Source: loaddll64.exe, 00000000.00000002.784618390.0000025BFD9BC000.00000004.00000020.sdmp | String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0 |
Source: loaddll64.exe, 00000000.00000003.708761089.0000025BFDC6A000.00000004.00000001.sdmp | String found in binary or memory: http://bromide.xyz/ssh.zip |
Source: loaddll64.exe, 00000000.00000002.784618390.0000025BFD9BC000.00000004.00000020.sdmp | String found in binary or memory: http://cert.int-x3.letsencrypt.org/0- |
Source: loaddll64.exe, 00000000.00000002.784618390.0000025BFD9BC000.00000004.00000020.sdmp | String found in binary or memory: http://cps.letsencrypt.org0 |
Source: loaddll64.exe, 00000000.00000002.784618390.0000025BFD9BC000.00000004.00000020.sdmp | String found in binary or memory: http://cps.root-x1.letsencrypt.org0 |
Source: loaddll64.exe, 00000000.00000002.784618390.0000025BFD9BC000.00000004.00000020.sdmp | String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
Source: WerFault.exe, 00000023.00000002.780388618.000001E8D444E000.00000004.00000020.sdmp | String found in binary or memory: http://crl.micro |
Source: WerFault.exe, 00000023.00000003.724805687.000001E8D4487000.00000004.00000001.sdmp | String found in binary or memory: http://isrg.trustid.ocsp.identru |
Source: loaddll64.exe, 00000000.00000002.784618390.0000025BFD9BC000.00000004.00000020.sdmp | String found in binary or memory: http://isrg.trustid.ocsp.identrust.com0; |
Source: loaddll64.exe, 00000000.00000002.784618390.0000025BFD9BC000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.int-x3.letsencrypt.org0/ |
Source: loaddll64.exe, 00000000.00000003.708761089.0000025BFDC6A000.00000004.00000001.sdmp | String found in binary or memory: http://sdsddgu.xyz/khkhkt |
Source: loaddll64.exe, 00000000.00000002.784706857.0000025BFD9E3000.00000004.00000020.sdmp | String found in binary or memory: https://hitnaiguat.xyz/ |
Source: loaddll64.exe, 00000000.00000002.784344742.0000025BFD982000.00000004.00000020.sdmp, loaddll64.exe, 00000000.00000002.784753875.0000025BFD9FC000.00000004.00000020.sdmp | String found in binary or memory: https://hitnaiguat.xyz/ctp/b.php |
Source: loaddll64.exe, 00000000.00000003.708751537.0000025BFDC63000.00000004.00000001.sdmp | String found in binary or memory: https://hitnaiguat.xyz/ctp/b.php03 |
Source: loaddll64.exe, 00000000.00000002.784344742.0000025BFD982000.00000004.00000020.sdmp | String found in binary or memory: https://hitnaiguat.xyz/ctp/b.phpt |
Source: loaddll64.exe, 00000000.00000003.708751537.0000025BFDC63000.00000004.00000001.sdmp | String found in binary or memory: https://hitnaiguat.xyzdfdlhldfh03 |
Source: loaddll64.exe, 00000000.00000002.784618390.0000025BFD9BC000.00000004.00000020.sdmp | String found in binary or memory: https://watnaiguat.xyz/ |
Source: unknown | Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe 'C:\Users\user\Desktop\mediasvc copy.dll' |
Source: unknown | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mediasvc copy.dll,TMethodImplementationIntercept |
Source: unknown | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe user WgaUtilAcc 000000 /del |
Source: unknown | Process created: C:\Windows\System32\net.exe net.exe user WgaUtilAcc 000000 /del |
Source: unknown | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user WgaUtilAcc 000000 /del |
Source: unknown | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe user WgaUtilAcc ph9ZVf2Q /add |
Source: unknown | Process created: C:\Windows\System32\net.exe net.exe user WgaUtilAcc ph9ZVf2Q /add |
Source: unknown | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user WgaUtilAcc ph9ZVf2Q /add |
Source: unknown | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe LOCALGROUP 'Remote Desktop Users' WgaUtilAcc /ADD |
Source: unknown | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mediasvc copy.dll,__dbk_fcall_wrapper |
Source: unknown | Process created: C:\Windows\System32\net.exe net.exe LOCALGROUP 'Remote Desktop Users' WgaUtilAcc /ADD |
Source: unknown | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 LOCALGROUP 'Remote Desktop Users' WgaUtilAcc /ADD |
Source: unknown | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe LOCALGROUP 'Remote Desktop Users' user /ADD |
Source: unknown | Process created: C:\Windows\System32\net.exe net.exe LOCALGROUP 'Remote Desktop Users' user /ADD |
Source: unknown | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 LOCALGROUP 'Remote Desktop Users' user /ADD |
Source: unknown | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe LOCALGROUP 'Administrators' WgaUtilAcc /ADD |
Source: unknown | Process created: C:\Windows\System32\net.exe net.exe LOCALGROUP 'Administrators' WgaUtilAcc /ADD |
Source: unknown | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 LOCALGROUP 'Administrators' WgaUtilAcc /ADD |
Source: unknown | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mediasvc copy.dll,dbkFCallWrapperAddr |
Source: unknown | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe user WgaUtilAcc ph9ZVf2Q |
Source: unknown | Process created: C:\Windows\System32\net.exe net.exe user WgaUtilAcc ph9ZVf2Q |
Source: unknown | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user WgaUtilAcc ph9ZVf2Q |
Source: unknown | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mediasvc copy.dll,euefnaiw |
Source: unknown | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mediasvc copy.dll,gusiezo3 |
Source: unknown | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mediasvc copy.dll,hitit |
Source: unknown | Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7108 -s 1152 |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mediasvc copy.dll,TMethodImplementationIntercept |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe user WgaUtilAcc 000000 /del |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe user WgaUtilAcc ph9ZVf2Q /add |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe LOCALGROUP 'Remote Desktop Users' WgaUtilAcc /ADD |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mediasvc copy.dll,__dbk_fcall_wrapper |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe LOCALGROUP 'Remote Desktop Users' user /ADD |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe LOCALGROUP 'Administrators' WgaUtilAcc /ADD |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mediasvc copy.dll,dbkFCallWrapperAddr |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe user WgaUtilAcc ph9ZVf2Q |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mediasvc copy.dll,euefnaiw |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\mediasvc copy.dll,gusiezo3 |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\net.exe net.exe user WgaUtilAcc 000000 /del |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net.exe user WgaUtilAcc 000000 /del |
Source: C:\Windows\System32\net.exe | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user WgaUtilAcc 000000 /del |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net.exe user WgaUtilAcc ph9ZVf2Q /add |
Source: C:\Windows\System32\net.exe | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user WgaUtilAcc ph9ZVf2Q /add |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net.exe LOCALGROUP 'Remote Desktop Users' WgaUtilAcc /ADD |
Source: C:\Windows\System32\net.exe | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 LOCALGROUP 'Remote Desktop Users' WgaUtilAcc /ADD |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net.exe LOCALGROUP 'Remote Desktop Users' user /ADD |
Source: C:\Windows\System32\net.exe | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 LOCALGROUP 'Remote Desktop Users' user /ADD |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net.exe LOCALGROUP 'Administrators' WgaUtilAcc /ADD |
Source: C:\Windows\System32\net.exe | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 LOCALGROUP 'Administrators' WgaUtilAcc /ADD |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net.exe user WgaUtilAcc ph9ZVf2Q |
Source: C:\Windows\System32\net.exe | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user WgaUtilAcc ph9ZVf2Q |
Source: | Binary string: UxTheme.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: wbemcomn.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: mskeyprotect.pdb source: WerFault.exe, 00000023.00000003.720930195.000001E8D6C8A000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb8 source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdbXE source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: UxTheme.pdb$ source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: winnsi.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: gdi32.pdb8 source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: CLBCatQ.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: schannel.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb9 source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: kernel32.pdb source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb8 source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: sxs.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: ntdll.pdb8 source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: win32u.pdb source: WerFault.exe, 00000023.00000003.721192200.000001E8D6C79000.00000004.00000040.sdmp |
Source: | Binary string: ntdll.pdb0 source: WerFault.exe, 00000023.00000003.715383654.000001E8D618C000.00000004.00000001.sdmp |
Source: | Binary string: dhcpcsvc.pdb6 source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: imm32.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: ws2_32.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: kernelbase.pdb0 source: WerFault.exe, 00000023.00000003.716999614.000001E8D6198000.00000004.00000001.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: mswsock.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: wbemdisp.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: kernelbase.pdb8 source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: ncrypt.pdbw source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: nsi.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: imm32.pdb_E source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: webio.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb8 source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdbTE source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 00000023.00000003.721192200.000001E8D6C79000.00000004.00000040.sdmp |
Source: | Binary string: gdi32full.pdb8 source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: rasadhlp.pdb/ source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: msasn1.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: schannel.pdbi source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: comctl32v582.pdb source: WerFault.exe, 00000023.00000003.721241994.000001E8D6C70000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb8 source: WerFault.exe, 00000023.00000003.721192200.000001E8D6C79000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000023.00000003.721241994.000001E8D6C70000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000023.00000003.721241994.000001E8D6C70000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb8 source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: ncrypt.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: kernel32.pdb8 source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: wbemprox.pdbj source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: rasadhlp.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: netutils.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: kernelbase.pdb source: WerFault.exe, 00000023.00000003.716999614.000001E8D6198000.00000004.00000001.sdmp |
Source: | Binary string: dhcpcsvc.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: rpcrt4.pdb source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb8 source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: sspicli.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdb.DLLB source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: loaddll64.pdb8 source: WerFault.exe, 00000023.00000003.721077963.000001E8D6C72000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb@E source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb8 source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: dnsapi.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: rpcrt4.pdb8 source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: dhcpcsvc6.pdb< source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdbME source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: winhttp.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: ntasn1.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: gdi32full.pdb source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: user32.pdb8 source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: wmiutils.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: gdi32.pdb source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: dhcpcsvc6.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: webio.pdbc source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: winhttp.pdbKE source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: fastprox.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: win32u.pdb8 source: WerFault.exe, 00000023.00000003.721192200.000001E8D6C79000.00000004.00000040.sdmp |
Source: | Binary string: wbemsvc.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: ncryptsslp.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: version.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: wbemcomn.pdbf source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: user32.pdb source: WerFault.exe, 00000023.00000003.720965380.000001E8D6C76000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbQE source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: loaddll64.pdb source: WerFault.exe, 00000023.00000003.721077963.000001E8D6C72000.00000004.00000040.sdmp |
Source: | Binary string: fwpuclnt.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: netapi32.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdbNE source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000023.00000003.721241994.000001E8D6C70000.00000004.00000040.sdmp |
Source: | Binary string: ws2_32.pdb3 source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: ntdll.pdb source: WerFault.exe, 00000023.00000003.715383654.000001E8D618C000.00000004.00000001.sdmp |
Source: | Binary string: wtsapi32.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: netutils.pdbRE source: WerFault.exe, 00000023.00000003.721203229.000001E8D6C7B000.00000004.00000040.sdmp |
Source: | Binary string: wbemprox.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: | Binary string: crypt32.pdb source: WerFault.exe, 00000023.00000003.720913542.000001E8D6C7F000.00000004.00000040.sdmp |
Source: C:\Windows\System32\loaddll64.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\loaddll64.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\loaddll64.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Windows\System32\loaddll64.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\loaddll64.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Windows\System32\loaddll64.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\loaddll64.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Windows\System32\loaddll64.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: loaddll64.exe, 00000000.00000002.785118327.0000025BFF450000.00000002.00000001.sdmp, rundll32.exe, 00000001.00000002.686980246.00000205FCA20000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.709285585.000001A381A30000.00000002.00000001.sdmp, rundll32.exe, 00000012.00000002.695931184.000001BFCF3B0000.00000002.00000001.sdmp, rundll32.exe, 0000001A.00000002.703464710.00000160A8D60000.00000002.00000001.sdmp, rundll32.exe, 0000001E.00000002.718112963.0000024ABF320000.00000002.00000001.sdmp, rundll32.exe, 0000001F.00000002.724411852.00000203C0CF0000.00000002.00000001.sdmp, WerFault.exe, 00000023.00000002.781628259.000001E8D6D90000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: WerFault.exe, 00000023.00000002.781062362.000001E8D63FF000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAWVE |
Source: WerFault.exe, 00000023.00000003.724837730.000001E8D6403000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAWVE%SystemRoot%\system32\mswsock.dllSystem32NUMBER_OF_PROCESSORS=2OneDrive=C:\Users\ |
Source: loaddll64.exe, 00000000.00000002.784618390.0000025BFD9BC000.00000004.00000020.sdmp, WerFault.exe, 00000023.00000002.781049286.000001E8D62C4000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW |
Source: WerFault.exe, 00000023.00000002.781049286.000001E8D62C4000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAWK |
Source: loaddll64.exe, 00000000.00000002.785118327.0000025BFF450000.00000002.00000001.sdmp, rundll32.exe, 00000001.00000002.686980246.00000205FCA20000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.709285585.000001A381A30000.00000002.00000001.sdmp, rundll32.exe, 00000012.00000002.695931184.000001BFCF3B0000.00000002.00000001.sdmp, rundll32.exe, 0000001A.00000002.703464710.00000160A8D60000.00000002.00000001.sdmp, rundll32.exe, 0000001E.00000002.718112963.0000024ABF320000.00000002.00000001.sdmp, rundll32.exe, 0000001F.00000002.724411852.00000203C0CF0000.00000002.00000001.sdmp, WerFault.exe, 00000023.00000002.781628259.000001E8D6D90000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: loaddll64.exe, 00000000.00000002.785118327.0000025BFF450000.00000002.00000001.sdmp, rundll32.exe, 00000001.00000002.686980246.00000205FCA20000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.709285585.000001A381A30000.00000002.00000001.sdmp, rundll32.exe, 00000012.00000002.695931184.000001BFCF3B0000.00000002.00000001.sdmp, rundll32.exe, 0000001A.00000002.703464710.00000160A8D60000.00000002.00000001.sdmp, rundll32.exe, 0000001E.00000002.718112963.0000024ABF320000.00000002.00000001.sdmp, rundll32.exe, 0000001F.00000002.724411852.00000203C0CF0000.00000002.00000001.sdmp, WerFault.exe, 00000023.00000002.781628259.000001E8D6D90000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: loaddll64.exe, 00000000.00000003.664636749.0000025BFD9B9000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllC |
Source: loaddll64.exe, 00000000.00000003.664404380.0000025BFD9B9000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllVV |
Source: loaddll64.exe, 00000000.00000002.785118327.0000025BFF450000.00000002.00000001.sdmp, rundll32.exe, 00000001.00000002.686980246.00000205FCA20000.00000002.00000001.sdmp, rundll32.exe, 00000009.00000002.709285585.000001A381A30000.00000002.00000001.sdmp, rundll32.exe, 00000012.00000002.695931184.000001BFCF3B0000.00000002.00000001.sdmp, rundll32.exe, 0000001A.00000002.703464710.00000160A8D60000.00000002.00000001.sdmp, rundll32.exe, 0000001E.00000002.718112963.0000024ABF320000.00000002.00000001.sdmp, rundll32.exe, 0000001F.00000002.724411852.00000203C0CF0000.00000002.00000001.sdmp, WerFault.exe, 00000023.00000002.781628259.000001E8D6D90000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe user WgaUtilAcc 000000 /del |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe user WgaUtilAcc ph9ZVf2Q /add |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe LOCALGROUP 'Remote Desktop Users' WgaUtilAcc /ADD |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe LOCALGROUP 'Remote Desktop Users' user /ADD |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe LOCALGROUP 'Administrators' WgaUtilAcc /ADD |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd /C net.exe user WgaUtilAcc ph9ZVf2Q |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net.exe user WgaUtilAcc 000000 /del |
Source: C:\Windows\System32\net.exe | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user WgaUtilAcc 000000 /del |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net.exe user WgaUtilAcc ph9ZVf2Q /add |
Source: C:\Windows\System32\net.exe | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user WgaUtilAcc ph9ZVf2Q /add |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net.exe LOCALGROUP 'Remote Desktop Users' WgaUtilAcc /ADD |
Source: C:\Windows\System32\net.exe | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 LOCALGROUP 'Remote Desktop Users' WgaUtilAcc /ADD |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net.exe LOCALGROUP 'Remote Desktop Users' user /ADD |
Source: C:\Windows\System32\net.exe | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 LOCALGROUP 'Remote Desktop Users' user /ADD |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net.exe LOCALGROUP 'Administrators' WgaUtilAcc /ADD |
Source: C:\Windows\System32\net.exe | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 LOCALGROUP 'Administrators' WgaUtilAcc /ADD |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net.exe user WgaUtilAcc ph9ZVf2Q |
Source: C:\Windows\System32\net.exe | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user WgaUtilAcc ph9ZVf2Q |