Source: http://www.rapidfilestorage.com/clrls/cl_rls.jsonB |
Avira URL Cloud: Label: malware |
Source: http://www.rapidfilestorage.com/clrls/cl_rls.jsonLz |
Avira URL Cloud: Label: malware |
Source: http://www.rapidfilestorage.com/clrls/cl_rls.json) |
Avira URL Cloud: Label: malware |
Source: http://www.rapidfilestorage.com/clrls/cl_rls.json; |
Avira URL Cloud: Label: malware |
Source: http://www.rapidfilestorage.com/clrls/cl_rls.jsond |
Avira URL Cloud: Label: malware |
Source: http://www.rapidfilestorage.com/clrls/cl_rls.json |
Avira URL Cloud: Label: malware |
Source: http://www.rapidfilestorage.com/clrls/cl_rls.jsonu |
Avira URL Cloud: Label: malware |
Source: env-3936544.jcloud.kz |
Virustotal: Detection: 5% |
Perma Link |
Source: HeOkukP.dll |
Virustotal: Detection: 40% |
Perma Link |
Source: HeOkukP.dll |
ReversingLabs: Detection: 31% |
Source: Submited Sample |
Integrated Neural Analysis Model: Matched 99.8% probability |
Source: HeOkukP.dll |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL |
Source: global traffic |
HTTP traffic detected: GET /clrls/cl_rls.json HTTP/1.1Host: www.rapidfilestorage.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /clrls/cl_rls.json HTTP/1.1Host: www.rapidfilestorage.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /clrls/cl_rls.json HTTP/1.1Host: www.rapidfilestorage.comConnection: Keep-AliveCache-Control: no-cache |
Source: Joe Sandbox View |
IP Address: 185.22.66.16 185.22.66.16 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
HTTP traffic detected: GET /clrls/cl_rls.json HTTP/1.1Host: www.rapidfilestorage.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /clrls/cl_rls.json HTTP/1.1Host: www.rapidfilestorage.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /clrls/cl_rls.json HTTP/1.1Host: www.rapidfilestorage.comConnection: Keep-AliveCache-Control: no-cache |
Source: global traffic |
DNS traffic detected: DNS query: www.rapidfilestorage.com |
Source: rundll32.exe, 00000009.00000003.1368971478.000000000339A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.rapidfilestorage.com/clrls/cl_rls.json |
Source: rundll32.exe, 00000005.00000003.1336028674.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1335749105.0000000002B3C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1336998419.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.rapidfilestorage.com/clrls/cl_rls.json) |
Source: rundll32.exe, 00000009.00000002.1369354017.0000000003340000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.1369059378.000000000333A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.1368849550.0000000003333000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.rapidfilestorage.com/clrls/cl_rls.json; |
Source: rundll32.exe, 00000007.00000003.1336450668.00000000028E9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1336974130.00000000028EF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336229595.00000000028E2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.rapidfilestorage.com/clrls/cl_rls.jsonB |
Source: rundll32.exe, 00000009.00000003.1368849550.0000000003394000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.1369354017.000000000339C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.1368526440.000000000339A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.1368971478.000000000339A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.rapidfilestorage.com/clrls/cl_rls.jsonLz |
Source: rundll32.exe, 00000005.00000003.1336500957.0000000002AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1336963668.0000000002AC3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.rapidfilestorage.com/clrls/cl_rls.jsond |
Source: rundll32.exe, 00000005.00000003.1336028674.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1335749105.0000000002B3C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1336998419.0000000002B3E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.rapidfilestorage.com/clrls/cl_rls.jsonu |
Source: rundll32.exe, 00000005.00000003.1336028674.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1336201784.0000000002B75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1336352369.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336229595.0000000002962000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1337153187.000000000297D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336364192.0000000002971000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1336974130.0000000002962000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336389193.0000000002978000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336450668.0000000002962000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.1368930066.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.1368971478.00000000033B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.1369354017.00000000033B3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/% |
Source: rundll32.exe, 00000005.00000003.1336028674.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1336201784.0000000002B75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1336352369.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336229595.0000000002962000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1337153187.000000000297D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336364192.0000000002971000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1336974130.0000000002962000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336389193.0000000002978000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336450668.0000000002962000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.1368930066.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.1368971478.00000000033B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.1369354017.00000000033B3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://crash-reports.mozilla.com/submit?id= |
Source: rundll32.exe, 00000005.00000003.1336028674.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1336201784.0000000002B75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1336352369.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336229595.0000000002962000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1337153187.000000000297D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336364192.0000000002971000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1336974130.0000000002962000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336389193.0000000002978000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336450668.0000000002962000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.1368930066.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.1368971478.00000000033B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.1369354017.00000000033B3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_04C233B0 |
5_2_04C233B0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 7_2_04BD33B0 |
7_2_04BD33B0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 9_2_056533B0 |
9_2_056533B0 |
Source: HeOkukP.dll |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL |
Source: classification engine |
Classification label: mal88.evad.winDLL@10/0@1/1 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7724:120:WilError_03 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Global\2_PhpuzIakkdPWqpI |
Source: HeOkukP.dll |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Windows\SysWOW64\rundll32.exe |
File read: C:\Program Files\Mozilla Firefox\application.ini |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\HeOkukP.dll,#1 |
Source: HeOkukP.dll |
Virustotal: Detection: 40% |
Source: HeOkukP.dll |
ReversingLabs: Detection: 31% |
Source: unknown |
Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\HeOkukP.dll" |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\HeOkukP.dll",#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\HeOkukP.dll,#1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\HeOkukP.dll",#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\HeOkukP.dll",#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\HeOkukP.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\HeOkukP.dll,#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\HeOkukP.dll",#1 |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\HeOkukP.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32 |
Jump to behavior |
Source: HeOkukP.dll |
Static file information: File size 6726144 > 1048576 |
Source: HeOkukP.dll |
Static PE information: Raw size of .data is bigger than: 0x100000 < 0x5ec800 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_04C364F0 push eax; ret |
5_2_04C3650E |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_04C23395 push ecx; ret |
5_2_04C233A8 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 7_2_04BD3395 push ecx; ret |
7_2_04BD33A8 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 7_2_04BE64F0 push eax; ret |
7_2_04BE650E |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 9_2_056664F0 push eax; ret |
9_2_0566650E |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 9_2_05653395 push ecx; ret |
9_2_056533A8 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess |
Source: C:\Windows\SysWOW64\rundll32.exe |
API coverage: 4.4 % |
Source: C:\Windows\SysWOW64\rundll32.exe |
API coverage: 1.9 % |
Source: C:\Windows\SysWOW64\rundll32.exe |
API coverage: 3.3 % |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\loaddll32.exe |
Thread delayed: delay time: 120000 |
Jump to behavior |
Source: rundll32.exe, 00000007.00000003.1335961205.0000000002963000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336229595.0000000002962000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1337105449.0000000002968000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336429087.0000000002967000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWX |
Source: rundll32.exe, 00000005.00000003.1336028674.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1335749105.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1336312907.0000000002B57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1337134914.0000000002B58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1335961205.0000000002963000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336229595.0000000002962000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1336974130.0000000002935000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336229595.0000000002935000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1337105449.0000000002968000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1336429087.0000000002967000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.1369354017.0000000003340000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: rundll32.exe, 00000005.00000003.1336352369.0000000002ADA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1336998419.0000000002AE0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1336028674.0000000002AD3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW( |
Source: C:\Windows\SysWOW64\rundll32.exe |
API call chain: ExitProcess graph end node |
Source: C:\Windows\SysWOW64\rundll32.exe |
API call chain: ExitProcess graph end node |
Source: C:\Windows\SysWOW64\rundll32.exe |
API call chain: ExitProcess graph end node |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_04C2F0EF EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, |
5_2_04C2F0EF |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_04C2F0EF EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, |
5_2_04C2F0EF |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 5_2_04C211A4 SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
5_2_04C211A4 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 7_2_04BD11A4 SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
7_2_04BD11A4 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 9_2_056511A4 SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
9_2_056511A4 |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\HeOkukP.dll",#1 |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
5_2_04C2E1C6 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: __IsNonwritableInCurrentImage,___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson, |
5_2_04C233B0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW, |
5_2_04C22C29 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: __IsNonwritableInCurrentImage,___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson, |
7_2_04BD33B0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
7_2_04BDE1C6 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW, |
7_2_04BD2C29 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW, |
9_2_05652C29 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: __crtGetLocaleInfoA_stat, |
9_2_0565E1C6 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: __IsNonwritableInCurrentImage,___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__calloc_crt,__invoke_watson, |
9_2_056533B0 |