Source: | Binary string: UxTheme.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: gdi32.pdb source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: kernelbase.pdb0 source: WerFault.exe, 0000000D.00000003.359316080.000001EA8F2F7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370137520.000001EA8F2F7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: bcryptprimitives.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: oleaut32.pdb"V source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: rpcrt4.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: kernelbase.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ucrtbase.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: shcore.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: combase.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: elbase.pdb source: WerFault.exe, 0000000D.00000002.379074933.000001EA8D552000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370270156.000001EA8D563000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: win32u.pdb8 source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: gdi32full.pdb8 source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: gdi32.pdb8 source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: user32.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 0000000D.00000003.375077557.000001EA8FE90000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: rundll32.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: rpcrt4.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: imagehlp.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntdll.pdb source: WerFault.exe, 0000000D.00000003.370270156.000001EA8D563000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.373102112.000001EA8F2EA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359276516.000001EA8F2EA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: kernel32.pdb source: WerFault.exe, 0000000D.00000003.371722395.000001EA8F2F1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370270156.000001EA8D563000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359287144.000001EA8F2F1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dwmapi.pdb6V source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 0000000D.00000003.359149665.000001EA8F2E4000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370270156.000001EA8D563000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359079833.000001EA8F379000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msvcrt.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msctf.pdb!V source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntdll.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: win32u.pdb source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: gdi32full.pdb source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: kernel32.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: user32.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntdll.pdb0 source: WerFault.exe, 0000000D.00000003.373102112.000001EA8F2EA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359276516.000001EA8F2EA000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: kernelbase.pdb source: WerFault.exe, 0000000D.00000003.359316080.000001EA8F2F7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370137520.000001EA8F2F7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: kernel32.pdb0 source: WerFault.exe, 0000000D.00000003.371722395.000001EA8F2F1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359287144.000001EA8F2F1000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: imm32.pdb source: WerFault.exe, 0000000D.00000003.375077557.000001EA8FE90000.00000004.00000020.00020000.00000000.sdmp |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49722 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49721 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49720 |
Source: unknown | Network traffic detected: HTTP traffic on port 49727 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49725 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49719 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49720 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49722 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49719 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49718 |
Source: unknown | Network traffic detected: HTTP traffic on port 49713 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49717 |
Source: unknown | Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49716 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown | Network traffic detected: HTTP traffic on port 49717 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49714 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49713 |
Source: unknown | Network traffic detected: HTTP traffic on port 49726 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49724 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49728 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49721 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49723 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49716 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49728 |
Source: unknown | Network traffic detected: HTTP traffic on port 49714 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49727 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49726 |
Source: unknown | Network traffic detected: HTTP traffic on port 49718 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49725 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49724 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49723 |
Source: pzG0rkIchr.dll | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: WerFault.exe, 0000000D.00000002.379355430.000001EA8F2E0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: WerFault.exe, 0000000D.00000002.379355430.000001EA8F2E0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: pzG0rkIchr.dll | String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y |
Source: pzG0rkIchr.dll | String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 |
Source: pzG0rkIchr.dll | String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t |
Source: pzG0rkIchr.dll | String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0# |
Source: pzG0rkIchr.dll | String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# |
Source: pzG0rkIchr.dll | String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# |
Source: pzG0rkIchr.dll | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: pzG0rkIchr.dll | String found in binary or memory: http://ocsp.sectigo.com0 |
Source: loaddll64.exe, 00000000.00000003.631018067.0000020164340000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641761210.00000000021BD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641543041.00000000020E0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.357258070.0000017B374A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.357488590.00000201A4290000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://gigimas.xyz |
Source: regsvr32.exe, 00000003.00000003.466330233.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596495160.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.595788178.0000000000815000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.531293534.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641484903.0000000000813000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596407001.0000000000813000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641359278.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.466249755.00000000007A9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://gigimas.xyz/ |
Source: regsvr32.exe, 00000003.00000003.466330233.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596506826.000000000078D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596495160.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.531293534.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641359278.00000000007E8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://gigimas.xyz/index.html |
Source: regsvr32.exe, 00000003.00000003.596495160.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641359278.00000000007E8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://gigimas.xyz/index.html5F |
Source: regsvr32.exe, 00000003.00000003.466312748.00000000007DD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://gigimas.xyz/index.html9Pu/Jl |
Source: regsvr32.exe, 00000003.00000002.641214444.00000000007C6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596466270.00000000007C6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.531265696.00000000007C6000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://gigimas.xyz/index.htmlT |
Source: regsvr32.exe, 00000003.00000002.641004710.0000000000785000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://gigimas.xyz/index.htmlm |
Source: regsvr32.exe, 00000003.00000003.531293534.00000000007E8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://gigimas.xyz:443/index.html |
Source: regsvr32.exe, 00000003.00000003.596495160.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641359278.00000000007E8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://gigimas.xyz:443/index.htmlY_ |
Source: regsvr32.exe, 00000003.00000002.641761210.00000000021BD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://gigimas.xyzhttps://reaso.xyz |
Source: loaddll64.exe, 00000000.00000003.631032238.0000020164342000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641554871.00000000020E2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.357262173.0000017B374A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.357492545.00000201A4292000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://http://Mozilla/5.0 |
Source: regsvr32.exe, 00000003.00000002.641761210.00000000021BD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641543041.00000000020E0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.357258070.0000017B374A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.357488590.00000201A4290000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://reaso.xyz |
Source: pzG0rkIchr.dll | String found in binary or memory: https://sectigo.com/CPS0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00000201640C37E0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00000201640C6DF0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00000201640CA918 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00000201640C4540 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00000201640C5638 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00000201640C204C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00000201640C9D6C |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00000201640C34A4 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00000201640C31C0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00000201640C3CD8 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00000201640C7FD4 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130E5840 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130E6D50 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130E9BA0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130E83C0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130F6808 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130E6820 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130FF290 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130E42A0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130E76E0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130E1B10 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130FB370 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130FB9B0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130F75E0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130F1E14 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130E4C80 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130E90B0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130EDCAC |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130E5CC0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130FF8F0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130F98F0 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130E1520 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130F8D50 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC13100D70 |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130EF964 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00739D6C |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00735638 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_007337E0 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00733CD8 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_007331C0 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00734540 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_0073204C |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_0073A918 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00736DF0 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00737FD4 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_007334A4 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130E5840 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130F75E0 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130E6D50 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130E9BA0 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130E83C0 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130F6808 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130E6820 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130FF290 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130E42A0 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130E76E0 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130E1B10 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130FB370 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130FB9B0 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130F1E14 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130E4C80 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130E90B0 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130EDCAC |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130E5CC0 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130FF8F0 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130F98F0 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130E1520 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130F8D50 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC13100D70 |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130EF964 |
Source: C:\Windows\System32\rundll32.exe | Code function: 4_2_0000017B359E37E0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 4_2_0000017B359E34A4 |
Source: C:\Windows\System32\rundll32.exe | Code function: 4_2_0000017B359E3CD8 |
Source: C:\Windows\System32\rundll32.exe | Code function: 4_2_0000017B359E7FD4 |
Source: C:\Windows\System32\rundll32.exe | Code function: 4_2_0000017B359E31C0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 4_2_0000017B359E6DF0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 4_2_0000017B359EA918 |
Source: C:\Windows\System32\rundll32.exe | Code function: 4_2_0000017B359E5638 |
Source: C:\Windows\System32\rundll32.exe | Code function: 4_2_0000017B359E204C |
Source: C:\Windows\System32\rundll32.exe | Code function: 4_2_0000017B359E4540 |
Source: C:\Windows\System32\rundll32.exe | Code function: 4_2_0000017B359E9D6C |
Source: C:\Windows\System32\rundll32.exe | Code function: 5_2_00000201A29A37E0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 5_2_00000201A29A9D6C |
Source: C:\Windows\System32\rundll32.exe | Code function: 5_2_00000201A29A31C0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 5_2_00000201A29A34A4 |
Source: C:\Windows\System32\rundll32.exe | Code function: 5_2_00000201A29A7FD4 |
Source: C:\Windows\System32\rundll32.exe | Code function: 5_2_00000201A29A3CD8 |
Source: C:\Windows\System32\rundll32.exe | Code function: 5_2_00000201A29A6DF0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 5_2_00000201A29AA918 |
Source: C:\Windows\System32\rundll32.exe | Code function: 5_2_00000201A29A4540 |
Source: C:\Windows\System32\rundll32.exe | Code function: 5_2_00000201A29A5638 |
Source: C:\Windows\System32\rundll32.exe | Code function: 5_2_00000201A29A204C |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130E9BA0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130E83C0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130F6808 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130E6820 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130E5840 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130FF290 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130E42A0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130E76E0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130E1B10 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130FB370 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130FB9B0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130F75E0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130F1E14 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130E4C80 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130E90B0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130EDCAC |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130E5CC0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130FF8F0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130F98F0 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130E1520 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130E6D50 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130F8D50 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC13100D70 |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130EF964 |
Source: unknown | Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\pzG0rkIchr.dll" |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1 |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\pzG0rkIchr.dll |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1 |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,DllRegisterServer |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,ItsnPq5v |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,QlqYo259k |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6044 -s 276 |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6136 -s 304 |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6136 -s 304 |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1 |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\pzG0rkIchr.dll |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,DllRegisterServer |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,ItsnPq5v |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,QlqYo259k |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1 |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6136 -s 304 |
Source: | Binary string: UxTheme.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: gdi32.pdb source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: kernelbase.pdb0 source: WerFault.exe, 0000000D.00000003.359316080.000001EA8F2F7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370137520.000001EA8F2F7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: bcryptprimitives.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: oleaut32.pdb"V source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: rpcrt4.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: kernelbase.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ucrtbase.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: shcore.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: combase.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: elbase.pdb source: WerFault.exe, 0000000D.00000002.379074933.000001EA8D552000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370270156.000001EA8D563000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: win32u.pdb8 source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: gdi32full.pdb8 source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: gdi32.pdb8 source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: user32.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 0000000D.00000003.375077557.000001EA8FE90000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: rundll32.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: rpcrt4.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: imagehlp.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntdll.pdb source: WerFault.exe, 0000000D.00000003.370270156.000001EA8D563000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.373102112.000001EA8F2EA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359276516.000001EA8F2EA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: kernel32.pdb source: WerFault.exe, 0000000D.00000003.371722395.000001EA8F2F1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370270156.000001EA8D563000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359287144.000001EA8F2F1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dwmapi.pdb6V source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 0000000D.00000003.359149665.000001EA8F2E4000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370270156.000001EA8D563000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359079833.000001EA8F379000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msvcrt.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msctf.pdb!V source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntdll.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: win32u.pdb source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: gdi32full.pdb source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: kernel32.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: user32.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntdll.pdb0 source: WerFault.exe, 0000000D.00000003.373102112.000001EA8F2EA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359276516.000001EA8F2EA000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: kernelbase.pdb source: WerFault.exe, 0000000D.00000003.359316080.000001EA8F2F7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370137520.000001EA8F2F7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: kernel32.pdb0 source: WerFault.exe, 0000000D.00000003.371722395.000001EA8F2F1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359287144.000001EA8F2F1000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: imm32.pdb source: WerFault.exe, 0000000D.00000003.375077557.000001EA8FE90000.00000004.00000020.00020000.00000000.sdmp |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130EBC0C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130EE374 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\System32\loaddll64.exe | Code function: 0_2_00007FFC130F6DA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130EBC0C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130EE374 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\System32\regsvr32.exe | Code function: 3_2_00007FFC130F6DA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130EBC0C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130EE374 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Windows\System32\rundll32.exe | Code function: 8_2_00007FFC130F6DA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |