Source: | Binary string: winspool.pdbG source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: vcruntime140.i386.pdb;> source: WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.372587886.0000000004D22000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.380680880.0000000000708000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.390117912.0000000000987000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382722138.00000000052C1000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395643772.0000000004BB1000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412428526.0000000004DD1000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000A.00000003.354826015.0000000000810000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382918143.00000000052C0000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395823309.0000000004BB0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412618555.0000000004ED0000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.390081936.0000000000981000.00000004.00000001.sdmp |
Source: | Binary string: mscoree.pdbw source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: \??\C:\Windows\dll\ghost.pdbction source: rundll32.exe, 0000000F.00000002.434619782.000000000337A000.00000004.00000020.sdmp |
Source: | Binary string: (P^lHC:\Users\user\Desktop\ghost.pdb2 source: rundll32.exe, 00000012.00000002.440633427.0000000002D6A000.00000004.00000010.sdmp, rundll32.exe, 00000016.00000002.451872776.000000000089A000.00000004.00000010.sdmp |
Source: | Binary string: C:\Users\Andre\Documents\Visual Studio 2015\Projects\ghost\Release\ghost.pdb source: rundll32.exe, 00000002.00000002.332564130.000000000516A000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.333642812.00000000049CA000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.390709241.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 0000000B.00000002.347865671.000000000456A000.00000002.00020000.sdmp, rundll32.exe, 0000000C.00000002.356017758.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 0000000D.00000002.364210056.000000000462A000.00000002.00020000.sdmp, rundll32.exe, 0000000F.00000002.434760041.00000000033B3000.00000004.00000020.sdmp, rundll32.exe, 00000012.00000002.450127060.00000000071FA000.00000002.00020000.sdmp, rundll32.exe, 00000015.00000002.393607696.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 00000016.00000002.455781535.000000000482A000.00000002.00020000.sdmp, rundll32.exe, 00000017.00000002.388822904.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 00000018.00000002.389741243.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 0000001A.00000002.396291858.000000000709A000.00000002.00020000.sdmp, ghost.dll |
Source: | Binary string: .ni.pdb source: WerFault.exe, 0000000A.00000003.354767041.0000000000823000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382640588.00000000052D3000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395596427.0000000004BC3000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412466766.0000000004EE3000.00000004.00000001.sdmp |
Source: | Binary string: clr.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: \??\C:\Windows\ghost.pdbulOd source: rundll32.exe, 0000000F.00000002.434760041.00000000033B3000.00000004.00000020.sdmp |
Source: | Binary string: profapi.pdb? source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb/ source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb` source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.391502921.000000000098D000.00000004.00000001.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 0000000A.00000003.354826015.0000000000810000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382918143.00000000052C0000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395823309.0000000004BB0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412618555.0000000004ED0000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.ni.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp, WERF9A6.tmp.dmp.27.dr |
Source: | Binary string: \??\C:\Windows\symbols\dll\ghost.pdbdb source: rundll32.exe, 0000000F.00000002.434619782.000000000337A000.00000004.00000020.sdmp |
Source: | Binary string: msvcp140.i386.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdbM source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: sers\Andre\Documents\Visual Studio 2015\Projects\ghost\Release\ghost.pdb source: rundll32.exe, 0000000F.00000002.434760041.00000000033B3000.00000004.00000020.sdmp |
Source: | Binary string: advapi32.pdb# source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: mscoree.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb9 source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382941849.00000000052C4000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395863976.0000000004BB4000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdbU source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382722138.00000000052C1000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395643772.0000000004BB1000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: symbols\dll\ghost.pdb source: rundll32.exe, 00000005.00000002.379483946.000000000014A000.00000004.00000010.sdmp, rundll32.exe, 0000000F.00000002.432847249.0000000002DCB000.00000004.00000010.sdmp, rundll32.exe, 00000012.00000002.440633427.0000000002D6A000.00000004.00000010.sdmp, rundll32.exe, 00000016.00000002.451872776.000000000089A000.00000004.00000010.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382722138.00000000052C1000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395643772.0000000004BB1000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: ilC:\Users\user\Desktop\ghost.pdb source: rundll32.exe, 00000005.00000002.379483946.000000000014A000.00000004.00000010.sdmp, rundll32.exe, 0000000F.00000002.432847249.0000000002DCB000.00000004.00000010.sdmp, rundll32.exe, 00000012.00000002.440633427.0000000002D6A000.00000004.00000010.sdmp, rundll32.exe, 00000016.00000002.451872776.000000000089A000.00000004.00000010.sdmp |
Source: | Binary string: dwmapi.pdb` source: WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: msvcr120_clr0400.i386.pdb% source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.ni.pdbRSDS source: WERF9A6.tmp.dmp.27.dr |
Source: | Binary string: eer\Desktop\ghost.PDB source: rundll32.exe, 00000005.00000002.379483946.000000000014A000.00000004.00000010.sdmp, rundll32.exe, 0000000F.00000002.432847249.0000000002DCB000.00000004.00000010.sdmp, rundll32.exe, 00000012.00000002.440633427.0000000002D6A000.00000004.00000010.sdmp, rundll32.exe, 00000016.00000002.451872776.000000000089A000.00000004.00000010.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412428526.0000000004DD1000.00000004.00000001.sdmp |
Source: | Binary string: advapi32.pdbA source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.pdbooC source: WerFault.exe, 00000014.00000003.395560310.0000000004A92000.00000004.00000001.sdmp |
Source: | Binary string: mscorlib.ni.pdbx source: WerFault.exe, 0000000A.00000003.354042774.0000000004D90000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.381527765.0000000005450000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.393879888.0000000000AE0000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.410649898.0000000005080000.00000004.00000001.sdmp |
Source: | Binary string: l.pdb source: rundll32.exe, 0000000F.00000002.432847249.0000000002DCB000.00000004.00000010.sdmp |
Source: | Binary string: (P^l,C:\Windows\ghost.pdb source: rundll32.exe, 0000000F.00000002.432847249.0000000002DCB000.00000004.00000010.sdmp, rundll32.exe, 00000012.00000002.440633427.0000000002D6A000.00000004.00000010.sdmp, rundll32.exe, 00000016.00000002.451872776.000000000089A000.00000004.00000010.sdmp |
Source: | Binary string: dwmapi.pdb5~q source: WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.pdb source: WerFault.exe, 0000000A.00000003.354758786.0000000004B92000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.381527765.0000000005450000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395560310.0000000004A92000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412451483.0000000004DE2000.00000004.00000001.sdmp, WERF9A6.tmp.dmp.27.dr |
Source: | Binary string: imagehlp.pdb} source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdbi source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382941849.00000000052C4000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395643772.0000000004BB1000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdbc source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000A.00000003.354826015.0000000000810000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382918143.00000000052C0000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395823309.0000000004BB0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412618555.0000000004ED0000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412428526.0000000004DD1000.00000004.00000001.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000014.00000003.380680880.0000000000708000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.390117912.0000000000987000.00000004.00000001.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412428526.0000000004DD1000.00000004.00000001.sdmp |
Source: | Binary string: ghost.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp, WERF9A6.tmp.dmp.27.dr |
Source: | Binary string: combase.pdbA source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.pdb{ source: WerFault.exe, 00000011.00000003.382640588.00000000052D3000.00000004.00000001.sdmp |
Source: | Binary string: mscorlib.pdboor source: WerFault.exe, 0000000A.00000003.354758786.0000000004B92000.00000004.00000001.sdmp |
Source: | Binary string: mscorlib.pdb| source: WERD778.tmp.dmp.17.dr |
Source: | Binary string: shlwapi.pdb7 source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.pdbx source: WerFault.exe, 0000000A.00000003.354042774.0000000004D90000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.381527765.0000000005450000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.393879888.0000000000AE0000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.410649898.0000000005080000.00000004.00000001.sdmp |
Source: | Binary string: _(P^l,C:\Windows\ghost.pdb source: rundll32.exe, 00000005.00000002.379483946.000000000014A000.00000004.00000010.sdmp |
Source: | Binary string: version.pdb[~ source: WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382941849.00000000052C4000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395863976.0000000004BB4000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.pdboo source: WerFault.exe, 0000001B.00000003.412451483.0000000004DE2000.00000004.00000001.sdmp |
Source: | Binary string: C:\Windows\ghost.pdbpdbost.pdb source: rundll32.exe, 0000000F.00000002.434760041.00000000033B3000.00000004.00000020.sdmp |
Source: | Binary string: oleaut32.pdb3 source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: (P^lHC:\Users\user\Desktop\ghost.pdb27 source: rundll32.exe, 0000000F.00000002.432847249.0000000002DCB000.00000004.00000010.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412428526.0000000004DD1000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382722138.00000000052C1000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395643772.0000000004BB1000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdbk source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382722138.00000000052C1000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395643772.0000000004BB1000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: (P^lHC:\Users\user\Desktop\ghost.pdb2[ source: rundll32.exe, 00000005.00000002.379483946.000000000014A000.00000004.00000010.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382722138.00000000052C1000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395643772.0000000004BB1000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: clrjit.pdbf source: WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.pdb` source: WERA77E.tmp.dmp.10.dr |
Source: | Binary string: iphlpapi.pdb[ source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdbf source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb+ source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdbp source: WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412428526.0000000004DD1000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: diasymreader.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382640588.00000000052D3000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb% source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdbp source: WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 00000014.00000003.381543825.0000000000702000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.390081936.0000000000981000.00000004.00000001.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412428526.0000000004DD1000.00000004.00000001.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: clrjit.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdbU source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdbK source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdbi source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382941849.00000000052C4000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395643772.0000000004BB1000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: clrjit.pdb9~} source: WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp |
Source: | Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: setupapi.pdb9 source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: C:\Users\Andre\Documents\Visual Studio 2015\Projects\ghost\Release\ghost.pdb%% source: rundll32.exe, 00000002.00000002.332564130.000000000516A000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.333642812.00000000049CA000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.390709241.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 0000000B.00000002.347865671.000000000456A000.00000002.00020000.sdmp, rundll32.exe, 0000000C.00000002.356017758.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 0000000D.00000002.364210056.000000000462A000.00000002.00020000.sdmp, rundll32.exe, 0000000F.00000002.434760041.00000000033B3000.00000004.00000020.sdmp, rundll32.exe, 00000012.00000002.450127060.00000000071FA000.00000002.00020000.sdmp, rundll32.exe, 00000015.00000002.393607696.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 00000016.00000002.455781535.000000000482A000.00000002.00020000.sdmp, rundll32.exe, 00000017.00000002.388822904.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 00000018.00000002.389741243.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 0000001A.00000002.396291858.000000000709A000.00000002.00020000.sdmp, ghost.dll |
Source: | Binary string: version.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: vcruntime140.i386.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000A.00000003.354826015.0000000000810000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382918143.00000000052C0000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395823309.0000000004BB0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412618555.0000000004ED0000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdbO3 source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb86 source: WerFault.exe, 0000001B.00000003.412618555.0000000004ED0000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: \??\C:\Windows\ghost.pdbd source: rundll32.exe, 0000000F.00000002.434760041.00000000033B3000.00000004.00000020.sdmp |
Source: | Binary string: mscoreei.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000A.00000003.354826015.0000000000810000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382918143.00000000052C0000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395823309.0000000004BB0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412618555.0000000004ED0000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000014.00000003.381309008.000000000070E000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.391502921.000000000098D000.00000004.00000001.sdmp |
Source: | Binary string: sfc_os.pdbo source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb% source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdbS source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412428526.0000000004DD1000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdbM source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb_ source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: WerFault.exe, 0000000A.00000003.353479613.0000000004E10000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.379994838.00000000054D0000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.391702222.0000000004D30000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.409135731.0000000005100000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication |
Source: WerFault.exe, 0000000A.00000003.353479613.0000000004E10000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.379994838.00000000054D0000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.391702222.0000000004D30000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.409135731.0000000005100000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o |
Source: WerFault.exe, 0000000A.00000003.353479613.0000000004E10000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.379994838.00000000054D0000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.391702222.0000000004D30000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.409135731.0000000005100000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005 |
Source: WerFault.exe, 0000000A.00000003.353479613.0000000004E10000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.379994838.00000000054D0000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.391702222.0000000004D30000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.409135731.0000000005100000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid |
Source: WerFault.exe, 0000000A.00000003.353479613.0000000004E10000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.379994838.00000000054D0000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.391702222.0000000004D30000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.409135731.0000000005100000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200 |
Source: WerFault.exe, 0000000A.00000003.353479613.0000000004E10000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.379994838.00000000054D0000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.391702222.0000000004D30000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.409135731.0000000005100000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality |
Source: WerFault.exe, 0000000A.00000003.353479613.0000000004E10000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.379994838.00000000054D0000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.391702222.0000000004D30000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.409135731.0000000005100000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone |
Source: WerFault.exe, 0000000A.00000003.353479613.0000000004E10000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.379994838.00000000054D0000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.391702222.0000000004D30000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.409135731.0000000005100000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: WerFault.exe, 0000000A.00000003.353479613.0000000004E10000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.379994838.00000000054D0000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.391702222.0000000004D30000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.409135731.0000000005100000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier |
Source: WerFault.exe, 0000000A.00000003.353479613.0000000004E10000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.379994838.00000000054D0000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.391702222.0000000004D30000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.409135731.0000000005100000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone |
Source: WerFault.exe, 0000000A.00000003.353479613.0000000004E10000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.379994838.00000000054D0000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.391702222.0000000004D30000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.409135731.0000000005100000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/ |
Source: WerFault.exe, 0000000A.00000003.353479613.0000000004E10000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.379994838.00000000054D0000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.391702222.0000000004D30000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.409135731.0000000005100000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince |
Source: WerFault.exe, 0000000A.00000003.353479613.0000000004E10000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.379994838.00000000054D0000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.391702222.0000000004D30000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.409135731.0000000005100000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20 |
Source: WerFault.exe, 0000000A.00000003.353479613.0000000004E10000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.379994838.00000000054D0000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.391702222.0000000004D30000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.409135731.0000000005100000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/ |
Source: WerFault.exe, 0000000A.00000003.353479613.0000000004E10000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.379994838.00000000054D0000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.391702222.0000000004D30000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.409135731.0000000005100000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o |
Source: | Binary string: winspool.pdbG source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: vcruntime140.i386.pdb;> source: WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.372587886.0000000004D22000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.380680880.0000000000708000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.390117912.0000000000987000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382722138.00000000052C1000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395643772.0000000004BB1000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412428526.0000000004DD1000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000A.00000003.354826015.0000000000810000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382918143.00000000052C0000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395823309.0000000004BB0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412618555.0000000004ED0000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.390081936.0000000000981000.00000004.00000001.sdmp |
Source: | Binary string: mscoree.pdbw source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: \??\C:\Windows\dll\ghost.pdbction source: rundll32.exe, 0000000F.00000002.434619782.000000000337A000.00000004.00000020.sdmp |
Source: | Binary string: (P^lHC:\Users\user\Desktop\ghost.pdb2 source: rundll32.exe, 00000012.00000002.440633427.0000000002D6A000.00000004.00000010.sdmp, rundll32.exe, 00000016.00000002.451872776.000000000089A000.00000004.00000010.sdmp |
Source: | Binary string: C:\Users\Andre\Documents\Visual Studio 2015\Projects\ghost\Release\ghost.pdb source: rundll32.exe, 00000002.00000002.332564130.000000000516A000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.333642812.00000000049CA000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.390709241.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 0000000B.00000002.347865671.000000000456A000.00000002.00020000.sdmp, rundll32.exe, 0000000C.00000002.356017758.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 0000000D.00000002.364210056.000000000462A000.00000002.00020000.sdmp, rundll32.exe, 0000000F.00000002.434760041.00000000033B3000.00000004.00000020.sdmp, rundll32.exe, 00000012.00000002.450127060.00000000071FA000.00000002.00020000.sdmp, rundll32.exe, 00000015.00000002.393607696.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 00000016.00000002.455781535.000000000482A000.00000002.00020000.sdmp, rundll32.exe, 00000017.00000002.388822904.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 00000018.00000002.389741243.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 0000001A.00000002.396291858.000000000709A000.00000002.00020000.sdmp, ghost.dll |
Source: | Binary string: .ni.pdb source: WerFault.exe, 0000000A.00000003.354767041.0000000000823000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382640588.00000000052D3000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395596427.0000000004BC3000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412466766.0000000004EE3000.00000004.00000001.sdmp |
Source: | Binary string: clr.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: \??\C:\Windows\ghost.pdbulOd source: rundll32.exe, 0000000F.00000002.434760041.00000000033B3000.00000004.00000020.sdmp |
Source: | Binary string: profapi.pdb? source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb/ source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb` source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.391502921.000000000098D000.00000004.00000001.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 0000000A.00000003.354826015.0000000000810000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382918143.00000000052C0000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395823309.0000000004BB0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412618555.0000000004ED0000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.ni.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp, WERF9A6.tmp.dmp.27.dr |
Source: | Binary string: \??\C:\Windows\symbols\dll\ghost.pdbdb source: rundll32.exe, 0000000F.00000002.434619782.000000000337A000.00000004.00000020.sdmp |
Source: | Binary string: msvcp140.i386.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdbM source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: sers\Andre\Documents\Visual Studio 2015\Projects\ghost\Release\ghost.pdb source: rundll32.exe, 0000000F.00000002.434760041.00000000033B3000.00000004.00000020.sdmp |
Source: | Binary string: advapi32.pdb# source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: mscoree.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb9 source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382941849.00000000052C4000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395863976.0000000004BB4000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdbU source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382722138.00000000052C1000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395643772.0000000004BB1000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: symbols\dll\ghost.pdb source: rundll32.exe, 00000005.00000002.379483946.000000000014A000.00000004.00000010.sdmp, rundll32.exe, 0000000F.00000002.432847249.0000000002DCB000.00000004.00000010.sdmp, rundll32.exe, 00000012.00000002.440633427.0000000002D6A000.00000004.00000010.sdmp, rundll32.exe, 00000016.00000002.451872776.000000000089A000.00000004.00000010.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382722138.00000000052C1000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395643772.0000000004BB1000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: ilC:\Users\user\Desktop\ghost.pdb source: rundll32.exe, 00000005.00000002.379483946.000000000014A000.00000004.00000010.sdmp, rundll32.exe, 0000000F.00000002.432847249.0000000002DCB000.00000004.00000010.sdmp, rundll32.exe, 00000012.00000002.440633427.0000000002D6A000.00000004.00000010.sdmp, rundll32.exe, 00000016.00000002.451872776.000000000089A000.00000004.00000010.sdmp |
Source: | Binary string: dwmapi.pdb` source: WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: msvcr120_clr0400.i386.pdb% source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.ni.pdbRSDS source: WERF9A6.tmp.dmp.27.dr |
Source: | Binary string: eer\Desktop\ghost.PDB source: rundll32.exe, 00000005.00000002.379483946.000000000014A000.00000004.00000010.sdmp, rundll32.exe, 0000000F.00000002.432847249.0000000002DCB000.00000004.00000010.sdmp, rundll32.exe, 00000012.00000002.440633427.0000000002D6A000.00000004.00000010.sdmp, rundll32.exe, 00000016.00000002.451872776.000000000089A000.00000004.00000010.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412428526.0000000004DD1000.00000004.00000001.sdmp |
Source: | Binary string: advapi32.pdbA source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.pdbooC source: WerFault.exe, 00000014.00000003.395560310.0000000004A92000.00000004.00000001.sdmp |
Source: | Binary string: mscorlib.ni.pdbx source: WerFault.exe, 0000000A.00000003.354042774.0000000004D90000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.381527765.0000000005450000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.393879888.0000000000AE0000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.410649898.0000000005080000.00000004.00000001.sdmp |
Source: | Binary string: l.pdb source: rundll32.exe, 0000000F.00000002.432847249.0000000002DCB000.00000004.00000010.sdmp |
Source: | Binary string: (P^l,C:\Windows\ghost.pdb source: rundll32.exe, 0000000F.00000002.432847249.0000000002DCB000.00000004.00000010.sdmp, rundll32.exe, 00000012.00000002.440633427.0000000002D6A000.00000004.00000010.sdmp, rundll32.exe, 00000016.00000002.451872776.000000000089A000.00000004.00000010.sdmp |
Source: | Binary string: dwmapi.pdb5~q source: WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.pdb source: WerFault.exe, 0000000A.00000003.354758786.0000000004B92000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.381527765.0000000005450000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395560310.0000000004A92000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412451483.0000000004DE2000.00000004.00000001.sdmp, WERF9A6.tmp.dmp.27.dr |
Source: | Binary string: imagehlp.pdb} source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdbi source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382941849.00000000052C4000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395643772.0000000004BB1000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdbc source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000A.00000003.354826015.0000000000810000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382918143.00000000052C0000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395823309.0000000004BB0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412618555.0000000004ED0000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412428526.0000000004DD1000.00000004.00000001.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000014.00000003.380680880.0000000000708000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.390117912.0000000000987000.00000004.00000001.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412428526.0000000004DD1000.00000004.00000001.sdmp |
Source: | Binary string: ghost.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp, WERF9A6.tmp.dmp.27.dr |
Source: | Binary string: combase.pdbA source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.pdb{ source: WerFault.exe, 00000011.00000003.382640588.00000000052D3000.00000004.00000001.sdmp |
Source: | Binary string: mscorlib.pdboor source: WerFault.exe, 0000000A.00000003.354758786.0000000004B92000.00000004.00000001.sdmp |
Source: | Binary string: mscorlib.pdb| source: WERD778.tmp.dmp.17.dr |
Source: | Binary string: shlwapi.pdb7 source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.pdbx source: WerFault.exe, 0000000A.00000003.354042774.0000000004D90000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.381527765.0000000005450000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.393879888.0000000000AE0000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.410649898.0000000005080000.00000004.00000001.sdmp |
Source: | Binary string: _(P^l,C:\Windows\ghost.pdb source: rundll32.exe, 00000005.00000002.379483946.000000000014A000.00000004.00000010.sdmp |
Source: | Binary string: version.pdb[~ source: WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382941849.00000000052C4000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395863976.0000000004BB4000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.pdboo source: WerFault.exe, 0000001B.00000003.412451483.0000000004DE2000.00000004.00000001.sdmp |
Source: | Binary string: C:\Windows\ghost.pdbpdbost.pdb source: rundll32.exe, 0000000F.00000002.434760041.00000000033B3000.00000004.00000020.sdmp |
Source: | Binary string: oleaut32.pdb3 source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: (P^lHC:\Users\user\Desktop\ghost.pdb27 source: rundll32.exe, 0000000F.00000002.432847249.0000000002DCB000.00000004.00000010.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412428526.0000000004DD1000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382722138.00000000052C1000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395643772.0000000004BB1000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdbk source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382722138.00000000052C1000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395643772.0000000004BB1000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: (P^lHC:\Users\user\Desktop\ghost.pdb2[ source: rundll32.exe, 00000005.00000002.379483946.000000000014A000.00000004.00000010.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382722138.00000000052C1000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395643772.0000000004BB1000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: clrjit.pdbf source: WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: mscorlib.pdb` source: WERA77E.tmp.dmp.10.dr |
Source: | Binary string: iphlpapi.pdb[ source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdbf source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb+ source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdbp source: WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412428526.0000000004DD1000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: diasymreader.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382640588.00000000052D3000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb% source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdbp source: WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 00000014.00000003.381543825.0000000000702000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.390081936.0000000000981000.00000004.00000001.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412428526.0000000004DD1000.00000004.00000001.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: clrjit.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdbU source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdbK source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdbi source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000A.00000003.354778188.0000000000811000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382941849.00000000052C4000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395643772.0000000004BB1000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412481857.0000000004ED1000.00000004.00000040.sdmp |
Source: | Binary string: clrjit.pdb9~} source: WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp |
Source: | Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: setupapi.pdb9 source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: C:\Users\Andre\Documents\Visual Studio 2015\Projects\ghost\Release\ghost.pdb%% source: rundll32.exe, 00000002.00000002.332564130.000000000516A000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.333642812.00000000049CA000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.390709241.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 0000000B.00000002.347865671.000000000456A000.00000002.00020000.sdmp, rundll32.exe, 0000000C.00000002.356017758.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 0000000D.00000002.364210056.000000000462A000.00000002.00020000.sdmp, rundll32.exe, 0000000F.00000002.434760041.00000000033B3000.00000004.00000020.sdmp, rundll32.exe, 00000012.00000002.450127060.00000000071FA000.00000002.00020000.sdmp, rundll32.exe, 00000015.00000002.393607696.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 00000016.00000002.455781535.000000000482A000.00000002.00020000.sdmp, rundll32.exe, 00000017.00000002.388822904.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 00000018.00000002.389741243.000000007364A000.00000002.00020000.sdmp, rundll32.exe, 0000001A.00000002.396291858.000000000709A000.00000002.00020000.sdmp, ghost.dll |
Source: | Binary string: version.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412527960.0000000004EE2000.00000004.00000040.sdmp |
Source: | Binary string: vcruntime140.i386.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000A.00000003.354826015.0000000000810000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382918143.00000000052C0000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395823309.0000000004BB0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412618555.0000000004ED0000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdbO3 source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb86 source: WerFault.exe, 0000001B.00000003.412618555.0000000004ED0000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: \??\C:\Windows\ghost.pdbd source: rundll32.exe, 0000000F.00000002.434760041.00000000033B3000.00000004.00000020.sdmp |
Source: | Binary string: mscoreei.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000A.00000003.354826015.0000000000810000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382918143.00000000052C0000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395823309.0000000004BB0000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412618555.0000000004ED0000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000014.00000003.381309008.000000000070E000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.391502921.000000000098D000.00000004.00000001.sdmp |
Source: | Binary string: sfc_os.pdbo source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb% source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp, WerFault.exe, 00000014.00000003.395939381.0000000004BB7000.00000004.00000040.sdmp, WerFault.exe, 0000001B.00000003.412501777.0000000004ED7000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdbS source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 0000000A.00000003.354751213.0000000004B81000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.382574019.00000000051A1000.00000004.00000001.sdmp, WerFault.exe, 00000014.00000003.395521425.0000000004A81000.00000004.00000001.sdmp, WerFault.exe, 0000001B.00000003.412428526.0000000004DD1000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdbM source: WerFault.exe, 00000011.00000003.382960272.00000000052C7000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb_ source: WerFault.exe, 0000000A.00000003.354839656.0000000000817000.00000004.00000040.sdmp |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_05167C49 SetUnhandledExceptionFilter, | 2_2_05167C49 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_05167F54 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 2_2_05167F54 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_05167AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 2_2_05167AB4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_73647F54 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 2_2_73647F54 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_73647AB4 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 2_2_73647AB4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_73647C49 SetUnhandledExceptionFilter, | 2_2_73647C49 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_049C7C49 SetUnhandledExceptionFilter, | 3_2_049C7C49 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_049C7AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 3_2_049C7AB4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_049C7F54 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 3_2_049C7F54 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_042F7C49 SetUnhandledExceptionFilter, | 5_2_042F7C49 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_042F7AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 5_2_042F7AB4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 5_2_042F7F54 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 5_2_042F7F54 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 11_2_04567C49 SetUnhandledExceptionFilter, | 11_2_04567C49 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 11_2_04567AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 11_2_04567AB4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 11_2_04567F54 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 11_2_04567F54 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 12_2_06AE7AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 12_2_06AE7AB4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 12_2_06AE7F54 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 12_2_06AE7F54 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 12_2_06AE7C49 SetUnhandledExceptionFilter, | 12_2_06AE7C49 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 13_2_04627C49 SetUnhandledExceptionFilter, | 13_2_04627C49 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 13_2_04627AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 13_2_04627AB4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 13_2_04627F54 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 13_2_04627F54 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 15_2_04F77C49 SetUnhandledExceptionFilter, | 15_2_04F77C49 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 15_2_04F77AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 15_2_04F77AB4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 15_2_04F77F54 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 15_2_04F77F54 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 18_2_071F7F54 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 18_2_071F7F54 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 18_2_071F7AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 18_2_071F7AB4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 18_2_071F7C49 SetUnhandledExceptionFilter, | 18_2_071F7C49 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 21_2_07407F54 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 21_2_07407F54 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 21_2_07407AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 21_2_07407AB4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 21_2_07407C49 SetUnhandledExceptionFilter, | 21_2_07407C49 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 22_2_04827C49 SetUnhandledExceptionFilter, | 22_2_04827C49 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 22_2_04827AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 22_2_04827AB4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 22_2_04827F54 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 22_2_04827F54 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 23_2_04B07C49 SetUnhandledExceptionFilter, | 23_2_04B07C49 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 23_2_04B07AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 23_2_04B07AB4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 23_2_04B07F54 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 23_2_04B07F54 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 24_2_072B7F54 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 24_2_072B7F54 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 24_2_072B7AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 24_2_072B7AB4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 24_2_072B7C49 SetUnhandledExceptionFilter, | 24_2_072B7C49 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 26_2_07097F54 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 26_2_07097F54 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 26_2_07097AB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 26_2_07097AB4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 26_2_07097C49 SetUnhandledExceptionFilter, | 26_2_07097C49 |