Source: | Binary string: WinTypes.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: CoreMessaging.pdb_ source: WerFault.exe, 0000001A.00000003.409603470.0000000005704000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 0000001A.00000003.401542814.0000000003492000.00000004.00000001.sdmp |
Source: | Binary string: CoreMessaging.pdb source: WerFault.exe, 0000001A.00000003.409603470.0000000005704000.00000004.00000040.sdmp |
Source: | Binary string: ntmarta.pdby1Zs# source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: c:\Door\26\Enter\Mos\Hard \Stretch.pdb source: loaddll32.exe, 00000002.00000002.484014411.000000006E1EB000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.487526023.000000006E1EB000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.386861374.000000006E1EB000.00000002.00020000.sdmp, c36.dll |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: ntmarta.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: | Binary string: CoreUIComponents.pdb source: WerFault.exe, 0000001A.00000003.409603470.0000000005704000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdbT? source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 0000001A.00000003.401542814.0000000003492000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: TextInputFramework.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdbG1xs( source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: WinTypes.pdbK1dsg& source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: combase.pdbgB source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1A2184 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_02EA3EE1 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_02EA888E |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_02EAAF80 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1CA260 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1CD1F0 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1E8559 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1DEDC4 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1DC5EB |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1CDA30 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1E7AD1 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1E8015 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1D68E0 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1EA1BF |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1C99A0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_0118AF80 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_0118888E |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_01183EE1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1CA260 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1CD1F0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1E8559 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1DEDC4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1DC5EB |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1CDA30 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1E7AD1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1E8015 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1D68E0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1EA1BF |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1C99A0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 6_2_6E1CA260 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 6_2_6E1CD1F0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 6_2_6E1E8559 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 6_2_6E1DEDC4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 6_2_6E1DC5EB |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 6_2_6E1CDA30 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 6_2_6E1E7AD1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 6_2_6E1E8015 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 6_2_6E1D68E0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 6_2_6E1EA1BF |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 6_2_6E1C99A0 |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\c36.dll' |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\c36.dll',#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c36.dll,Beautyresult |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\c36.dll',#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c36.dll,Division |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c36.dll,Fastcolor |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c36.dll,Yetclose |
Source: unknown | Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding |
Source: C:\Program Files\internet explorer\iexplore.exe | Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5468 CREDAT:17410 /prefetch:2 |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 852 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\c36.dll',#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c36.dll,Beautyresult |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c36.dll,Division |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c36.dll,Fastcolor |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c36.dll,Yetclose |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\c36.dll',#1 |
Source: C:\Program Files\internet explorer\iexplore.exe | Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5468 CREDAT:17410 /prefetch:2 |
Source: | Binary string: WinTypes.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: CoreMessaging.pdb_ source: WerFault.exe, 0000001A.00000003.409603470.0000000005704000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 0000001A.00000003.401542814.0000000003492000.00000004.00000001.sdmp |
Source: | Binary string: CoreMessaging.pdb source: WerFault.exe, 0000001A.00000003.409603470.0000000005704000.00000004.00000040.sdmp |
Source: | Binary string: ntmarta.pdby1Zs# source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: c:\Door\26\Enter\Mos\Hard \Stretch.pdb source: loaddll32.exe, 00000002.00000002.484014411.000000006E1EB000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.487526023.000000006E1EB000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.386861374.000000006E1EB000.00000002.00020000.sdmp, c36.dll |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: ntmarta.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: | Binary string: CoreUIComponents.pdb source: WerFault.exe, 0000001A.00000003.409603470.0000000005704000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdbT? source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 0000001A.00000003.401542814.0000000003492000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: TextInputFramework.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdbG1xs( source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 0000001A.00000003.409570664.00000000056F2000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 0000001A.00000003.409645470.00000000056F0000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: WinTypes.pdbK1dsg& source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 0000001A.00000003.409544417.00000000055C1000.00000004.00000001.sdmp |
Source: | Binary string: combase.pdbgB source: WerFault.exe, 0000001A.00000003.409583861.00000000056F8000.00000004.00000040.sdmp |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1A2120 push ecx; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1A2173 push ecx; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_02EAABC0 push ecx; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_02EAAF6F push ecx; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1B1F3E push ds; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1B27B2 push edi; retf |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1B1511 push es; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1D9D55 push ecx; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1D7255 push ecx; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E205803 push dword ptr [edi]; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E2060AF push 5DC4E471h; iretd |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E2058DE push ebx; retf |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E203501 push eax; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E203580 push eax; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E20678B push dword ptr [ebx+ecx+36B6D5EAh]; iretd |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_0118AF6F push ecx; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_0118ABC0 push ecx; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1B670E pushad ; retf |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1B1F3E push ds; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1B5779 push esp; iretd |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1B27B2 push edi; retf |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1B1511 push es; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1D9D55 push ecx; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1D7255 push ecx; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1B59A9 push esp; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E205803 push dword ptr [edi]; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E2060AF push 5DC4E471h; iretd |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E2058DE push ebx; retf |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E203501 push eax; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E203580 push eax; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E20678B push dword ptr [ebx+ecx+36B6D5EAh]; iretd |
Source: C:\Windows\System32\loaddll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\loaddll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1D6ED0 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1D4FB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1D27C8 _abort,__NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 2_2_6E1D6A1F _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1D6ED0 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1D4FB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1D27C8 _abort,__NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_6E1D6A1F _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 6_2_6E1D6ED0 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 6_2_6E1D4FB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 6_2_6E1D27C8 _abort,__NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 6_2_6E1D6A1F _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Windows\System32\loaddll32.exe | Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num, |
Source: C:\Windows\System32\loaddll32.exe | Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement, |
Source: C:\Windows\System32\loaddll32.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoA, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, |
Source: C:\Windows\System32\loaddll32.exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, |
Source: C:\Windows\System32\loaddll32.exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
Source: C:\Windows\System32\loaddll32.exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, |
Source: C:\Windows\System32\loaddll32.exe | Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, |
Source: C:\Windows\System32\loaddll32.exe | Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLastError,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA, |
Source: C:\Windows\System32\loaddll32.exe | Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itoa_s, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLastError,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itoa_s, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLastError,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itoa_s, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen, |