sechost.pdbI source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: pnrpnsp.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: advapi32.pdbq source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: lbase.pdb source: WerFault.exe, 00000009.00000003.636822779.0000000004A2D000.00000004.00000001.sdmp
Source: Binary string: cryptsp.pdb{ source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: dhcpcsvc6.pdbS source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: rundll32.pdbGCTL source: WerFault.exe, 00000008.00000002.658372686.00000000035C0000.00000002.00000001.sdmp, WerFault.exe, 00000009.00000002.656286484.00000000009C0000.00000002.00000001.sdmp, WerFault.exe, 0000000C.00000002.698870871.0000000003430000.00000002.00000001.sdmp
Source: Binary string: shcore.pdb source: WerFault.exe, 00000008.00000003.641954637.00000000059C4000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642418429.0000000000AB4000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651005092.00000000056B1000.00000004.00000040.sdmp
Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000008.00000003.641867150.00000000057F1000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.642348712.0000000004E81000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.650931846.00000000056E1000.00000004.00000001.sdmp
Source: Binary string: combase.pdbD source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: fltLib.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: combase.pdbF source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: shell32.pdb source: WerFault.exe, 00000008.00000003.641893367.00000000059C1000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642363725.0000000000AB1000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651005092.00000000056B1000.00000004.00000040.sdmp
Source: Binary string: nsi.pdb{ source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: powrprof.pdb* source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000008.00000003.641867150.00000000057F1000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.642348712.0000000004E81000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.650931846.00000000056E1000.00000004.00000001.sdmp
Source: Binary string: sechost.pdb8 source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: dnsapi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: wimm32.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: userenv.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000008.00000003.641867150.00000000057F1000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.642348712.0000000004E81000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.650931846.00000000056E1000.00000004.00000001.sdmp
Source: Binary string: setupapi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: nlaapi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: iphlpapi.pdbf source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: l32.pdb source: WerFault.exe, 00000009.00000003.636822779.0000000004A2D000.00000004.00000001.sdmp
Source: Binary string: dhcpcsvc6.pdb5 source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: imagehlp.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: oleaut32.pdbN source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: iphlpapi.pdbr source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: wntdll.pdb( source: WerFault.exe, 00000008.00000003.636702692.0000000003380000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.642507283.000000000337E000.00000004.00000001.sdmp
Source: Binary string: profapi.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: dhcpcsvc6.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: oleaut32.pdb` source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000008.00000003.641867150.00000000057F1000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.642348712.0000000004E81000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.650931846.00000000056E1000.00000004.00000001.sdmp
Source: Binary string: setupapi.pdb, source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: sfc_os.pdbG source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: sechost.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: nlaapi.pdbe source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: propsys.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000008.00000003.641893367.00000000059C1000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642418429.0000000000AB4000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651005092.00000000056B1000.00000004.00000040.sdmp
Source: Binary string: winspool.pdbx source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: winrnr.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: bcrypt.pdbc source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: msctf.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: wUxTheme.pdb5 source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: wmswsock.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: ws2_32.pdbf source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: dhcpcsvc.pdbY source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: wUxTheme.pdb> source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000008.00000003.641942201.00000000059C0000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642409344.0000000000AB0000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651140195.00000000056B0000.00000004.00000040.sdmp
Source: Binary string: setupapi.pdbL source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: wmswsock.pdb~ source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: msctf.pdb, source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: winspool.pdbr source: WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp
Source: Binary string: winspool.pdbo source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: bcrypt.pdbt source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 00000008.00000003.636714132.000000000338C000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.642523716.000000000338A000.00000004.00000001.sdmp
Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000008.00000003.641942201.00000000059C0000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642409344.0000000000AB0000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651140195.00000000056B0000.00000004.00000040.sdmp
Source: Binary string: oleaut32.pdb{ source: WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: Binary string: wuser32.pdb source: WerFault.exe, 00000008.00000003.641867150.00000000057F1000.00000004.00000001.sdmp, WerFault.exe, 00000009.00000003.642348712.0000000004E81000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.650931846.00000000056E1000.00000004.00000001.sdmp
Source: Binary string: dhcpcsvc.pdb} source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: cryptbase.pdbn source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp
Source: Binary string: crypt32.pdb source: WerFault.exe, 00000008.00000003.641899016.00000000059C7000.00000004.00000040.sdmp, WerFault.exe, 00000009.00000003.642375738.0000000000AB7000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.651029204.00000000056B7000.00000004.00000040.sdmp
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10001100 LoadLibraryW,GetProcAddress,3_2_10001100
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_048511A0 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_048511A0
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_10-1245
Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 120000Jump to behavior
Source: WerFault.exe, 00000008.00000002.660056693.0000000005360000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW`U&
Source: WerFault.exe, 00000008.00000002.660334872.0000000005560000.00000002.00000001.sdmp, WerFault.exe, 00000009.00000002.659301898.0000000004BF0000.00000002.00000001.sdmp, WerFault.exe, 0000000C.00000002.699833686.00000000057D0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: WerFault.exe, 00000008.00000002.659997799.0000000005346000.00000004.00000001.sdmp