Source: |
Binary string: WinTypes.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: sfc_os.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: bcrypt.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: CoreMessaging.pdb_ source: WerFault.exe, 0000001A.00000003.409603470.0000000005704000.00000004.00000040.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 0000001A.00000003.401542814.0000000003492000.00000004.00000001.sdmp |
Source: |
Binary string: CoreMessaging.pdb source: WerFault.exe, 0000001A.00000003.409603470.0000000005704000.00000004.00000040.sdmp |
Source: |
Binary string: ntmarta.pdby1Zs# source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: c:\Door\26\Enter\Mos\Hard \Stretch.pdb source: loaddll32.exe, 00000002.00000002.484014411.000000006E1EB000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.487526023.000000006E1EB000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.386861374.000000006E1EB000.00000002.00020000.sdmp, c36.dll |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: ntmarta.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: mpr.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: |
Binary string: CoreUIComponents.pdb source: WerFault.exe, 0000001A.00000003.409603470.0000000005704000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: setupapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdbT? source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: wUxTheme.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: imagehlp.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: dwmapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb( source: WerFault.exe, 0000001A.00000003.401542814.0000000003492000.00000004.00000001.sdmp |
Source: |
Binary string: shcore.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: winspool.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: shell32.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: propsys.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: msctf.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: TextInputFramework.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: AcLayers.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: |
Binary string: msctf.pdbG1xs( source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: WinTypes.pdbK1dsg& source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: rundll32.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: oleaut32.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: sfc.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: combase.pdbgB source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: Yara match |
File source: 00000002.00000002.480154797.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437029493.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437142340.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.436946677.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391097194.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391161462.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390899688.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391143928.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000002.482068718.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390847636.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437405999.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437098624.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390939253.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437339959.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390979627.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.436834249.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391054400.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437249428.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: loaddll32.exe PID: 4796, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: rundll32.exe PID: 1844, type: MEMORY |
Source: Yara match |
File source: 00000002.00000002.480154797.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437029493.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437142340.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.436946677.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391097194.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391161462.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390899688.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391143928.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000002.482068718.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390847636.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437405999.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437098624.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390939253.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437339959.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390979627.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.436834249.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391054400.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437249428.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: loaddll32.exe PID: 4796, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: rundll32.exe PID: 1844, type: MEMORY |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1A2184 |
2_2_6E1A2184 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_02EA3EE1 |
2_2_02EA3EE1 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_02EA888E |
2_2_02EA888E |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_02EAAF80 |
2_2_02EAAF80 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1CA260 |
2_2_6E1CA260 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1CD1F0 |
2_2_6E1CD1F0 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1E8559 |
2_2_6E1E8559 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1DEDC4 |
2_2_6E1DEDC4 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1DC5EB |
2_2_6E1DC5EB |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1CDA30 |
2_2_6E1CDA30 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1E7AD1 |
2_2_6E1E7AD1 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1E8015 |
2_2_6E1E8015 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1D68E0 |
2_2_6E1D68E0 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1EA1BF |
2_2_6E1EA1BF |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1C99A0 |
2_2_6E1C99A0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_0118AF80 |
5_2_0118AF80 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_0118888E |
5_2_0118888E |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_01183EE1 |
5_2_01183EE1 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1CA260 |
5_2_6E1CA260 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1CD1F0 |
5_2_6E1CD1F0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1E8559 |
5_2_6E1E8559 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1DEDC4 |
5_2_6E1DEDC4 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1DC5EB |
5_2_6E1DC5EB |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1CDA30 |
5_2_6E1CDA30 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1E7AD1 |
5_2_6E1E7AD1 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1E8015 |
5_2_6E1E8015 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1D68E0 |
5_2_6E1D68E0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1EA1BF |
5_2_6E1EA1BF |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1C99A0 |
5_2_6E1C99A0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 6_2_6E1CA260 |
6_2_6E1CA260 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 6_2_6E1CD1F0 |
6_2_6E1CD1F0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 6_2_6E1E8559 |
6_2_6E1E8559 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 6_2_6E1DEDC4 |
6_2_6E1DEDC4 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 6_2_6E1DC5EB |
6_2_6E1DC5EB |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 6_2_6E1CDA30 |
6_2_6E1CDA30 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 6_2_6E1E7AD1 |
6_2_6E1E7AD1 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 6_2_6E1E8015 |
6_2_6E1E8015 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 6_2_6E1D68E0 |
6_2_6E1D68E0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 6_2_6E1EA1BF |
6_2_6E1EA1BF |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 6_2_6E1C99A0 |
6_2_6E1C99A0 |
Source: unknown |
Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\c36.dll' |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\c36.dll',#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c36.dll,Beautyresult |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\c36.dll',#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c36.dll,Division |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c36.dll,Fastcolor |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c36.dll,Yetclose |
|
Source: unknown |
Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding |
|
Source: C:\Program Files\internet explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5468 CREDAT:17410 /prefetch:2 |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 852 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\c36.dll',#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c36.dll,Beautyresult |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c36.dll,Division |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c36.dll,Fastcolor |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c36.dll,Yetclose |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\c36.dll',#1 |
Jump to behavior |
Source: C:\Program Files\internet explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5468 CREDAT:17410 /prefetch:2 |
Jump to behavior |
Source: |
Binary string: WinTypes.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: sfc_os.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: bcrypt.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: CoreMessaging.pdb_ source: WerFault.exe, 0000001A.00000003.409603470.0000000005704000.00000004.00000040.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 0000001A.00000003.401542814.0000000003492000.00000004.00000001.sdmp |
Source: |
Binary string: CoreMessaging.pdb source: WerFault.exe, 0000001A.00000003.409603470.0000000005704000.00000004.00000040.sdmp |
Source: |
Binary string: ntmarta.pdby1Zs# source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: c:\Door\26\Enter\Mos\Hard \Stretch.pdb source: loaddll32.exe, 00000002.00000002.484014411.000000006E1EB000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.487526023.000000006E1EB000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.386861374.000000006E1EB000.00000002.00020000.sdmp, c36.dll |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: ntmarta.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: mpr.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: |
Binary string: CoreUIComponents.pdb source: WerFault.exe, 0000001A.00000003.409603470.0000000005704000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: setupapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdbT? source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: wUxTheme.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: imagehlp.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: dwmapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb( source: WerFault.exe, 0000001A.00000003.401542814.0000000003492000.00000004.00000001.sdmp |
Source: |
Binary string: shcore.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: winspool.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: shell32.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: propsys.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: msctf.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: TextInputFramework.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: AcLayers.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: |
Binary string: msctf.pdbG1xs( source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: WinTypes.pdbK1dsg& source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: rundll32.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: oleaut32.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: sfc.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: |
Binary string: combase.pdbgB source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1A2120 push ecx; ret |
2_2_6E1A2129 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1A2173 push ecx; ret |
2_2_6E1A2183 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_02EAABC0 push ecx; ret |
2_2_02EAABC9 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_02EAAF6F push ecx; ret |
2_2_02EAAF7F |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1B1F3E push ds; ret |
2_2_6E1B1F42 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1B27B2 push edi; retf |
2_2_6E1B27B4 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1B1511 push es; ret |
2_2_6E1B156F |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1D9D55 push ecx; ret |
2_2_6E1D9D68 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1D7255 push ecx; ret |
2_2_6E1D7268 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E205803 push dword ptr [edi]; ret |
2_2_6E205810 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E2060AF push 5DC4E471h; iretd |
2_2_6E2060B9 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E2058DE push ebx; retf |
2_2_6E2058E9 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E203501 push eax; ret |
2_2_6E203531 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E203580 push eax; ret |
2_2_6E203531 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E20678B push dword ptr [ebx+ecx+36B6D5EAh]; iretd |
2_2_6E2067A1 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_0118AF6F push ecx; ret |
5_2_0118AF7F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_0118ABC0 push ecx; ret |
5_2_0118ABC9 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1B670E pushad ; retf |
5_2_6E1B6715 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1B1F3E push ds; ret |
5_2_6E1B1F42 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1B5779 push esp; iretd |
5_2_6E1B577D |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1B27B2 push edi; retf |
5_2_6E1B27B4 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1B1511 push es; ret |
5_2_6E1B156F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1D9D55 push ecx; ret |
5_2_6E1D9D68 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1D7255 push ecx; ret |
5_2_6E1D7268 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1B59A9 push esp; ret |
5_2_6E1B59B5 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E205803 push dword ptr [edi]; ret |
5_2_6E205810 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E2060AF push 5DC4E471h; iretd |
5_2_6E2060B9 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E2058DE push ebx; retf |
5_2_6E2058E9 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E203501 push eax; ret |
5_2_6E203531 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E203580 push eax; ret |
5_2_6E203531 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E20678B push dword ptr [ebx+ecx+36B6D5EAh]; iretd |
5_2_6E2067A1 |
Source: Yara match |
File source: 00000002.00000002.480154797.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437029493.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437142340.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.436946677.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391097194.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391161462.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390899688.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391143928.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000002.482068718.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390847636.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437405999.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437098624.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390939253.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437339959.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390979627.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.436834249.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391054400.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437249428.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: loaddll32.exe PID: 4796, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: rundll32.exe PID: 1844, type: MEMORY |
Source: C:\Windows\System32\loaddll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1D6ED0 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
2_2_6E1D6ED0 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1D4FB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
2_2_6E1D4FB4 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1D27C8 _abort,__NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
2_2_6E1D27C8 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 2_2_6E1D6A1F _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
2_2_6E1D6A1F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1D6ED0 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
5_2_6E1D6ED0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1D4FB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
5_2_6E1D4FB4 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1D27C8 _abort,__NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
5_2_6E1D27C8 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_6E1D6A1F _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
5_2_6E1D6A1F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 6_2_6E1D6ED0 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
6_2_6E1D6ED0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 6_2_6E1D4FB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
6_2_6E1D4FB4 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 6_2_6E1D27C8 _abort,__NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
6_2_6E1D27C8 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 6_2_6E1D6A1F _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
6_2_6E1D6A1F |
Source: C:\Windows\System32\loaddll32.exe |
Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num, |
2_2_6E1DD7F4 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement, |
2_2_6E1D8C74 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW, |
2_2_6E1E3C75 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
2_2_6E1DD186 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: GetLocaleInfoA, |
2_2_6E1E3E03 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, |
2_2_6E1DE67A |
Source: C:\Windows\System32\loaddll32.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, |
2_2_6E1DE791 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
2_2_6E1E74C2 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, |
2_2_6E1DEA6F |
Source: C:\Windows\System32\loaddll32.exe |
Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, |
2_2_6E1DEB30 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW, |
2_2_6E1E734F |
Source: C:\Windows\System32\loaddll32.exe |
Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, |
2_2_6E1DEB97 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: GetLastError,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA, |
2_2_6E1E7383 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itoa_s, |
2_2_6E1DEBD3 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen, |
2_2_6E1DE829 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num, |
5_2_6E1DD7F4 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement, |
5_2_6E1D8C74 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW, |
5_2_6E1E3C75 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
5_2_6E1DD186 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoA, |
5_2_6E1E3E03 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, |
5_2_6E1DE67A |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, |
5_2_6E1DE791 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
5_2_6E1E74C2 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, |
5_2_6E1DEA6F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, |
5_2_6E1DEB30 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW, |
5_2_6E1E734F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, |
5_2_6E1DEB97 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLastError,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA, |
5_2_6E1E7383 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itoa_s, |
5_2_6E1DEBD3 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen, |
5_2_6E1DE829 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num, |
6_2_6E1DD7F4 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement, |
6_2_6E1D8C74 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW, |
6_2_6E1E3C75 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
6_2_6E1DD186 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoA, |
6_2_6E1E3E03 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, |
6_2_6E1DE67A |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, |
6_2_6E1DE791 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
6_2_6E1E74C2 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, |
6_2_6E1DEA6F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, |
6_2_6E1DEB30 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW, |
6_2_6E1E734F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, |
6_2_6E1DEB97 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLastError,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA, |
6_2_6E1E7383 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itoa_s, |
6_2_6E1DEBD3 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen, |
6_2_6E1DE829 |
Source: Yara match |
File source: 00000002.00000002.480154797.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437029493.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437142340.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.436946677.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391097194.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391161462.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390899688.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391143928.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000002.482068718.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390847636.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437405999.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437098624.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390939253.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437339959.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390979627.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.436834249.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391054400.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437249428.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: loaddll32.exe PID: 4796, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: rundll32.exe PID: 1844, type: MEMORY |
Source: Yara match |
File source: 00000002.00000002.480154797.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437029493.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437142340.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.436946677.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391097194.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391161462.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390899688.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391143928.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000002.482068718.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390847636.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437405999.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437098624.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390939253.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437339959.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.390979627.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.436834249.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.391054400.00000000039C8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000003.437249428.0000000005A38000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: loaddll32.exe PID: 4796, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: rundll32.exe PID: 1844, type: MEMORY |