dup2patcher.dll
- Filename:
- dup2patcher.dll
- md5:
- 76086eeb401cf8f4b2293bb5343c4f7e
- sha1:
- 57a706501f714aacda8c9832690830a661eb9874
- sha256:
- eb9ee7189e4cdff6ac854baa78117f04937e944774f393952c20e5e963340347
- Filetype:
- PE32 executable (DLL) (GUI) Intel 80386, for MS Wi ...
- Size (Bytes):
- 73728
- Classification:
- malicious
- Indexed:
- Mon Jul 14 2025 10:09:37 GMT+0000 (4 months ago)
- Last modified:
- Fri Oct 10 2025 23:50:33 GMT+0000 (23 days ago)
Sample information
36
Antivirus detections0
IDS alerts31
Processes0
Http events0
Contacted hosts0
DNS Requests8.1
Score
Current activity of this Sample
Blacklist timeline
Malicious
23 days since the last reported activity
Hashes
In depth details
Dates
Explore our API specification anytime here:
cURL
Python
PowerShell
Request:
curl -H "Authorization: Bearer <API_KEY>" https://api.maltiverse.com/sample/eb9ee7189e4cdff6ac854baa78117f04937e944774f393952c20e5e963340347
Response:
{
"antivirus": [
{
"description": "HackTool/Win32.Patcher.R207239",
"name": "AhnLab-V3"
},
{
"description": "HackTool/Win32.Patcher",
"name": "Antiy-AVL"
},
{
"description": "Trojan.Ghanarava.17474312543c4f7e",
"name": "CAT-QuickHeal"
},
{
"description": "dll.trojan.patcher",
"name": "CTX"
},
{
"description": "Win.Dropper.Genericrxem-9937527-0",
"name": "ClamAV"
},
{
"description": "Unsafe",
"name": "Cylance"
},
{
"description": "Malicious (score: 100)",
"name": "Cynet"
},
{
"description": "MALICIOUS",
"name": "DeepInstinct"
},
{
"description": "Win32/HackTool.Patcher.T potentially unsafe",
"name": "ESET-NOD32"
},
{
"description": "malicious (high confidence)",
"name": "Elastic"
},
{
"description": "Riskware/Patcher",
"name": "Fortinet"
},
{
"description": "Win32.Trojan.PSE.1GI7FPD",
"name": "GData"
},
{
"description": "Detected",
"name": "Google"
},
{
"description": "PUA.HackTool.Patcher",
"name": "Ikarus"
},
{
"description": "Trojan.Generic.fonq",
"name": "Jiangmin"
},
{
"description": "Riskware ( 0040eff71 )",
"name": "K7AntiVirus"
},
{
"description": "Riskware ( 0040eff71 )",
"name": "K7GW"
},
{
"description": "Hacktool.Win32.Patcher.3!c",
"name": "Lionic"
},
{
"description": "Generic.Malware.AI.DDS",
"name": "Malwarebytes"
},
{
"description": "Trojan.Malware.3405.susgen",
"name": "MaxSecure"
},
{
"description": "Real Protect-LS!76086EEB401C",
"name": "McAfeeD"
},
{
"description": "HackTool:Win32/Keygen",
"name": "Microsoft"
},
{
"description": "Trojan.Kryptik@AI.88 (RDML:Kvm2UILx2kkWLLpRCXO4Ww)",
"name": "Rising"
},
{
"description": "Hack.Tool/Gen-Patcher",
"name": "SUPERAntiSpyware"
},
{
"description": "Trojan.Win32.Save.a",
"name": "Sangfor"
},
{
"description": "Static AI - Suspicious PE",
"name": "SentinelOne"
},
{
"description": "BehavesLike.Win32.Generic.lm",
"name": "Skyhigh"
},
{
"description": "Generic Patcher (PUA)",
"name": "Sophos"
},
{
"description": "SMG.Heur!gen",
"name": "Symantec"
},
{
"description": "GenericRXEM-OL!76086EEB401C",
"name": "TrellixENS"
},
{
"description": "TROJ_GEN.R002C0OD425",
"name": "TrendMicro"
},
{
"description": "Trojan.Win32.VSX.PE04C9f",
"name": "TrendMicro-HouseCall"
},
{
"description": "W32/Agent.JOS.gen!Eldorado",
"name": "Varist"
},
{
"description": "W32.Trojan.Gen",
"name": "Webroot"
},
{
"description": "Trojan.GenAsa!30XG1D/2cC8",
"name": "Yandex"
},
{
"description": "HackTool:Win/Patcher.T",
"name": "alibabacloud"
}
],
"blacklist": [
{
"count": 9,
"description": "Generic Malware",
"first_seen": "2025-07-14 10:15:03",
"last_seen": "2025-07-14 11:45:10",
"ref": [
21745
],
"source": "Hybrid-Analysis"
},
{
"count": 3,
"description": "Generic Malware",
"external_references": [
{
"description": "x_cta_member_id",
"external_id": "identity--4bd3553f-ab17-4ec2-8d48-e80a8a398400",
"source_name": "cyber-threat-alliance"
},
{
"description": "x_cta_submission_id",
"external_id": "8ec0d373-010f-40eb-b45c-019b0ef7e2cb",
"source_name": "cyber-threat-alliance"
}
],
"first_seen": "2025-10-10 15:14:13",
"last_seen": "2025-10-10 15:14:13",
"ref": [
21745
],
"source": "Cyber Threat Alliance"
}
],
"classification": "malicious",
"creation_time": "2025-07-14 10:09:37",
"filename": [
"dup2patcher.dll"
],
"filetype": "PE32 executable (DLL) (GUI) Intel 80386, for MS Wi ...",
"is_alive": false,
"is_cdn": false,
"is_cnc": false,
"is_distributing_malware": false,
"is_hosting": false,
"is_iot_threat": false,
"is_known_attacker": false,
"is_known_scanner": false,
"is_mining_pool": false,
"is_open_proxy": false,
"is_phishing": false,
"is_sinkhole": false,
"is_storing_phishing": false,
"is_tor_node": false,
"is_vpn_node": false,
"md5": "76086eeb401cf8f4b2293bb5343c4f7e",
"modification_time": "2025-10-10 23:50:33",
"process_list": [
{
"name": "<Ignored Process>",
"uid": "00000000-00003236"
},
{
"commandline": "\"C:\\dup2patcher.dll\",#1",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\rundll32.exe",
"sha256": "c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c",
"uid": "00000000-00000412"
},
{
"commandline": "-u -p 412 -s 600",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\WerFault.exe",
"sha256": "5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d",
"uid": "00000000-00009192"
},
{
"commandline": "-u -p 412 -s 600",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\WerFault.exe",
"sha256": "5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d",
"uid": "00000000-00008980"
},
{
"commandline": "-u -p 412 -s 600",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\WerFault.exe",
"sha256": "5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d",
"uid": "00000000-00004016"
},
{
"commandline": "\"C:\\dup2patcher.dll\",#2",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\rundll32.exe",
"sha256": "c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c",
"uid": "00000000-00007336"
},
{
"commandline": "\"C:\\dup2patcher.dll\",#4",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\rundll32.exe",
"sha256": "c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c",
"uid": "00000000-00001440"
},
{
"commandline": "\"C:\\dup2patcher.dll\",#3",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\rundll32.exe",
"sha256": "c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c",
"uid": "00000000-00008148"
},
{
"commandline": "-pss -s 460 -p 412 -ip 412",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\WerFault.exe",
"sha256": "5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d",
"uid": "00000000-00003628"
},
{
"commandline": "\"C:\\dup2patcher.dll\",#5",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\rundll32.exe",
"sha256": "c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c",
"uid": "00000000-00009108"
},
{
"commandline": "-u -p 9108 -s 608",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\WerFault.exe",
"sha256": "5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d",
"uid": "00000000-00007576"
},
{
"commandline": "-u -p 9108 -s 608",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\WerFault.exe",
"sha256": "5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d",
"uid": "00000000-00001376"
},
{
"commandline": "-u -p 9108 -s 608",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\WerFault.exe",
"sha256": "5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d",
"uid": "00000000-00004348"
},
{
"commandline": "\"C:\\dup2patcher.dll\",#6",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\rundll32.exe",
"sha256": "c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c",
"uid": "00000000-00007436"
},
{
"commandline": "\"C:\\dup2patcher.dll\",#7",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\rundll32.exe",
"sha256": "c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c",
"uid": "00000000-00008016"
},
{
"commandline": "-pss -s 552 -p 9108 -ip 9108",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\WerFault.exe",
"sha256": "5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d",
"uid": "00000000-00004492"
},
{
"commandline": "\"C:\\dup2patcher.dll\",#8",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\rundll32.exe",
"sha256": "c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c",
"uid": "00000000-00008868"
},
{
"commandline": "-u -p 8868 -s 608",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\WerFault.exe",
"sha256": "5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d",
"uid": "00000000-00002304"
},
{
"commandline": "-u -p 8868 -s 608",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\WerFault.exe",
"sha256": "5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d",
"uid": "00000000-00007380"
},
{
"commandline": "-u -p 8868 -s 608",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\WerFault.exe",
"sha256": "5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d",
"uid": "00000000-00008136"
},
{
"commandline": "\"C:\\dup2patcher.dll\",#9",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\rundll32.exe",
"sha256": "c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c",
"uid": "00000000-00008164"
},
{
"commandline": "-pss -s 592 -p 8868 -ip 8868",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\WerFault.exe",
"sha256": "5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d",
"uid": "00000000-00001392"
},
{
"commandline": "\"C:\\dup2patcher.dll\",#10",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\rundll32.exe",
"sha256": "c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c",
"uid": "00000000-00007460"
},
{
"commandline": "\"C:\\dup2patcher.dll\",#11",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\rundll32.exe",
"sha256": "c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c",
"uid": "00000000-00008488"
},
{
"commandline": "\"C:\\dup2patcher.dll\",#12",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\rundll32.exe",
"sha256": "c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c",
"uid": "00000000-00005372"
},
{
"commandline": "\"C:\\dup2patcher.dll\",#13",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\rundll32.exe",
"sha256": "c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c",
"uid": "00000000-00004896"
},
{
"commandline": "\"C:\\dup2patcher.dll\",#14",
"name": "rundll32.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\rundll32.exe",
"sha256": "c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c",
"uid": "00000000-00006252"
},
{
"commandline": "-u -p 6252 -s 600",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\WerFault.exe",
"sha256": "5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d",
"uid": "00000000-00006652"
},
{
"commandline": "-u -p 6252 -s 600",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\WerFault.exe",
"sha256": "5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d",
"uid": "00000000-00008024"
},
{
"commandline": "-u -p 6252 -s 600",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\WerFault.exe",
"sha256": "5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d",
"uid": "00000000-00007656"
},
{
"commandline": "-pss -s 608 -p 6252 -ip 6252",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\WerFault.exe",
"sha256": "5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d",
"uid": "00000000-00000892"
}
],
"score": 8.1,
"scoring_executed_time": "2025-10-13 22:23:08",
"sha1": "57a706501f714aacda8c9832690830a661eb9874",
"sha256": "eb9ee7189e4cdff6ac854baa78117f04937e944774f393952c20e5e963340347",
"size": 73728,
"type": "sample"
}
Antivirus positives
Process list
- uid
- 00000000-00003236
- commandline
- name
- <Ignored Process>
- normalizedpath
- sha256
- uid
- 00000000-00000412
- commandline
- "C:\dup2patcher.dll",#1
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\SysWOW64\rundll32.exe
- sha256
- c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c
- uid
- 00000000-00009192
- commandline
- -u -p 412 -s 600
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\SysWOW64\WerFault.exe
- sha256
- 5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d
- uid
- 00000000-00008980
- commandline
- -u -p 412 -s 600
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\SysWOW64\WerFault.exe
- sha256
- 5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d
- uid
- 00000000-00004016
- commandline
- -u -p 412 -s 600
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\SysWOW64\WerFault.exe
- sha256
- 5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d
- uid
- 00000000-00007336
- commandline
- "C:\dup2patcher.dll",#2
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\SysWOW64\rundll32.exe
- sha256
- c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c
- uid
- 00000000-00001440
- commandline
- "C:\dup2patcher.dll",#4
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\SysWOW64\rundll32.exe
- sha256
- c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c
- uid
- 00000000-00008148
- commandline
- "C:\dup2patcher.dll",#3
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\SysWOW64\rundll32.exe
- sha256
- c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c
- uid
- 00000000-00003628
- commandline
- -pss -s 460 -p 412 -ip 412
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\SysWOW64\WerFault.exe
- sha256
- 5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d
- uid
- 00000000-00009108
- commandline
- "C:\dup2patcher.dll",#5
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\SysWOW64\rundll32.exe
- sha256
- c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c
- uid
- 00000000-00007576
- commandline
- -u -p 9108 -s 608
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\SysWOW64\WerFault.exe
- sha256
- 5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d
- uid
- 00000000-00001376
- commandline
- -u -p 9108 -s 608
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\SysWOW64\WerFault.exe
- sha256
- 5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d
- uid
- 00000000-00004348
- commandline
- -u -p 9108 -s 608
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\SysWOW64\WerFault.exe
- sha256
- 5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d
- uid
- 00000000-00007436
- commandline
- "C:\dup2patcher.dll",#6
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\SysWOW64\rundll32.exe
- sha256
- c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c
- uid
- 00000000-00008016
- commandline
- "C:\dup2patcher.dll",#7
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\SysWOW64\rundll32.exe
- sha256
- c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c
- uid
- 00000000-00004492
- commandline
- -pss -s 552 -p 9108 -ip 9108
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\SysWOW64\WerFault.exe
- sha256
- 5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d
- uid
- 00000000-00008868
- commandline
- "C:\dup2patcher.dll",#8
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\SysWOW64\rundll32.exe
- sha256
- c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c
- uid
- 00000000-00002304
- commandline
- -u -p 8868 -s 608
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\SysWOW64\WerFault.exe
- sha256
- 5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d
- uid
- 00000000-00007380
- commandline
- -u -p 8868 -s 608
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\SysWOW64\WerFault.exe
- sha256
- 5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d
- uid
- 00000000-00008136
- commandline
- -u -p 8868 -s 608
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\SysWOW64\WerFault.exe
- sha256
- 5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d
- uid
- 00000000-00008164
- commandline
- "C:\dup2patcher.dll",#9
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\SysWOW64\rundll32.exe
- sha256
- c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c
- uid
- 00000000-00001392
- commandline
- -pss -s 592 -p 8868 -ip 8868
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\SysWOW64\WerFault.exe
- sha256
- 5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d
- uid
- 00000000-00007460
- commandline
- "C:\dup2patcher.dll",#10
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\SysWOW64\rundll32.exe
- sha256
- c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c
- uid
- 00000000-00008488
- commandline
- "C:\dup2patcher.dll",#11
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\SysWOW64\rundll32.exe
- sha256
- c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c
- uid
- 00000000-00005372
- commandline
- "C:\dup2patcher.dll",#12
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\SysWOW64\rundll32.exe
- sha256
- c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c
- uid
- 00000000-00004896
- commandline
- "C:\dup2patcher.dll",#13
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\SysWOW64\rundll32.exe
- sha256
- c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c
- uid
- 00000000-00006252
- commandline
- "C:\dup2patcher.dll",#14
- name
- rundll32.exe
- normalizedpath
- %WINDIR%\SysWOW64\rundll32.exe
- sha256
- c4815ead0abe44972ae918cab9b21289b29cf5d3471fe102c27e1a86601a729c
- uid
- 00000000-00006652
- commandline
- -u -p 6252 -s 600
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\SysWOW64\WerFault.exe
- sha256
- 5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d
- uid
- 00000000-00008024
- commandline
- -u -p 6252 -s 600
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\SysWOW64\WerFault.exe
- sha256
- 5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d
- uid
- 00000000-00007656
- commandline
- -u -p 6252 -s 600
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\SysWOW64\WerFault.exe
- sha256
- 5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d
- uid
- 00000000-00000892
- commandline
- -pss -s 608 -p 6252 -ip 6252
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\SysWOW64\WerFault.exe
- sha256
- 5cd3bb2e4b62180978f536450f48483107f74c8fcf8606c4beec01ef5d2cf01d