Source: | Binary string: WinTypes.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000012.00000003.480895631.00000000036B4000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.482429181.0000000004AE1000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.500262352.0000000004CE3000.00000004.00000001.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdbQ source: WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: CoreMessaging.pdb_ source: WerFault.exe, 00000013.00000003.499906922.0000000004E52000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516748528.00000000050B1000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000013.00000003.499963350.0000000004E40000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516653357.00000000050A0000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.504088333.0000000000CFC000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000013.00000003.499811887.0000000004E42000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516677135.00000000050A4000.00000004.00000040.sdmp |
Source: | Binary string: CoreMessaging.pdb source: WerFault.exe, 00000013.00000003.499906922.0000000004E52000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516748528.00000000050B1000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: rundll32.pdbk source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: ntmarta.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdbE source: WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000012.00000003.481849190.00000000036BA000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.503709261.0000000000D08000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: CoreUIComponents.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 00000013.00000003.499963350.0000000004E40000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516653357.00000000050A0000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdbI source: WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 00000012.00000003.482428909.00000000036AE000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.504088333.0000000000CFC000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 00000013.00000003.499811887.0000000004E42000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516677135.00000000050A4000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdbC source: WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000013.00000003.499811887.0000000004E42000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516677135.00000000050A4000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: TextInputFramework.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: c:\wheel\receive\Many-rise\score.pdb source: loaddll32.exe, 00000000.00000002.645023107.000000006ED5B000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.645833298.000000006ED5B000.00000002.00020000.sdmp, 6yDD19jMIu.dll |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000013.00000003.499963350.0000000004E40000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516653357.00000000050A0000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdbw source: WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000012.00000003.481849190.00000000036BA000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.503709261.0000000000D08000.00000004.00000001.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000013.00000003.499811887.0000000004E42000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516677135.00000000050A4000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000013.00000003.499963350.0000000004E40000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516653357.00000000050A0000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000013.00000003.499963350.0000000004E40000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516653357.00000000050A0000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdb_ source: WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000012.00000003.480895631.00000000036B4000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.501149079.0000000000D02000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: wntdll.pdbk source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: WerFault.exe, 00000012.00000002.526349700.0000000005348000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.524969424.0000000004A35000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.542519805.0000000004C13000.00000004.00000001.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: loaddll32.exe, 00000000.00000003.496097051.0000000002CA9000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.496583081.00000000051C9000.00000004.00000040.sdmp | String found in binary or memory: http://ogp.me/ns# |
Source: loaddll32.exe, 00000000.00000003.496097051.0000000002CA9000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.496583081.00000000051C9000.00000004.00000040.sdmp | String found in binary or memory: http://ogp.me/ns/fb# |
Source: loaddll32.exe, 00000000.00000003.496226518.0000000002D28000.00000004.00000040.sdmp | String found in binary or memory: https://blogs.msn.co |
Source: loaddll32.exe, 00000000.00000003.493105528.0000000002D28000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.493384184.0000000005248000.00000004.00000040.sdmp | String found in binary or memory: https://blogs.msn.com/ |
Source: loaddll32.exe, 00000000.00000003.496226518.0000000002D28000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.493384184.0000000005248000.00000004.00000040.sdmp | String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn |
Source: loaddll32.exe, 00000000.00000003.496097051.0000000002CA9000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.496583081.00000000051C9000.00000004.00000040.sdmp | String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1633985424&rver |
Source: loaddll32.exe, 00000000.00000003.496097051.0000000002CA9000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.496583081.00000000051C9000.00000004.00000040.sdmp | String found in binary or memory: https://mem.gfx.ms/meversion/?partner=msn&market=en-us" |
Source: loaddll32.exe, 00000000.00000003.496097051.0000000002CA9000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.496583081.00000000051C9000.00000004.00000040.sdmp | String found in binary or memory: https://static-global-s-msn-com.akamaized.net/en-us//api/modules/cdnfetch" |
Source: loaddll32.exe, 00000000.00000003.496097051.0000000002CA9000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.496583081.00000000051C9000.00000004.00000040.sdmp | String found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/en-us/homepage/_sc/css/d7cb56b9-3a82770e/direct |
Source: WerFault.exe, 00000013.00000002.531558276.0000000004A0C000.00000004.00000001.sdmp | String found in binary or memory: https://watson.telemetry.microsoftv |
Source: loaddll32.exe, 00000000.00000003.493105528.0000000002D28000.00000004.00000040.sdmp | String found in binary or memory: https://web.vortex.d |
Source: loaddll32.exe, 00000000.00000003.496097051.0000000002CA9000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.496583081.00000000051C9000.00000004.00000040.sdmp | String found in binary or memory: https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a |
Source: rundll32.exe, 00000003.00000003.496583081.00000000051C9000.00000004.00000040.sdmp | String found in binary or memory: https://www.msn.com/?refurl=%2fmail%2fliopolo%2fRSTOkJCBHcQTlX372kVU%2fXbET532Uukq3yxPfegA%2frK8jg_2 |
Source: loaddll32.exe, 00000000.00000003.496097051.0000000002CA9000.00000004.00000040.sdmp | String found in binary or memory: https://www.msn.com/?refurl=%2fmail%2fliopolo%2fjXTvRU37X%2fkKAN62uBd3tDT4UuvXf7%2ftv2pa650q_2BNc4gZ |
Source: loaddll32.exe, 00000000.00000003.496097051.0000000002CA9000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.496583081.00000000051C9000.00000004.00000040.sdmp | String found in binary or memory: https://www.msn.com/en-us//api/modules/fetch" |
Source: Yara match | File source: 00000000.00000003.496226518.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493105528.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.539408777.0000000002BAB000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493430312.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.493384184.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493160476.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493225744.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495833848.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.540595897.00000000050CB000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493018858.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493315813.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495340771.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.586659042.0000000004FCD000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496119591.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.627710789.00000000029AF000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495987344.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.492948682.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495528986.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496654306.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496183449.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.492874402.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496285299.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.630148889.0000000004ECF000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.584685857.0000000002AAD000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: loaddll32.exe PID: 3708, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: rundll32.exe PID: 5172, type: MEMORYSTR |
Source: Yara match | File source: 0.2.loaddll32.exe.6ece0000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.3.rundll32.exe.342a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.71a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.750000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.12b0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.12fa31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.25c94a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.c5a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.b0a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d094a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.b0a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.71a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.c5a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.12fa31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.25c94a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.3.rundll32.exe.342a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d094a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.6ece0000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000003.445970079.0000000000710000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000003.412556442.00000000012F0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.413015029.0000000000C50000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.643304809.00000000025C9000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000003.444240615.0000000000B00000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000003.436255990.0000000003420000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.645427360.0000000004D09000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.496226518.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493105528.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.539408777.0000000002BAB000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493430312.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.493384184.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493160476.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493225744.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495833848.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.540595897.00000000050CB000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493018858.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493315813.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495340771.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.586659042.0000000004FCD000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496119591.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.627710789.00000000029AF000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495987344.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.492948682.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495528986.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496654306.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496183449.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.492874402.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496285299.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.630148889.0000000004ECF000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.584685857.0000000002AAD000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: loaddll32.exe PID: 3708, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: rundll32.exe PID: 5172, type: MEMORYSTR |
Source: Yara match | File source: 0.2.loaddll32.exe.6ece0000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.3.rundll32.exe.342a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.71a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.750000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.12b0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.12fa31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.25c94a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.c5a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.b0a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d094a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.b0a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.71a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.c5a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.12fa31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.25c94a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.3.rundll32.exe.342a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d094a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.6ece0000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000003.445970079.0000000000710000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000003.412556442.00000000012F0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.413015029.0000000000C50000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.643304809.00000000025C9000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000003.444240615.0000000000B00000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000003.436255990.0000000003420000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.645427360.0000000004D09000.00000004.00000040.sdmp, type: MEMORY |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6ECE21B4 | 0_2_6ECE21B4 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00754C40 | 0_2_00754C40 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0075664C | 0_2_0075664C |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00752B76 | 0_2_00752B76 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0075954A | 0_2_0075954A |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0075AF24 | 0_2_0075AF24 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00757DEC | 0_2_00757DEC |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6ECF5600 | 0_2_6ECF5600 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6ED2B597 | 0_2_6ED2B597 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6ED3A2B1 | 0_2_6ED3A2B1 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6ED1E8C0 | 0_2_6ED1E8C0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_012BAF24 | 3_2_012BAF24 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_012B2B76 | 3_2_012B2B76 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_012B4C40 | 3_2_012B4C40 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6ECF5600 | 3_2_6ECF5600 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6ED2D630 | 3_2_6ED2D630 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6ED43CCE | 3_2_6ED43CCE |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6ED2B597 | 3_2_6ED2B597 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6ED3A2B1 | 3_2_6ED3A2B1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6ED1E8C0 | 3_2_6ED1E8C0 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6ECE15C6 SetThreadPriority,NtQuerySystemInformation,Sleep,GetLongPathNameW,GetLongPathNameW,GetLongPathNameW,GetLastError,WaitForSingleObject,GetExitCodeThread,CloseHandle,GetLastError,GetLastError, | 0_2_6ECE15C6 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6ECE1273 NtMapViewOfSection, | 0_2_6ECE1273 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6ECE13B8 GetProcAddress,NtCreateSection,memset, | 0_2_6ECE13B8 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6ECE23D5 NtQueryVirtualMemory, | 0_2_6ECE23D5 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_00755D10 NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose, | 0_2_00755D10 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0075B149 NtQueryVirtualMemory, | 0_2_0075B149 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_012B5D10 NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose, | 3_2_012B5D10 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_012BB149 NtQueryVirtualMemory, | 3_2_012BB149 |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\6yDD19jMIu.dll' | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\6yDD19jMIu.dll',#1 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\6yDD19jMIu.dll,BeGrass | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\6yDD19jMIu.dll',#1 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\6yDD19jMIu.dll,Fieldeight | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\6yDD19jMIu.dll,Often | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 892 | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 636 | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 872 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\6yDD19jMIu.dll',#1 | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\6yDD19jMIu.dll,BeGrass | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\6yDD19jMIu.dll,Fieldeight | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\6yDD19jMIu.dll,Often | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\6yDD19jMIu.dll',#1 | Jump to behavior |
Source: | Binary string: WinTypes.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000012.00000003.480895631.00000000036B4000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.482429181.0000000004AE1000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.500262352.0000000004CE3000.00000004.00000001.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdbQ source: WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: CoreMessaging.pdb_ source: WerFault.exe, 00000013.00000003.499906922.0000000004E52000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516748528.00000000050B1000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000013.00000003.499963350.0000000004E40000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516653357.00000000050A0000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.504088333.0000000000CFC000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000013.00000003.499811887.0000000004E42000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516677135.00000000050A4000.00000004.00000040.sdmp |
Source: | Binary string: CoreMessaging.pdb source: WerFault.exe, 00000013.00000003.499906922.0000000004E52000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516748528.00000000050B1000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: rundll32.pdbk source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: ntmarta.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdbE source: WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000012.00000003.481849190.00000000036BA000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.503709261.0000000000D08000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: CoreUIComponents.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 00000013.00000003.499963350.0000000004E40000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516653357.00000000050A0000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdbI source: WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 00000012.00000003.482428909.00000000036AE000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.504088333.0000000000CFC000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 00000013.00000003.499811887.0000000004E42000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516677135.00000000050A4000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdbC source: WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000013.00000003.499811887.0000000004E42000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516677135.00000000050A4000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: TextInputFramework.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: c:\wheel\receive\Many-rise\score.pdb source: loaddll32.exe, 00000000.00000002.645023107.000000006ED5B000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.645833298.000000006ED5B000.00000002.00020000.sdmp, 6yDD19jMIu.dll |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000013.00000003.499963350.0000000004E40000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516653357.00000000050A0000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdbw source: WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000012.00000003.481849190.00000000036BA000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.503709261.0000000000D08000.00000004.00000001.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000013.00000003.499811887.0000000004E42000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516677135.00000000050A4000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000013.00000003.499963350.0000000004E40000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516653357.00000000050A0000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000013.00000003.499963350.0000000004E40000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516653357.00000000050A0000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdb_ source: WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000012.00000003.480895631.00000000036B4000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.501149079.0000000000D02000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 00000013.00000003.499826747.0000000004E47000.00000004.00000040.sdmp, WerFault.exe, 00000017.00000003.516703583.00000000050A7000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: | Binary string: wntdll.pdbk source: WerFault.exe, 00000012.00000003.496211151.00000000056B1000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.499748090.0000000004E71000.00000004.00000001.sdmp, WerFault.exe, 00000017.00000003.516407386.0000000004F91000.00000004.00000001.sdmp |
Source: Yara match | File source: 00000000.00000003.496226518.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493105528.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.539408777.0000000002BAB000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493430312.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.493384184.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493160476.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493225744.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495833848.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.540595897.00000000050CB000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493018858.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493315813.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495340771.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.586659042.0000000004FCD000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496119591.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.627710789.00000000029AF000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495987344.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.492948682.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495528986.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496654306.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496183449.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.492874402.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496285299.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.630148889.0000000004ECF000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.584685857.0000000002AAD000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: loaddll32.exe PID: 3708, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: rundll32.exe PID: 5172, type: MEMORYSTR |
Source: Yara match | File source: 0.2.loaddll32.exe.6ece0000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.3.rundll32.exe.342a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.71a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.750000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.12b0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.12fa31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.25c94a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.c5a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.b0a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d094a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.b0a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.71a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.c5a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.12fa31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.25c94a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.3.rundll32.exe.342a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d094a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.6ece0000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000003.445970079.0000000000710000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000003.412556442.00000000012F0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.413015029.0000000000C50000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.643304809.00000000025C9000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000003.444240615.0000000000B00000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000003.436255990.0000000003420000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.645427360.0000000004D09000.00000004.00000040.sdmp, type: MEMORY |
Source: C:\Windows\System32\loaddll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: loaddll32.exe, 00000000.00000002.642262171.0000000000E30000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.473339722.00000000039D0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.645184272.00000000033F0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.476198950.0000000003AA0000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.485003177.00000000033F0000.00000002.00020000.sdmp | Binary or memory string: Shell_TrayWnd |
Source: loaddll32.exe, 00000000.00000002.642262171.0000000000E30000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.473339722.00000000039D0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.645184272.00000000033F0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.476198950.0000000003AA0000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.485003177.00000000033F0000.00000002.00020000.sdmp | Binary or memory string: Progman |
Source: loaddll32.exe, 00000000.00000002.642262171.0000000000E30000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.473339722.00000000039D0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.645184272.00000000033F0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.476198950.0000000003AA0000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.485003177.00000000033F0000.00000002.00020000.sdmp | Binary or memory string: SProgram Managerl |
Source: loaddll32.exe, 00000000.00000002.642262171.0000000000E30000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.473339722.00000000039D0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.645184272.00000000033F0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.476198950.0000000003AA0000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.485003177.00000000033F0000.00000002.00020000.sdmp | Binary or memory string: Shell_TrayWnd, |
Source: loaddll32.exe, 00000000.00000002.642262171.0000000000E30000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000000.473339722.00000000039D0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.645184272.00000000033F0000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.476198950.0000000003AA0000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000000.485003177.00000000033F0000.00000002.00020000.sdmp | Binary or memory string: Progmanlock |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW, | 0_2_6ED19EB5 |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW, | 0_2_6ED40E4C |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, | 0_2_6ED4E448 |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, | 0_2_6ED40429 |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, | 0_2_6ED4EA21 |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, | 0_2_6ED4E3AD |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, | 0_2_6ED4E344 |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, | 0_2_6ED4E0A2 |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 0_2_6ED4E84C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, | 3_2_6ED19EB5 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, | 3_2_6ED40E4C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, | 3_2_6ED4E448 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, | 3_2_6ED40429 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, | 3_2_6ED4EA21 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, | 3_2_6ED4E3AD |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, | 3_2_6ED4E344 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, | 3_2_6ED4E0A2 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 3_2_6ED4E84C |
Source: Yara match | File source: 00000000.00000003.496226518.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493105528.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.539408777.0000000002BAB000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493430312.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.493384184.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493160476.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493225744.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495833848.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.540595897.00000000050CB000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493018858.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493315813.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495340771.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.586659042.0000000004FCD000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496119591.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.627710789.00000000029AF000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495987344.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.492948682.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495528986.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496654306.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496183449.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.492874402.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496285299.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.630148889.0000000004ECF000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.584685857.0000000002AAD000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: loaddll32.exe PID: 3708, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: rundll32.exe PID: 5172, type: MEMORYSTR |
Source: Yara match | File source: 0.2.loaddll32.exe.6ece0000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.3.rundll32.exe.342a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.71a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.750000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.12b0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.12fa31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.25c94a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.c5a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.b0a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d094a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.b0a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.71a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.c5a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.12fa31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.25c94a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.3.rundll32.exe.342a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d094a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.6ece0000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000003.445970079.0000000000710000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000003.412556442.00000000012F0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.413015029.0000000000C50000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.643304809.00000000025C9000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000003.444240615.0000000000B00000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000003.436255990.0000000003420000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.645427360.0000000004D09000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.496226518.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493105528.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.539408777.0000000002BAB000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493430312.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.493384184.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493160476.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493225744.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495833848.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.540595897.00000000050CB000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493018858.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.493315813.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495340771.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.586659042.0000000004FCD000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496119591.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.627710789.00000000029AF000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495987344.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.492948682.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.495528986.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496654306.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496183449.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.492874402.0000000002D28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.496285299.0000000005248000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.630148889.0000000004ECF000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.584685857.0000000002AAD000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: loaddll32.exe PID: 3708, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: rundll32.exe PID: 5172, type: MEMORYSTR |
Source: Yara match | File source: 0.2.loaddll32.exe.6ece0000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.3.rundll32.exe.342a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.71a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.750000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.12b0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.12fa31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.25c94a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.c5a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.b0a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d094a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.b0a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.71a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.c5a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.12fa31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.25c94a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.3.rundll32.exe.342a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d094a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.6ece0000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000003.445970079.0000000000710000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000003.412556442.00000000012F0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.413015029.0000000000C50000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.643304809.00000000025C9000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000003.444240615.0000000000B00000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000003.436255990.0000000003420000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.645427360.0000000004D09000.00000004.00000040.sdmp, type: MEMORY |