Source: |
Binary string: UxTheme.pdb source: WerFault.exe, 0000000B.00000003.395877568.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.396307800.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396853459.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396775988.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: gdi32.pdb source: WerFault.exe, 0000000B.00000003.396163566.000001716E474000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396822650.000001DFB5E14000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: kernelbase.pdb0 source: WerFault.exe, 0000000B.00000003.392399774.000001716D896000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.390485617.000001DFB52D7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.392399063.000001DFB52D7000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: bcryptprimitives.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 0000000B.00000003.395877568.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.396307800.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396853459.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396775988.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: rpcrt4.pdb source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: dwmapi.pdb: source: WerFault.exe, 0000000C.00000003.396853459.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396775988.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: se.pdb\ source: WerFault.exe, 0000000C.00000002.404139284.000001DFB33E2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: kernelbase.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ucrtbase.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: shcore.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: combase.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: win32u.pdb8 source: WerFault.exe, 0000000B.00000003.396163566.000001716E474000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396822650.000001DFB5E14000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: se.pdb( source: WerFault.exe, 0000000B.00000002.404499737.000001716B9D2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: oleaut32.pdb6 source: WerFault.exe, 0000000C.00000003.396853459.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396775988.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: UxTheme.pdb" source: WerFault.exe, 0000000C.00000003.396853459.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396775988.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: msctf.pdb source: WerFault.exe, 0000000B.00000003.395877568.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.396307800.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396853459.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396775988.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: gdi32full.pdb8 source: WerFault.exe, 0000000B.00000003.396163566.000001716E474000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396822650.000001DFB5E14000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: gdi32.pdb8 source: WerFault.exe, 0000000B.00000003.396163566.000001716E474000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396822650.000001DFB5E14000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: user32.pdb source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 0000000B.00000003.396118866.000001716E470000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396815765.000001DFB5E10000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: rundll32.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: .pdbU source: WerFault.exe, 0000000B.00000002.404499737.000001716B9D2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: rpcrt4.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: imagehlp.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdb source: WerFault.exe, 0000000B.00000003.390149544.000001716D88A000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.393542297.000001716D88A000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.390425076.000001DFB52CA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.393721593.000001DFB52CA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: kernel32.pdb source: WerFault.exe, 0000000B.00000003.390201513.000001716D890000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.392963034.000001716D890000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.390462142.000001DFB52D1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.393053418.000001DFB52D1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: rundll32.pdb source: WerFault.exe, 0000000B.00000003.390045053.000001716D884000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.389884691.000001716D918000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.390315024.000001DFB52C4000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.390223237.000001DFB5359000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: se.pdb source: WerFault.exe, 0000000B.00000002.404499737.000001716B9D2000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000002.404139284.000001DFB33E2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: msvcrt.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: oleaut32.pdb source: WerFault.exe, 0000000B.00000003.395877568.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.396307800.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396853459.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396775988.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: imagehlp.pdb source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: win32u.pdb source: WerFault.exe, 0000000B.00000003.396163566.000001716E474000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396822650.000001DFB5E14000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: gdi32full.pdb source: WerFault.exe, 0000000B.00000003.396163566.000001716E474000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396822650.000001DFB5E14000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: kernel32.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: user32.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: dwmapi.pdb source: WerFault.exe, 0000000B.00000003.395877568.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.396307800.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396853459.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396775988.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdb0 source: WerFault.exe, 0000000B.00000003.390149544.000001716D88A000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.393542297.000001716D88A000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.390425076.000001DFB52CA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.393721593.000001DFB52CA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: kernelbase.pdb source: WerFault.exe, 0000000B.00000003.392399774.000001716D896000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.390485617.000001DFB52D7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.392399063.000001DFB52D7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: kernel32.pdb0 source: WerFault.exe, 0000000B.00000003.390201513.000001716D890000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.392963034.000001716D890000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.390462142.000001DFB52D1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.393053418.000001DFB52D1000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: imm32.pdb source: WerFault.exe, 0000000B.00000003.396118866.000001716E470000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396815765.000001DFB5E10000.00000004.00000020.00020000.00000000.sdmp |
Source: unknown |
Network traffic detected: HTTP traffic on port 49708 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49733 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49710 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49727 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49720 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49713 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49717 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49733 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49732 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49731 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49707 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49730 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49732 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49711 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49724 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49728 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49721 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49729 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49728 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49714 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49727 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49726 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49718 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49725 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49724 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49723 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49722 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49721 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49720 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49706 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49731 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49712 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49725 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49729 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49719 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49722 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49719 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49718 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49717 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49716 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49714 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49713 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49712 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49711 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49709 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49710 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49730 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49726 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49723 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49709 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49708 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49707 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49706 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49716 -> 443 |
Source: pzG0rkIchr.dll |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: WerFault.exe, 0000000B.00000002.405055392.000001716D880000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000002.404603896.000001DFB52C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: WerFault.exe, 0000000B.00000002.405055392.000001716D880000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000002.404603896.000001DFB52C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: pzG0rkIchr.dll |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y |
Source: pzG0rkIchr.dll |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 |
Source: pzG0rkIchr.dll |
String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t |
Source: pzG0rkIchr.dll |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0# |
Source: pzG0rkIchr.dll |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# |
Source: pzG0rkIchr.dll |
String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# |
Source: pzG0rkIchr.dll |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: pzG0rkIchr.dll |
String found in binary or memory: http://ocsp.sectigo.com0 |
Source: loaddll64.exe, 00000000.00000003.402271914.0000027ED3940000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.388635168.0000000002100000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.826743463.0000021DDAD90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.826725063.0000021DDAC4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.388322445.000001F71CC60000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gigimas.xyz |
Source: rundll32.exe, 00000004.00000002.825050387.0000021DD91F4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.758857404.0000021DD9255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.758869560.0000021DD925F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.693664493.0000021DD925F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gigimas.xyz/ |
Source: rundll32.exe, 00000004.00000003.432267293.0000021DD9200000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gigimas.xyz/92 |
Source: rundll32.exe, 00000004.00000002.825050387.0000021DD91F4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gigimas.xyz/ic |
Source: rundll32.exe, 00000004.00000003.563913643.0000021DD9221000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gigimas.xyz/index.html |
Source: rundll32.exe, 00000004.00000003.759039619.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.759733313.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.694516726.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.629091178.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.693778417.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gigimas.xyz/index.html)I6 |
Source: rundll32.exe, 00000004.00000003.563913643.0000021DD9221000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gigimas.xyz/index.htmll |
Source: rundll32.exe, 00000004.00000003.497300012.0000021DD9221000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.497398978.0000021DD9226000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gigimas.xyz/index.htmlr |
Source: rundll32.exe, 00000004.00000003.432113341.0000021DD9221000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gigimas.xyz/index.htmluH |
Source: rundll32.exe, 00000004.00000002.825032098.0000021DD91ED000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.825050387.0000021DD91F4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gigimas.xyz:443/index.html |
Source: rundll32.exe, 00000004.00000002.826725063.0000021DDAC4D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gigimas.xyzhttps://reaso.xyz |
Source: loaddll64.exe, 00000000.00000003.402277727.0000027ED3942000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.388644042.0000000002102000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.826756799.0000021DDAD92000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.388329786.000001F71CC62000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://http://Mozilla/5.0 |
Source: rundll32.exe, 00000004.00000002.826725063.0000021DDAC4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.388322445.000001F71CC60000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://reaso.xyz |
Source: pzG0rkIchr.dll |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_0000027ED37137E0 |
0_2_0000027ED37137E0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_0000027ED3715638 |
0_2_0000027ED3715638 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_0000027ED371A918 |
0_2_0000027ED371A918 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_0000027ED3716DF0 |
0_2_0000027ED3716DF0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_0000027ED3717FD4 |
0_2_0000027ED3717FD4 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_0000027ED3713CD8 |
0_2_0000027ED3713CD8 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_0000027ED37131C0 |
0_2_0000027ED37131C0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_0000027ED37134A4 |
0_2_0000027ED37134A4 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_0000027ED3719D6C |
0_2_0000027ED3719D6C |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_0000027ED3714540 |
0_2_0000027ED3714540 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_0000027ED371204C |
0_2_0000027ED371204C |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C076D50 |
0_2_00007FF88C076D50 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C075840 |
0_2_00007FF88C075840 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C071520 |
0_2_00007FF88C071520 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C088D50 |
0_2_00007FF88C088D50 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C090D70 |
0_2_00007FF88C090D70 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C07F964 |
0_2_00007FF88C07F964 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C08B9B0 |
0_2_00007FF88C08B9B0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C0875E0 |
0_2_00007FF88C0875E0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C081E14 |
0_2_00007FF88C081E14 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C08F290 |
0_2_00007FF88C08F290 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C0742A0 |
0_2_00007FF88C0742A0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C0776E0 |
0_2_00007FF88C0776E0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C071B10 |
0_2_00007FF88C071B10 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C08B370 |
0_2_00007FF88C08B370 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C079BA0 |
0_2_00007FF88C079BA0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C0783C0 |
0_2_00007FF88C0783C0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C086808 |
0_2_00007FF88C086808 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C076820 |
0_2_00007FF88C076820 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C074C80 |
0_2_00007FF88C074C80 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C07DCAC |
0_2_00007FF88C07DCAC |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C0790B0 |
0_2_00007FF88C0790B0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C075CC0 |
0_2_00007FF88C075CC0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C08F8F0 |
0_2_00007FF88C08F8F0 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C0898F0 |
0_2_00007FF88C0898F0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_003D37E0 |
3_2_003D37E0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_003D5638 |
3_2_003D5638 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_003DA918 |
3_2_003DA918 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_003D9D6C |
3_2_003D9D6C |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_003D204C |
3_2_003D204C |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_003D4540 |
3_2_003D4540 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_003D34A4 |
3_2_003D34A4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_003D6DF0 |
3_2_003D6DF0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_003D3CD8 |
3_2_003D3CD8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_003D7FD4 |
3_2_003D7FD4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_003D31C0 |
3_2_003D31C0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C076D50 |
3_2_00007FF88C076D50 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C075840 |
3_2_00007FF88C075840 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C071520 |
3_2_00007FF88C071520 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C088D50 |
3_2_00007FF88C088D50 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C090D70 |
3_2_00007FF88C090D70 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C07F964 |
3_2_00007FF88C07F964 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C08B9B0 |
3_2_00007FF88C08B9B0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C0875E0 |
3_2_00007FF88C0875E0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C081E14 |
3_2_00007FF88C081E14 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C08F290 |
3_2_00007FF88C08F290 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C0742A0 |
3_2_00007FF88C0742A0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C0776E0 |
3_2_00007FF88C0776E0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C071B10 |
3_2_00007FF88C071B10 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C08B370 |
3_2_00007FF88C08B370 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C079BA0 |
3_2_00007FF88C079BA0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C0783C0 |
3_2_00007FF88C0783C0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C086808 |
3_2_00007FF88C086808 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C076820 |
3_2_00007FF88C076820 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C074C80 |
3_2_00007FF88C074C80 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C07DCAC |
3_2_00007FF88C07DCAC |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C0790B0 |
3_2_00007FF88C0790B0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C075CC0 |
3_2_00007FF88C075CC0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C08F8F0 |
3_2_00007FF88C08F8F0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C0898F0 |
3_2_00007FF88C0898F0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 4_2_0000021DD93337E0 |
4_2_0000021DD93337E0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 4_2_0000021DD9333CD8 |
4_2_0000021DD9333CD8 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 4_2_0000021DD93331C0 |
4_2_0000021DD93331C0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 4_2_0000021DD9335638 |
4_2_0000021DD9335638 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 4_2_0000021DD9339D6C |
4_2_0000021DD9339D6C |
Source: C:\Windows\System32\rundll32.exe |
Code function: 4_2_0000021DD93334A4 |
4_2_0000021DD93334A4 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 4_2_0000021DD9336DF0 |
4_2_0000021DD9336DF0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 4_2_0000021DD9337FD4 |
4_2_0000021DD9337FD4 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 4_2_0000021DD933A918 |
4_2_0000021DD933A918 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 4_2_0000021DD9334540 |
4_2_0000021DD9334540 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 4_2_0000021DD933204C |
4_2_0000021DD933204C |
Source: C:\Windows\System32\rundll32.exe |
Code function: 5_2_000001F71CC037E0 |
5_2_000001F71CC037E0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 5_2_000001F71CC03CD8 |
5_2_000001F71CC03CD8 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 5_2_000001F71CC06DF0 |
5_2_000001F71CC06DF0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 5_2_000001F71CC034A4 |
5_2_000001F71CC034A4 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 5_2_000001F71CC031C0 |
5_2_000001F71CC031C0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 5_2_000001F71CC07FD4 |
5_2_000001F71CC07FD4 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 5_2_000001F71CC09D6C |
5_2_000001F71CC09D6C |
Source: C:\Windows\System32\rundll32.exe |
Code function: 5_2_000001F71CC0A918 |
5_2_000001F71CC0A918 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 5_2_000001F71CC05638 |
5_2_000001F71CC05638 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 5_2_000001F71CC04540 |
5_2_000001F71CC04540 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 5_2_000001F71CC0204C |
5_2_000001F71CC0204C |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C071520 |
6_2_00007FF88C071520 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C088D50 |
6_2_00007FF88C088D50 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C076D50 |
6_2_00007FF88C076D50 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C090D70 |
6_2_00007FF88C090D70 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C07F964 |
6_2_00007FF88C07F964 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C08B9B0 |
6_2_00007FF88C08B9B0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C0875E0 |
6_2_00007FF88C0875E0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C081E14 |
6_2_00007FF88C081E14 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C08F290 |
6_2_00007FF88C08F290 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C0742A0 |
6_2_00007FF88C0742A0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C0776E0 |
6_2_00007FF88C0776E0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C071B10 |
6_2_00007FF88C071B10 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C08B370 |
6_2_00007FF88C08B370 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C079BA0 |
6_2_00007FF88C079BA0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C0783C0 |
6_2_00007FF88C0783C0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C086808 |
6_2_00007FF88C086808 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C076820 |
6_2_00007FF88C076820 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C075840 |
6_2_00007FF88C075840 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C074C80 |
6_2_00007FF88C074C80 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C07DCAC |
6_2_00007FF88C07DCAC |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C0790B0 |
6_2_00007FF88C0790B0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C075CC0 |
6_2_00007FF88C075CC0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C08F8F0 |
6_2_00007FF88C08F8F0 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C0898F0 |
6_2_00007FF88C0898F0 |
Source: unknown |
Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\pzG0rkIchr.dll" |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1 |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\pzG0rkIchr.dll |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1 |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,DllRegisterServer |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,ItsnPq5v |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,QlqYo259k |
|
Source: C:\Windows\System32\rundll32.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2100 -s 304 |
|
Source: C:\Windows\System32\rundll32.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1308 -s 304 |
|
Source: C:\Windows\System32\rundll32.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2100 -s 304 |
|
Source: C:\Windows\System32\rundll32.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1308 -s 304 |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\pzG0rkIchr.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,DllRegisterServer |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,ItsnPq5v |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,QlqYo259k |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2100 -s 304 |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1308 -s 304 |
Jump to behavior |
Source: |
Binary string: UxTheme.pdb source: WerFault.exe, 0000000B.00000003.395877568.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.396307800.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396853459.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396775988.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: gdi32.pdb source: WerFault.exe, 0000000B.00000003.396163566.000001716E474000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396822650.000001DFB5E14000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: kernelbase.pdb0 source: WerFault.exe, 0000000B.00000003.392399774.000001716D896000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.390485617.000001DFB52D7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.392399063.000001DFB52D7000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: bcryptprimitives.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 0000000B.00000003.395877568.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.396307800.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396853459.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396775988.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: rpcrt4.pdb source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: dwmapi.pdb: source: WerFault.exe, 0000000C.00000003.396853459.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396775988.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: se.pdb\ source: WerFault.exe, 0000000C.00000002.404139284.000001DFB33E2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: kernelbase.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ucrtbase.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: shcore.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: combase.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: win32u.pdb8 source: WerFault.exe, 0000000B.00000003.396163566.000001716E474000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396822650.000001DFB5E14000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: se.pdb( source: WerFault.exe, 0000000B.00000002.404499737.000001716B9D2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: oleaut32.pdb6 source: WerFault.exe, 0000000C.00000003.396853459.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396775988.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: UxTheme.pdb" source: WerFault.exe, 0000000C.00000003.396853459.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396775988.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: msctf.pdb source: WerFault.exe, 0000000B.00000003.395877568.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.396307800.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396853459.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396775988.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: gdi32full.pdb8 source: WerFault.exe, 0000000B.00000003.396163566.000001716E474000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396822650.000001DFB5E14000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: gdi32.pdb8 source: WerFault.exe, 0000000B.00000003.396163566.000001716E474000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396822650.000001DFB5E14000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: user32.pdb source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 0000000B.00000003.396118866.000001716E470000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396815765.000001DFB5E10000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: rundll32.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: .pdbU source: WerFault.exe, 0000000B.00000002.404499737.000001716B9D2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: rpcrt4.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: imagehlp.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdb source: WerFault.exe, 0000000B.00000003.390149544.000001716D88A000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.393542297.000001716D88A000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.390425076.000001DFB52CA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.393721593.000001DFB52CA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: kernel32.pdb source: WerFault.exe, 0000000B.00000003.390201513.000001716D890000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.392963034.000001716D890000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.390462142.000001DFB52D1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.393053418.000001DFB52D1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: rundll32.pdb source: WerFault.exe, 0000000B.00000003.390045053.000001716D884000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.389884691.000001716D918000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.390315024.000001DFB52C4000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.390223237.000001DFB5359000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: se.pdb source: WerFault.exe, 0000000B.00000002.404499737.000001716B9D2000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000002.404139284.000001DFB33E2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: msvcrt.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: oleaut32.pdb source: WerFault.exe, 0000000B.00000003.395877568.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.396307800.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396853459.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396775988.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: imagehlp.pdb source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: win32u.pdb source: WerFault.exe, 0000000B.00000003.396163566.000001716E474000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396822650.000001DFB5E14000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: gdi32full.pdb source: WerFault.exe, 0000000B.00000003.396163566.000001716E474000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396822650.000001DFB5E14000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: kernel32.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: user32.pdb8 source: WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: dwmapi.pdb source: WerFault.exe, 0000000B.00000003.395877568.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.396307800.000001716E477000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396853459.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396775988.000001DFB5E17000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdb0 source: WerFault.exe, 0000000B.00000003.390149544.000001716D88A000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.393542297.000001716D88A000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.390425076.000001DFB52CA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.393721593.000001DFB52CA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: kernelbase.pdb source: WerFault.exe, 0000000B.00000003.392399774.000001716D896000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.395867216.000001716E471000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.390485617.000001DFB52D7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.392399063.000001DFB52D7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396760863.000001DFB5E11000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: kernel32.pdb0 source: WerFault.exe, 0000000B.00000003.390201513.000001716D890000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.392963034.000001716D890000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.390462142.000001DFB52D1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.393053418.000001DFB52D1000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: imm32.pdb source: WerFault.exe, 0000000B.00000003.396118866.000001716E470000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000C.00000003.396815765.000001DFB5E10000.00000004.00000020.00020000.00000000.sdmp |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: rundll32.exe, 00000004.00000003.759039619.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.564079958.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.759733313.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.497353450.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.694516726.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.629091178.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.825208523.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.432152980.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.497418075.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.693778417.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW\ |
Source: WerFault.exe, 0000000C.00000002.404708361.000001DFB5324000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW0*K |
Source: WerFault.exe, 0000000B.00000002.405301805.000001716D916000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.403687494.000001716D916000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW</ |
Source: WerFault.exe, 0000000B.00000003.401733084.000001716D910000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000003.401808320.000001716D914000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW</%SystemRoot%\system32\mswsock.dll<reqs> |
Source: rundll32.exe, 00000004.00000003.759039619.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.564079958.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.759733313.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.497353450.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.694516726.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.629091178.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.825208523.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.432152980.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.497418075.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.693778417.0000021DD923C000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000B.00000002.404822488.000001716BA98000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: rundll32.exe, 00000004.00000002.824960141.0000021DD91C8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW` |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C086DA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF88C086DA4 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C07E374 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF88C07E374 |
Source: C:\Windows\System32\loaddll64.exe |
Code function: 0_2_00007FF88C07BC0C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF88C07BC0C |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C086DA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
3_2_00007FF88C086DA4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C07E374 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
3_2_00007FF88C07E374 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 3_2_00007FF88C07BC0C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
3_2_00007FF88C07BC0C |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C086DA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
6_2_00007FF88C086DA4 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C07E374 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
6_2_00007FF88C07E374 |
Source: C:\Windows\System32\rundll32.exe |
Code function: 6_2_00007FF88C07BC0C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
6_2_00007FF88C07BC0C |