Source: |
Binary string: msvfw32.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 0000000B.00000003.709320403.0000000002D78000.00000004.00000001.sdmp |
Source: |
Binary string: sfc_os.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: bcrypt.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 0000000B.00000003.715278200.0000000004EF1000.00000004.00000001.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: glu32.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 0000000B.00000003.708846171.0000000002D72000.00000004.00000001.sdmp |
Source: |
Binary string: advapi32.pdb`z% source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: winmm.pdbCi source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 0000000B.00000003.715278200.0000000004EF1000.00000004.00000001.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdbk source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb|z9 source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdbjz+ source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 0000000B.00000003.709346864.0000000002D7E000.00000004.00000001.sdmp |
Source: |
Binary string: mpr.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 0000000B.00000003.715278200.0000000004EF1000.00000004.00000001.sdmp |
Source: |
Binary string: setupapi.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: imagehlp.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wUxTheme.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: dwmapi.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: msctf.pdbqi> source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb( source: WerFault.exe, 0000000B.00000003.708846171.0000000002D72000.00000004.00000001.sdmp |
Source: |
Binary string: shcore.pdbk source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: WINMMBASE.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: opengl32.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: FgvmFpm.pdb source: loaddll32.exe, 00000001.00000002.644007951.000000006FC58000.00000002.00020000.sdmp, 53b4ee92_by_Libranalysis.dll |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: ws2_32.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: winspool.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 0000000B.00000003.715278200.0000000004EF1000.00000004.00000001.sdmp |
Source: |
Binary string: shell32.pdbk source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: propsys.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdbk source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: winmm.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: msctf.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: msvfw32.pdb!i source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdbfz? source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: AcLayers.pdb source: WerFault.exe, 0000000B.00000003.715278200.0000000004EF1000.00000004.00000001.sdmp |
Source: |
Binary string: opengl32.pdbwi8 source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: comctl32v582.pdb source: WerFault.exe, 0000000B.00000003.715353567.00000000050A1000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: propsys.pdbkB source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000B.00000003.709346864.0000000002D7E000.00000004.00000001.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb( source: WerFault.exe, 0000000B.00000003.709320403.0000000002D78000.00000004.00000001.sdmp |
Source: |
Binary string: rundll32.pdb source: WerFault.exe, 0000000B.00000003.715278200.0000000004EF1000.00000004.00000001.sdmp |
Source: |
Binary string: oleaut32.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: sfc.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 0000000B.00000003.715278200.0000000004EF1000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 0000000B.00000003.715278200.0000000004EF1000.00000004.00000001.sdmp |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC54450 |
1_2_6FC54450 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6EED9348 |
4_2_6EED9348 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6EED0754 |
4_2_6EED0754 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6EEC1494 |
4_2_6EEC1494 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6EEC846C |
4_2_6EEC846C |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6EED1460 |
4_2_6EED1460 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6EED1D58 |
4_2_6EED1D58 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6EECA52C |
4_2_6EECA52C |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6EEC90CC |
4_2_6EEC90CC |
Source: unknown |
Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\53b4ee92_by_Libranalysis.dll' |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\53b4ee92_by_Libranalysis.dll',#1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\53b4ee92_by_Libranalysis.dll',#1 |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 736 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\53b4ee92_by_Libranalysis.dll',#1 |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\53b4ee92_by_Libranalysis.dll',#1 |
Jump to behavior |
Source: |
Binary string: msvfw32.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 0000000B.00000003.709320403.0000000002D78000.00000004.00000001.sdmp |
Source: |
Binary string: sfc_os.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: bcrypt.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 0000000B.00000003.715278200.0000000004EF1000.00000004.00000001.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: glu32.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 0000000B.00000003.708846171.0000000002D72000.00000004.00000001.sdmp |
Source: |
Binary string: advapi32.pdb`z% source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: winmm.pdbCi source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 0000000B.00000003.715278200.0000000004EF1000.00000004.00000001.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdbk source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb|z9 source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdbjz+ source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 0000000B.00000003.709346864.0000000002D7E000.00000004.00000001.sdmp |
Source: |
Binary string: mpr.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 0000000B.00000003.715278200.0000000004EF1000.00000004.00000001.sdmp |
Source: |
Binary string: setupapi.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: imagehlp.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wUxTheme.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: dwmapi.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: msctf.pdbqi> source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb( source: WerFault.exe, 0000000B.00000003.708846171.0000000002D72000.00000004.00000001.sdmp |
Source: |
Binary string: shcore.pdbk source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: WINMMBASE.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: opengl32.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: FgvmFpm.pdb source: loaddll32.exe, 00000001.00000002.644007951.000000006FC58000.00000002.00020000.sdmp, 53b4ee92_by_Libranalysis.dll |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: ws2_32.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: winspool.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 0000000B.00000003.715278200.0000000004EF1000.00000004.00000001.sdmp |
Source: |
Binary string: shell32.pdbk source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: propsys.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdbk source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: winmm.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: msctf.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: msvfw32.pdb!i source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdbfz? source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: AcLayers.pdb source: WerFault.exe, 0000000B.00000003.715278200.0000000004EF1000.00000004.00000001.sdmp |
Source: |
Binary string: opengl32.pdbwi8 source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: comctl32v582.pdb source: WerFault.exe, 0000000B.00000003.715353567.00000000050A1000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: propsys.pdbkB source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000B.00000003.709346864.0000000002D7E000.00000004.00000001.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000B.00000003.715316380.0000000005090000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb( source: WerFault.exe, 0000000B.00000003.709320403.0000000002D78000.00000004.00000001.sdmp |
Source: |
Binary string: rundll32.pdb source: WerFault.exe, 0000000B.00000003.715278200.0000000004EF1000.00000004.00000001.sdmp |
Source: |
Binary string: oleaut32.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: sfc.pdb source: WerFault.exe, 0000000B.00000003.715329287.0000000005097000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 0000000B.00000003.715278200.0000000004EF1000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 0000000B.00000003.715278200.0000000004EF1000.00000004.00000001.sdmp |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC433D3 push ebp; retf |
1_2_6FC433F6 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC457F2 push ebx; retf |
1_2_6FC457F8 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC4594C push ss; iretd |
1_2_6FC4595D |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC4334D push ebx; retf |
1_2_6FC43373 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC44351 push ebx; retf |
1_2_6FC44357 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC44370 push ebx; retf |
1_2_6FC44377 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC43973 push ebx; retf |
1_2_6FC43976 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC44F16 push ebp; retf |
1_2_6FC44F17 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC44934 push ebx; retf |
1_2_6FC44937 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC472C9 push ebp; iretd |
1_2_6FC472CA |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC470EE push ebx; retf |
1_2_6FC470F8 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC458EA push ebx; retf |
1_2_6FC458F8 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC44C96 push ebx; retf |
1_2_6FC44C97 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC436A0 push ebp; retf |
1_2_6FC436F6 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC456B7 push ebx; retf |
1_2_6FC456B8 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC43C49 push edi; retf |
1_2_6FC43C56 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC4647C push ebx; iretd |
1_2_6FC4647E |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC4740B push ebx; retf |
1_2_6FC47418 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC44C29 push di; iretd |
1_2_6FC44C2D |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_6FC44A32 push esp; retf |
1_2_6FC44A37 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6EECF6CC push esi; mov dword ptr [esp], 00000000h |
4_2_6EECF6CD |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: WerFault.exe, 0000000B.00000002.731045915.0000000004AF0000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: WerFault.exe, 0000000B.00000003.728244584.0000000004AD3000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW |
Source: WerFault.exe, 0000000B.00000003.724531096.0000000004ADA000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll+ |
Source: WerFault.exe, 0000000B.00000002.731045915.0000000004AF0000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: WerFault.exe, 0000000B.00000002.731045915.0000000004AF0000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: WerFault.exe, 0000000B.00000002.731045915.0000000004AF0000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6EEC6D50 GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
4_2_6EEC6D50 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
4_2_6EEC6D50 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_6EEC6D50 GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
4_2_6EEC6D50 |