Source: | Binary string: powrprof.pdbx\6'r source: WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdbX source: WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 0000000B.00000003.248508121.0000000000D48000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.255887896.0000000005531000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.254112821.0000000003472000.00000004.00000001.sdmp |
Source: | Binary string: winspool.pdbD source: WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb* source: WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 0000000B.00000003.254685789.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255938267.0000000005500000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262190349.00000000056B0000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdbp source: WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 0000000B.00000003.254673935.0000000004F81000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.255887896.0000000005531000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.262174486.00000000054E1000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000B.00000003.254685789.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255938267.0000000005500000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262190349.00000000056B0000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 0000000B.00000003.248501832.0000000000D42000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.251016998.00000000033F3000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.254564829.000000000346C000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 0000000B.00000003.254685789.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255938267.0000000005500000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262190349.00000000056B0000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdbf\ source: WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 0000000B.00000003.254673935.0000000004F81000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.255887896.0000000005531000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.262174486.00000000054E1000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdbs source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 0000000B.00000003.254685789.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255938267.0000000005500000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262190349.00000000056B0000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 0000000B.00000003.254673935.0000000004F81000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.255887896.0000000005531000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.262174486.00000000054E1000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 0000000B.00000003.254673935.0000000004F81000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.250318981.00000000033FF000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.254424830.0000000003478000.00000004.00000001.sdmp |
Source: | Binary string: powrprof.pdb, source: WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 0000000B.00000003.254685789.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255938267.0000000005500000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262190349.00000000056B0000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 0000000B.00000003.254673935.0000000004F81000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.255887896.0000000005531000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.262174486.00000000054E1000.00000004.00000001.sdmp |
Source: | Binary string: dwmapi.pdb_ source: WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdbr\0'i source: WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdbqI7'd source: WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdbB source: WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdbL source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb( source: WerFault.exe, 0000000B.00000003.248501832.0000000000D42000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.251016998.00000000033F3000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 0000000B.00000003.254685789.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255938267.0000000005500000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262190349.00000000056B0000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdba source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 0000000B.00000003.254673935.0000000004F81000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.255887896.0000000005531000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.262174486.00000000054E1000.00000004.00000001.sdmp |
Source: | Binary string: shlwapi.pdb#d source: WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdbz source: WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 0000000B.00000003.254685789.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255938267.0000000005500000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262190349.00000000056B0000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdbZ\ source: WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdbf source: WerFault.exe, 00000011.00000003.262190349.00000000056B0000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdbm source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000B.00000003.254685789.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255938267.0000000005500000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262190349.00000000056B0000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdbN source: WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdbA7 source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb)I source: WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 0000000B.00000003.254685789.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255938267.0000000005500000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262190349.00000000056B0000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdbg source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 0000000B.00000003.254673935.0000000004F81000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.255887896.0000000005531000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.262174486.00000000054E1000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdbh source: WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb~\<'e source: WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdby source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000B.00000003.254685789.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255938267.0000000005500000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262190349.00000000056B0000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdbl\ source: WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdbf source: WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000B.00000003.254685789.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255938267.0000000005500000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262190349.00000000056B0000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000B.00000003.254685789.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255938267.0000000005500000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262190349.00000000056B0000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000B.00000003.249353922.0000000000D4E000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.250318981.00000000033FF000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.254424830.0000000003478000.00000004.00000001.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000B.00000003.254685789.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255938267.0000000005500000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262190349.00000000056B0000.00000004.00000040.sdmp |
Source: | Binary string: setupapi.pdbV source: WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 0000000B.00000003.248508121.0000000000D48000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.250294762.00000000033F9000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.254112821.0000000003472000.00000004.00000001.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 0000000B.00000003.254673935.0000000004F81000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.255887896.0000000005531000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.262174486.00000000054E1000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb| source: WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp, WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 0000000B.00000003.254673935.0000000004F81000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.255887896.0000000005531000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.262174486.00000000054E1000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 0000000B.00000003.254673935.0000000004F81000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.255887896.0000000005531000.00000004.00000001.sdmp, WerFault.exe, 00000011.00000003.262174486.00000000054E1000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb`\ source: WerFault.exe, 0000000D.00000003.255956920.0000000005506000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdbe source: WerFault.exe, 00000011.00000003.262206454.00000000056B6000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdbE source: WerFault.exe, 0000000B.00000003.254702397.00000000050B6000.00000004.00000040.sdmp |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 6_2_000002360243A940 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec edi | 6_2_00000236024459A0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 6_2_000002360244B5B0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 6_2_000002360245423F |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 6_2_000002360244EA50 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then inc ebp | 6_2_0000023602434670 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 6_2_00000236024542CD |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 6_2_0000023602452EE0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 6_2_00000236024542EF |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 6_2_00000236024542AF |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 6_2_0000023602454336 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 6_2_0000023602454355 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 6_2_000002360243BB70 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 6_2_0000023602450B70 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 6_2_000002360245431B |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then cmp dword ptr [eax], ecx | 6_2_0000023602439380 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then inc esp | 6_2_0000023602436B90 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec ecx | 6_2_0000023602440060 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 6_2_0000023602440060 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 6_2_000002360244F460 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then movzx edx, word ptr [eax] | 6_2_000002360243AC30 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov ebx, edx | 6_2_00000236024438C0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 6_2_00000236024438C0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 6_2_00000236024484D0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then movzx ecx, word ptr [eax+02h] | 6_2_000002360243E8E0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 6_2_000002360244DCE0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then inc esp | 6_2_00000236024354F0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 6_2_00000236024408F0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then inc esp | 6_2_0000023602437890 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 6_2_0000023602452CB0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then inc ecx | 6_2_000002360243E570 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then call 000002360244A610h | 6_2_0000023602446510 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 7_2_0000023538D2A940 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec ecx | 7_2_0000023538D30060 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 7_2_0000023538D30060 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 7_2_0000023538D3F460 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then inc esp | 7_2_0000023538D27890 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then movzx edx, word ptr [eax] | 7_2_0000023538D2AC30 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then inc ecx | 7_2_0000023538D2E570 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 7_2_0000023538D308F0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then inc esp | 7_2_0000023538D254F0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then movzx ecx, word ptr [eax+02h] | 7_2_0000023538D2E8E0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 7_2_0000023538D3DCE0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then call 0000023538D3A610h | 7_2_0000023538D36510 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 7_2_0000023538D42CB0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 7_2_0000023538D384D0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov ebx, edx | 7_2_0000023538D338C0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 7_2_0000023538D338C0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then inc ebp | 7_2_0000023538D24670 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 7_2_0000023538D3EA50 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 7_2_0000023538D4423F |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 7_2_0000023538D3B5B0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec edi | 7_2_0000023538D359A0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 7_2_0000023538D2BB70 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 7_2_0000023538D40B70 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 7_2_0000023538D44355 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then inc esp | 7_2_0000023538D26B90 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then cmp dword ptr [eax], ecx | 7_2_0000023538D29380 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 7_2_0000023538D4431B |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 7_2_0000023538D44336 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 7_2_0000023538D442EF |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 7_2_0000023538D42EE0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 7_2_0000023538D442AF |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 7_2_0000023538D442CD |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then movzx edx, word ptr [eax] | 14_2_0000024B66AEAC30 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 14_2_0000024B66AEA940 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then inc esp | 14_2_0000024B66AE6B90 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 14_2_0000024B66AEBB70 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 14_2_0000024B66B00B70 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then cmp dword ptr [eax], ecx | 14_2_0000024B66AE9380 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 14_2_0000024B66B0431B |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 14_2_0000024B66B042EF |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 14_2_0000024B66B04355 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 14_2_0000024B66B04336 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then inc esp | 14_2_0000024B66AE7890 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 14_2_0000024B66AFDCE0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 14_2_0000024B66AF84D0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then inc esp | 14_2_0000024B66AE64E6 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then movzx ecx, word ptr [eax+02h] | 14_2_0000024B66AEE8E0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 14_2_0000024B66B02CB0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov ebx, edx | 14_2_0000024B66AF38C0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 14_2_0000024B66AF38C0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 14_2_0000024B66AFF460 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec ecx | 14_2_0000024B66AF0060 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 14_2_0000024B66AF0060 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec edi | 14_2_0000024B66AF59A0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then inc ecx | 14_2_0000024B66AEE570 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 14_2_0000024B66AFB5B0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then call 0000024B66AFA610h | 14_2_0000024B66AF6510 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 14_2_0000024B66AF08F0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then inc esp | 14_2_0000024B66AE54F0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then inc ebp | 14_2_0000024B66AE4670 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 14_2_0000024B66B02EE0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 14_2_0000024B66B042CD |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 14_2_0000024B66B042AF |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then dec eax | 14_2_0000024B66AFEA50 |
Source: C:\Windows\System32\wermgr.exe | Code function: 4x nop then mov esi, esi | 14_2_0000024B66B0423F |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: unknown | TCP traffic detected without corresponding DNS query: 117.252.68.211 |
Source: wermgr.exe, 0000000E.00000003.364146908.0000024B000C7000.00000004.00000001.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: WerFault.exe, 00000011.00000002.329242454.0000000005150000.00000004.00000001.sdmp | String found in binary or memory: http://crl.mm |
Source: wermgr.exe, 0000000E.00000002.645299859.0000024B66CB8000.00000004.00000020.sdmp | String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en |
Source: wermgr.exe, 0000000E.00000002.635264188.0000024B00000000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.14.dr | String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: wermgr.exe, 0000000E.00000002.635264188.0000024B00000000.00000004.00000001.sdmp | String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabn |
Source: wermgr.exe, 0000000E.00000003.354988320.0000024B00061000.00000004.00000001.sdmp | String found in binary or memory: http://ctldl.windowsupdate.com/o |
Source: wermgr.exe, 0000000E.00000002.635264188.0000024B00000000.00000004.00000001.sdmp | String found in binary or memory: http://ipinfo.io/ip |
Source: wermgr.exe, 0000000E.00000002.635264188.0000024B00000000.00000004.00000001.sdmp | String found in binary or memory: http://ipinfo.io:80/ip |
Source: wermgr.exe, 0000000E.00000002.635627648.0000024B00055000.00000004.00000001.sdmp | String found in binary or memory: https://117.252.68.211/ |
Source: wermgr.exe, 0000000E.00000002.644986028.0000024B66C78000.00000004.00000020.sdmp | String found in binary or memory: https://117.252.68.211/I |
Source: wermgr.exe, 00000007.00000002.637747793.0000023538F6E000.00000004.00000020.sdmp, wermgr.exe, 00000007.00000002.637307214.0000023538F21000.00000004.00000020.sdmp | String found in binary or memory: https://117.252.68.211/che7/066656_W10017134.01BBF31298B77829737BB7961939977F/5/kps/ |
Source: wermgr.exe, 00000007.00000002.637307214.0000023538F21000.00000004.00000020.sdmp | String found in binary or memory: https://117.252.68.211/che7/066656_W10017134.01BBF31298B77829737BB7961939977F/5/kps/~ |
Source: wermgr.exe, 0000000E.00000002.645516304.0000024B66CDA000.00000004.00000020.sdmp | String found in binary or memory: https://117.252.68.211/che7/066656_W10017134.9E37716DC9BB3F4BF1D83E6BCFD1DB93/0/Windows%2010%20x64/1 |
Source: wermgr.exe, 0000000E.00000002.635264188.0000024B00000000.00000004.00000001.sdmp | String found in binary or memory: https://117.252.68.211/che7/066656_W10017134.9E37716DC9BB3F4BF1D83E6BCFD1DB93/14/DNSBL/listed/0/ |
Source: wermgr.exe, 0000000E.00000002.635264188.0000024B00000000.00000004.00000001.sdmp | String found in binary or memory: https://117.252.68.211/che7/066656_W10017134.9E37716DC9BB3F4BF1D83E6BCFD1DB93/14/DNSBL/listed/0/EW |
Source: wermgr.exe, 0000000E.00000002.635264188.0000024B00000000.00000004.00000001.sdmp | String found in binary or memory: https://117.252.68.211/che7/066656_W10017134.9E37716DC9BB3F4BF1D83E6BCFD1DB93/14/DNSBL/listed/0/w |
Source: wermgr.exe, 0000000E.00000002.645516304.0000024B66CDA000.00000004.00000020.sdmp | String found in binary or memory: https://117.252.68.211/che7/066656_W10017134.9E37716DC9BB3F4BF1D83E6BCFD1DB93/14/path/C:%5CUsers%5Ca |
Source: wermgr.exe, 0000000E.00000002.635264188.0000024B00000000.00000004.00000001.sdmp | String found in binary or memory: https://117.252.68.211/che7/066656_W10017134.9E37716DC9BB3F4BF1D83E6BCFD1DB93/14/user/user/0/T |
Source: wermgr.exe, 0000000E.00000002.635264188.0000024B00000000.00000004.00000001.sdmp | String found in binary or memory: https://117.252.68.211/che7/066656_W10017134.9E37716DC9BB3F4BF1D83E6BCFD1DB93/23/2000029/ |
Source: wermgr.exe, 0000000E.00000002.636931274.0000024B000C7000.00000004.00000001.sdmp | String found in binary or memory: https://117.252.68.211/che7/066656_W10017134.9E37716DC9BB3F4BF1D83E6BCFD1DB93/23/2000029/$ |
Source: wermgr.exe, 0000000E.00000002.636931274.0000024B000C7000.00000004.00000001.sdmp | String found in binary or memory: https://117.252.68.211/che7/066656_W10017134.9E37716DC9BB3F4BF1D83E6BCFD1DB93/23/2000029///0/ |
Source: wermgr.exe, 0000000E.00000002.645446388.0000024B66CD5000.00000004.00000020.sdmp, wermgr.exe, 0000000E.00000002.644986028.0000024B66C78000.00000004.00000020.sdmp | String found in binary or memory: https://117.252.68.211/che7/066656_W10017134.9E37716DC9BB3F4BF1D83E6BCFD1DB93/5/kps/ |
Source: wermgr.exe, 0000000E.00000002.635627648.0000024B00055000.00000004.00000001.sdmp | String found in binary or memory: https://117.252.68.211/der |
Source: wermgr.exe, 0000000E.00000002.635627648.0000024B00055000.00000004.00000001.sdmp | String found in binary or memory: https://117.252.68.211/derMHZ:2 |
Source: wermgr.exe, 0000000E.00000002.635627648.0000024B00055000.00000004.00000001.sdmp | String found in binary or memory: https://117.252.68.211/rguH2:( |
Source: wermgr.exe, 00000007.00000002.637461915.0000023538F3C000.00000004.00000020.sdmp | String found in binary or memory: https://117.252.68.211/vider |
Source: wermgr.exe, 00000007.00000002.637461915.0000023538F3C000.00000004.00000020.sdmp | String found in binary or memory: https://117.252.68.211/viderk |
Source: wermgr.exe, 00000007.00000002.637461915.0000023538F3C000.00000004.00000020.sdmp | String found in binary or memory: https://117.252.68.211/videro |
Source: wermgr.exe, 0000000E.00000002.635264188.0000024B00000000.00000004.00000001.sdmp | String found in binary or memory: https://117.252.68.211:443/che7/066656_W10017134.9E37716DC9BB3F4BF1D83E6BCFD1DB93/14/DNSBL/listed/0/ |
Source: wermgr.exe, 0000000E.00000002.635264188.0000024B00000000.00000004.00000001.sdmp | String found in binary or memory: https://117.252.68.211:443/che7/066656_W10017134.9E37716DC9BB3F4BF1D83E6BCFD1DB93/14/user/user/0/ |
Source: wermgr.exe, 0000000E.00000002.635264188.0000024B00000000.00000004.00000001.sdmp | String found in binary or memory: https://117.252.68.211:443/che7/066656_W10017134.9E37716DC9BB3F4BF1D83E6BCFD1DB93/23/2000029/Q |
Source: wermgr.exe, 0000000E.00000002.636931274.0000024B000C7000.00000004.00000001.sdmp | String found in binary or memory: https://watson.telemet |
Source: wermgr.exe, 0000000E.00000002.636931274.0000024B000C7000.00000004.00000001.sdmp | String found in binary or memory: https://watson.telemetpinfo.io/ |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6DD3C19C | 4_2_6DD3C19C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6DD3A853 | 4_2_6DD3A853 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6DD84DDD | 4_2_6DD84DDD |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6DD321C0 | 4_2_6DD321C0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6DD69660 | 4_2_6DD69660 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6DD36369 | 4_2_6DD36369 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6DD31000 | 4_2_6DD31000 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6DD7260C | 4_2_6DD7260C |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_0000023602440E30 | 6_2_0000023602440E30 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_0000023602448FF0 | 6_2_0000023602448FF0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_0000023602442CB0 | 6_2_0000023602442CB0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_00000236024385C0 | 6_2_00000236024385C0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_00000236024325D0 | 6_2_00000236024325D0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_00000236024459A0 | 6_2_00000236024459A0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_000002360244C1A0 | 6_2_000002360244C1A0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_00000236024385B0 | 6_2_00000236024385B0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_000002360244D670 | 6_2_000002360244D670 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_000002360244FE10 | 6_2_000002360244FE10 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_0000023602435620 | 6_2_0000023602435620 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_000002360243F630 | 6_2_000002360243F630 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_0000023602449ED0 | 6_2_0000023602449ED0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_0000023602431AF0 | 6_2_0000023602431AF0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_0000023602439750 | 6_2_0000023602439750 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_000002360244A760 | 6_2_000002360244A760 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_000002360243BB70 | 6_2_000002360243BB70 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_0000023602440300 | 6_2_0000023602440300 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_0000023602432B10 | 6_2_0000023602432B10 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_0000023602450320 | 6_2_0000023602450320 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_00000236024333E0 | 6_2_00000236024333E0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_000002360243DBE0 | 6_2_000002360243DBE0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_000002360243CBF0 | 6_2_000002360243CBF0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_000002360243EFB0 | 6_2_000002360243EFB0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_000002360244BC40 | 6_2_000002360244BC40 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_0000023602448800 | 6_2_0000023602448800 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_000002360243E8E0 | 6_2_000002360243E8E0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_000002360244D0A0 | 6_2_000002360244D0A0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_00000236024370B0 | 6_2_00000236024370B0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 6_2_0000023602433160 | 6_2_0000023602433160 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D38FF0 | 7_2_0000023538D38FF0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D32CB0 | 7_2_0000023538D32CB0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D30E30 | 7_2_0000023538D30E30 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D3BC40 | 7_2_0000023538D3BC40 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D2CBF0 | 7_2_0000023538D2CBF0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D2DBE0 | 7_2_0000023538D2DBE0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D233E0 | 7_2_0000023538D233E0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D38800 | 7_2_0000023538D38800 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D2EFB0 | 7_2_0000023538D2EFB0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D23160 | 7_2_0000023538D23160 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D2E8E0 | 7_2_0000023538D2E8E0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D270B0 | 7_2_0000023538D270B0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D3D0A0 | 7_2_0000023538D3D0A0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D3D670 | 7_2_0000023538D3D670 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D2F630 | 7_2_0000023538D2F630 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D25620 | 7_2_0000023538D25620 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D3FE10 | 7_2_0000023538D3FE10 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D285B0 | 7_2_0000023538D285B0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D359A0 | 7_2_0000023538D359A0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D3C1A0 | 7_2_0000023538D3C1A0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D225D0 | 7_2_0000023538D225D0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D285C0 | 7_2_0000023538D285C0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D2BB70 | 7_2_0000023538D2BB70 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D3A760 | 7_2_0000023538D3A760 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D40320 | 7_2_0000023538D40320 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D29750 | 7_2_0000023538D29750 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D21AF0 | 7_2_0000023538D21AF0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D22B10 | 7_2_0000023538D22B10 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D30300 | 7_2_0000023538D30300 |
Source: C:\Windows\System32\wermgr.exe | Code function: 7_2_0000023538D39ED0 | 7_2_0000023538D39ED0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AEDBE0 | 14_2_0000024B66AEDBE0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AE9750 | 14_2_0000024B66AE9750 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AF2CB0 | 14_2_0000024B66AF2CB0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AF8FF0 | 14_2_0000024B66AF8FF0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AFFE10 | 14_2_0000024B66AFFE10 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AF0E30 | 14_2_0000024B66AF0E30 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AEBB70 | 14_2_0000024B66AEBB70 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AE33E0 | 14_2_0000024B66AE33E0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AEEFB0 | 14_2_0000024B66AEEFB0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66B00320 | 14_2_0000024B66B00320 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AE2B10 | 14_2_0000024B66AE2B10 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AE1AF0 | 14_2_0000024B66AE1AF0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AF0300 | 14_2_0000024B66AF0300 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AFA760 | 14_2_0000024B66AFA760 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AFD0A0 | 14_2_0000024B66AFD0A0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AEE8E0 | 14_2_0000024B66AEE8E0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AE70B0 | 14_2_0000024B66AE70B0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AECBF0 | 14_2_0000024B66AECBF0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AF8800 | 14_2_0000024B66AF8800 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AFBC40 | 14_2_0000024B66AFBC40 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AFC1A0 | 14_2_0000024B66AFC1A0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AF59A0 | 14_2_0000024B66AF59A0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AE25D0 | 14_2_0000024B66AE25D0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AE85B0 | 14_2_0000024B66AE85B0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AE85C0 | 14_2_0000024B66AE85C0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AE3160 | 14_2_0000024B66AE3160 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AFD670 | 14_2_0000024B66AFD670 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AF9ED0 | 14_2_0000024B66AF9ED0 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AE5620 | 14_2_0000024B66AE5620 |
Source: C:\Windows\System32\wermgr.exe | Code function: 14_2_0000024B66AEF630 | 14_2_0000024B66AEF630 |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\fTXDq_9l7R2B0vcJRNsxuiqMxwPxzPi4LKezkpuCM_E.dll' | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\fTXDq_9l7R2B0vcJRNsxuiqMxwPxzPi4LKezkpuCM_E.dll',#1 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\fTXDq_9l7R2B0vcJRNsxuiqMxwPxzPi4LKezkpuCM_E.dll,StartW | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\fTXDq_9l7R2B0vcJRNsxuiqMxwPxzPi4LKezkpuCM_E.dll',#1 | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 704 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\fTXDq_9l7R2B0vcJRNsxuiqMxwPxzPi4LKezkpuCM_E.dll',StartW | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 712 | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 712 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\fTXDq_9l7R2B0vcJRNsxuiqMxwPxzPi4LKezkpuCM_E.dll',#1 | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\fTXDq_9l7R2B0vcJRNsxuiqMxwPxzPi4LKezkpuCM_E.dll,StartW | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\fTXDq_9l7R2B0vcJRNsxuiqMxwPxzPi4LKezkpuCM_E.dll',StartW | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\fTXDq_9l7R2B0vcJRNsxuiqMxwPxzPi4LKezkpuCM_E.dll',#1 | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\System32\wermgr.exe C:\Windows\system32\wermgr.exe | Jump to behavior |