Source: | Binary string: WinTypes.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 0000000D.00000003.515702652.00000000052D6000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.542683798.0000000004EA1000.00000004.00000001.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: ntmarta.pdb1 source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: CoreMessaging.pdb_ source: WerFault.exe, 0000000F.00000003.536214635.0000000004E83000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb4 source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: mpr.pdbHa source: WerFault.exe, 0000000F.00000003.536314357.0000000004E70000.00000004.00000040.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000F.00000003.536314357.0000000004E70000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557113684.0000000005230000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: CoreMessaging.pdb source: WerFault.exe, 0000000F.00000003.536214635.0000000004E83000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 0000000F.00000003.536346626.0000000004E74000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557031037.0000000005232000.00000004.00000040.sdmp |
Source: | Binary string: CoreMessaging.pdbK source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: rundll32.pdbk source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb) source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: oCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000D.00000002.533606421.0000000000D92000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000002.553574266.0000000000832000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000002.568560433.0000000000C92000.00000004.00000001.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: setupapi.pdbt source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: ntmarta.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: mpr.pdbH source: WerFault.exe, 00000013.00000003.557113684.0000000005230000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb8 source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.542887533.0000000003126000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: CoreUIComponents.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 0000000F.00000003.536314357.0000000004E70000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557113684.0000000005230000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: iphlpapi.pdbb source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: WinTypes.pdb? source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdbK` source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb& source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: WinTypes.pdbM source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 0000000F.00000003.536346626.0000000004E74000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557031037.0000000005232000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 00000013.00000003.542799224.000000000311B000.00000004.00000001.sdmp |
Source: | Binary string: profapi.pdbb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: ntmarta.pdbk source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb_ source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: setupapi.pdb* source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000F.00000003.536346626.0000000004E74000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557031037.0000000005232000.00000004.00000040.sdmp |
Source: | Binary string: CoreUIComponents.pdbKi source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdbK source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb2 source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: TextInputFramework.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb\ source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: wsspicli.pdbh source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdbh source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: c:\wheel\receive\Many-rise\score.pdb source: loaddll32.exe, 00000000.00000002.697038895.000000006E78B000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.698211502.000000006E78B000.00000002.00020000.sdmp, m87xfb63XU.dll |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000F.00000003.536314357.0000000004E70000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557113684.0000000005230000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdbz source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000F.00000003.536346626.0000000004E74000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557031037.0000000005232000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb, source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000F.00000003.536314357.0000000004E70000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557113684.0000000005230000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000013.00000003.542887533.0000000003126000.00000004.00000001.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000F.00000003.536314357.0000000004E70000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557113684.0000000005230000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdbn source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000013.00000003.542852774.0000000003121000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: CoreUIComponents.pdb_ source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: wntdll.pdbk source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: WerFault.exe, 0000000D.00000002.542863916.00000000052E4000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000002.555554795.0000000004A95000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.566895044.0000000004E23000.00000004.00000001.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: loaddll32.exe, 00000000.00000003.527597302.0000000003AA9000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.531625301.0000000005529000.00000004.00000040.sdmp | String found in binary or memory: http://ogp.me/ns# |
Source: loaddll32.exe, 00000000.00000003.527597302.0000000003AA9000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.531625301.0000000005529000.00000004.00000040.sdmp | String found in binary or memory: http://ogp.me/ns/fb# |
Source: loaddll32.exe, 00000000.00000003.527111263.0000000003B28000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.531230770.00000000055A8000.00000004.00000040.sdmp | String found in binary or memory: https://blogs.msn.com/ |
Source: loaddll32.exe, 00000000.00000003.527111263.0000000003B28000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.531809993.00000000055AB000.00000004.00000040.sdmp | String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn |
Source: loaddll32.exe, 00000000.00000003.527597302.0000000003AA9000.00000004.00000040.sdmp | String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1633991829&rver |
Source: rundll32.exe, 00000003.00000003.531625301.0000000005529000.00000004.00000040.sdmp | String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1633991831&rver |
Source: loaddll32.exe, 00000000.00000003.527597302.0000000003AA9000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.531625301.0000000005529000.00000004.00000040.sdmp | String found in binary or memory: https://mem.gfx.ms/meversion/?partner=msn&market=en-us" |
Source: loaddll32.exe, 00000000.00000003.527597302.0000000003AA9000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.531625301.0000000005529000.00000004.00000040.sdmp | String found in binary or memory: https://static-global-s-msn-com.akamaized.net/en-us//api/modules/cdnfetch" |
Source: loaddll32.exe, 00000000.00000003.527597302.0000000003AA9000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.531625301.0000000005529000.00000004.00000040.sdmp | String found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/en-us/homepage/_sc/css/d7cb56b9-3a82770e/direct |
Source: WerFault.exe, 00000013.00000003.567391017.0000000004E8D000.00000004.00000001.sdmp | String found in binary or memory: https://watson.telemetry.m |
Source: loaddll32.exe, 00000000.00000003.527597302.0000000003AA9000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.531625301.0000000005529000.00000004.00000040.sdmp | String found in binary or memory: https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a |
Source: loaddll32.exe, 00000000.00000003.527597302.0000000003AA9000.00000004.00000040.sdmp | String found in binary or memory: https://www.msn.com/?refurl=%2fmail%2fliopolo%2f881KeBhik38%2fn4I3jisQrsLf3N%2f5T7WW0TVyqLiEqrYpioXw |
Source: rundll32.exe, 00000003.00000003.531625301.0000000005529000.00000004.00000040.sdmp | String found in binary or memory: https://www.msn.com/?refurl=%2fmail%2fliopolo%2fI2vyCwQZ_2BZdOw7_2FC5%2fQHqYyNs8nTjA1r7w%2fN6UkSzFGk |
Source: loaddll32.exe, 00000000.00000003.527597302.0000000003AA9000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.531625301.0000000005529000.00000004.00000040.sdmp | String found in binary or memory: https://www.msn.com/en-us//api/modules/fetch" |
Source: Yara match | File source: 00000000.00000003.527111263.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527630553.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.615631858.00000000038AD000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531230770.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531464419.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527327468.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.576012668.000000000542B000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531480606.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527187841.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.659429998.00000000037AF000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531370717.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527048423.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531284421.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531412078.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531686708.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531172047.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.570679066.00000000039AB000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.624467221.000000000532D000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.667937639.000000000522F000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.526903678.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531440376.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527256439.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.526968624.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527017763.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: loaddll32.exe PID: 6316, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: rundll32.exe PID: 4536, type: MEMORYSTR |
Source: Yara match | File source: 3.2.rundll32.exe.2eb0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.3030000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.35794a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.6e710000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.6e710000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.3.rundll32.exe.2dca31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.2a0a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.3.rundll32.exe.2dca31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.35794a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.2a0a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.265a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.265a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.2e7a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d394a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.143a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.2e7a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.143a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d394a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.697257309.0000000004D39000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.454711091.0000000002E70000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000003.488040276.0000000002650000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.696204071.0000000003579000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.491247065.0000000001430000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000003.453838951.0000000002A00000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000003.476882523.0000000002DC0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527111263.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527630553.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.615631858.00000000038AD000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531230770.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531464419.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527327468.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.576012668.000000000542B000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531480606.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527187841.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.659429998.00000000037AF000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531370717.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527048423.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531284421.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531412078.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531686708.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531172047.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.570679066.00000000039AB000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.624467221.000000000532D000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.667937639.000000000522F000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.526903678.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531440376.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527256439.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.526968624.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527017763.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: loaddll32.exe PID: 6316, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: rundll32.exe PID: 4536, type: MEMORYSTR |
Source: Yara match | File source: 3.2.rundll32.exe.2eb0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.3030000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.35794a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.6e710000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.6e710000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.3.rundll32.exe.2dca31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.2a0a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.3.rundll32.exe.2dca31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.35794a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.2a0a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.265a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.265a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.2e7a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d394a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.143a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.2e7a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.143a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d394a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.697257309.0000000004D39000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.454711091.0000000002E70000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000003.488040276.0000000002650000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.696204071.0000000003579000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.491247065.0000000001430000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000003.453838951.0000000002A00000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000003.476882523.0000000002DC0000.00000040.00000001.sdmp, type: MEMORY |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E7121B4 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0303AF24 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_03032B76 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_03034C40 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E725600 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E75D630 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E773CCE |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E75B597 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E77FA78 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E76A2B1 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E77FB98 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_6E74E8C0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E725600 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E75D630 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E773CCE |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E75B597 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E76A2B1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6E74E8C0 |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\m87xfb63XU.dll' |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\m87xfb63XU.dll',#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\m87xfb63XU.dll,BeGrass |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\m87xfb63XU.dll',#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\m87xfb63XU.dll,Fieldeight |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\m87xfb63XU.dll,Often |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 632 |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 640 |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 640 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\m87xfb63XU.dll',#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\m87xfb63XU.dll,BeGrass |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\m87xfb63XU.dll,Fieldeight |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\m87xfb63XU.dll,Often |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\m87xfb63XU.dll',#1 |
Source: | Binary string: WinTypes.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 0000000D.00000003.515702652.00000000052D6000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.542683798.0000000004EA1000.00000004.00000001.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: ntmarta.pdb1 source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: CoreMessaging.pdb_ source: WerFault.exe, 0000000F.00000003.536214635.0000000004E83000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb4 source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: mpr.pdbHa source: WerFault.exe, 0000000F.00000003.536314357.0000000004E70000.00000004.00000040.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000F.00000003.536314357.0000000004E70000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557113684.0000000005230000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: CoreMessaging.pdb source: WerFault.exe, 0000000F.00000003.536214635.0000000004E83000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 0000000F.00000003.536346626.0000000004E74000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557031037.0000000005232000.00000004.00000040.sdmp |
Source: | Binary string: CoreMessaging.pdbK source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: rundll32.pdbk source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb) source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: oCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000D.00000002.533606421.0000000000D92000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000002.553574266.0000000000832000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000002.568560433.0000000000C92000.00000004.00000001.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: setupapi.pdbt source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: ntmarta.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: mpr.pdbH source: WerFault.exe, 00000013.00000003.557113684.0000000005230000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb8 source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.542887533.0000000003126000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: CoreUIComponents.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 0000000F.00000003.536314357.0000000004E70000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557113684.0000000005230000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: iphlpapi.pdbb source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: WinTypes.pdb? source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdbK` source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb& source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: WinTypes.pdbM source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 0000000F.00000003.536346626.0000000004E74000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557031037.0000000005232000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 00000013.00000003.542799224.000000000311B000.00000004.00000001.sdmp |
Source: | Binary string: profapi.pdbb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: ntmarta.pdbk source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb_ source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: setupapi.pdb* source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000F.00000003.536346626.0000000004E74000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557031037.0000000005232000.00000004.00000040.sdmp |
Source: | Binary string: CoreUIComponents.pdbKi source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdbK source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb2 source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: TextInputFramework.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb\ source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: wsspicli.pdbh source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdbh source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: c:\wheel\receive\Many-rise\score.pdb source: loaddll32.exe, 00000000.00000002.697038895.000000006E78B000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.698211502.000000006E78B000.00000002.00020000.sdmp, m87xfb63XU.dll |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000F.00000003.536314357.0000000004E70000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557113684.0000000005230000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdbz source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000F.00000003.536346626.0000000004E74000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557031037.0000000005232000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb, source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000F.00000003.536314357.0000000004E70000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557113684.0000000005230000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000013.00000003.542887533.0000000003126000.00000004.00000001.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000F.00000003.536314357.0000000004E70000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557113684.0000000005230000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdbn source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000013.00000003.542852774.0000000003121000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 0000000F.00000003.536169982.0000000004E77000.00000004.00000040.sdmp, WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: CoreUIComponents.pdb_ source: WerFault.exe, 00000013.00000003.557144035.0000000005237000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: | Binary string: wntdll.pdbk source: WerFault.exe, 0000000D.00000003.521317987.0000000005581000.00000004.00000001.sdmp, WerFault.exe, 0000000F.00000003.536088621.0000000004D41000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.556979768.0000000005261000.00000004.00000001.sdmp |
Source: Yara match | File source: 00000000.00000003.527111263.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527630553.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.615631858.00000000038AD000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531230770.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531464419.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527327468.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.576012668.000000000542B000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531480606.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527187841.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.659429998.00000000037AF000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531370717.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527048423.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531284421.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531412078.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531686708.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531172047.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.570679066.00000000039AB000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.624467221.000000000532D000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.667937639.000000000522F000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.526903678.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531440376.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527256439.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.526968624.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527017763.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: loaddll32.exe PID: 6316, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: rundll32.exe PID: 4536, type: MEMORYSTR |
Source: Yara match | File source: 3.2.rundll32.exe.2eb0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.3030000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.35794a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.6e710000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.6e710000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.3.rundll32.exe.2dca31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.2a0a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.3.rundll32.exe.2dca31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.35794a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.2a0a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.265a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.265a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.2e7a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d394a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.143a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.2e7a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.143a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d394a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.697257309.0000000004D39000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.454711091.0000000002E70000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000003.488040276.0000000002650000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.696204071.0000000003579000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.491247065.0000000001430000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000003.453838951.0000000002A00000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000003.476882523.0000000002DC0000.00000040.00000001.sdmp, type: MEMORY |
Source: C:\Windows\System32\loaddll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\loaddll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
Source: Yara match | File source: 00000000.00000003.527111263.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527630553.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.615631858.00000000038AD000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531230770.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531464419.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527327468.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.576012668.000000000542B000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531480606.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527187841.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.659429998.00000000037AF000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531370717.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527048423.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531284421.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531412078.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531686708.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531172047.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.570679066.00000000039AB000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.624467221.000000000532D000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.667937639.000000000522F000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.526903678.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531440376.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527256439.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.526968624.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527017763.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: loaddll32.exe PID: 6316, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: rundll32.exe PID: 4536, type: MEMORYSTR |
Source: Yara match | File source: 3.2.rundll32.exe.2eb0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.3030000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.35794a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.6e710000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.6e710000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.3.rundll32.exe.2dca31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.2a0a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.3.rundll32.exe.2dca31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.35794a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.2a0a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.265a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.265a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.2e7a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d394a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.143a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.2e7a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.143a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d394a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.697257309.0000000004D39000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.454711091.0000000002E70000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000003.488040276.0000000002650000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.696204071.0000000003579000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.491247065.0000000001430000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000003.453838951.0000000002A00000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000003.476882523.0000000002DC0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527111263.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527630553.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.615631858.00000000038AD000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531230770.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531464419.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527327468.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.576012668.000000000542B000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531480606.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527187841.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.659429998.00000000037AF000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531370717.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527048423.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531284421.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531412078.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531686708.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531172047.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.570679066.00000000039AB000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.624467221.000000000532D000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.667937639.000000000522F000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.526903678.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.531440376.00000000055A8000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527256439.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.526968624.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.527017763.0000000003B28000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: loaddll32.exe PID: 6316, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: rundll32.exe PID: 4536, type: MEMORYSTR |
Source: Yara match | File source: 3.2.rundll32.exe.2eb0000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.3030000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.35794a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.6e710000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.6e710000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.3.rundll32.exe.2dca31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.2a0a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.3.rundll32.exe.2dca31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll32.exe.35794a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.3.rundll32.exe.2a0a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.265a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.3.rundll32.exe.265a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.2e7a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d394a0.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.143a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.3.rundll32.exe.2e7a31a.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.loaddll32.exe.143a31a.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.4d394a0.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.697257309.0000000004D39000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000003.454711091.0000000002E70000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000003.488040276.0000000002650000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.696204071.0000000003579000.00000004.00000040.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.491247065.0000000001430000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000003.453838951.0000000002A00000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000003.476882523.0000000002DC0000.00000040.00000001.sdmp, type: MEMORY |