Source: | Binary string: ClusApi.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 0000000E.00000003.725980115.0000000004634000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb4 source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: lbase.pdb source: WerFault.exe, 0000000E.00000003.725980115.0000000004634000.00000004.00000001.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: glu32.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdbk source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: dnsapi.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: rasapi32.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: HD`lbase.pdb source: WerFault.exe, 0000000E.00000003.726295606.0000000004635000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: mpr.pdb? source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb& source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: opengl32.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: ws2_32.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb< source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: nsi.pdb source: WerFault.exe, 0000000E.00000003.734209164.0000000004BF0000.00000004.00000040.sdmp |
Source: | Binary string: rasman.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: fpmvppp.pdb source: loaddll32.exe, 00000000.00000002.655496338.0000000010024000.00000002.00020000.sdmp, a98ab505_by_Libranalysis.dll |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: wUxTheme.pdb< source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: ole32.pdb* source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_10011460 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_1000846C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_10001494 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_1000A52C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_10011D58 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_10019348 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_10010754 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_100090CC |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\a98ab505_by_Libranalysis.dll' |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\a98ab505_by_Libranalysis.dll',#1 |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\a98ab505_by_Libranalysis.dll',#1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 764 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\a98ab505_by_Libranalysis.dll',#1 |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\a98ab505_by_Libranalysis.dll',#1 |
Source: | Binary string: ClusApi.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 0000000E.00000003.725980115.0000000004634000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb4 source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: lbase.pdb source: WerFault.exe, 0000000E.00000003.725980115.0000000004634000.00000004.00000001.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: glu32.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdbk source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: dnsapi.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: rasapi32.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: HD`lbase.pdb source: WerFault.exe, 0000000E.00000003.726295606.0000000004635000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: mpr.pdb? source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb& source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: opengl32.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: ws2_32.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb< source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: nsi.pdb source: WerFault.exe, 0000000E.00000003.734209164.0000000004BF0000.00000004.00000040.sdmp |
Source: | Binary string: rasman.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: fpmvppp.pdb source: loaddll32.exe, 00000000.00000002.655496338.0000000010024000.00000002.00020000.sdmp, a98ab505_by_Libranalysis.dll |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: wUxTheme.pdb< source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000E.00000003.734170143.0000000004BE0000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 0000000E.00000003.734096122.0000000004AC1000.00000004.00000001.sdmp |
Source: | Binary string: ole32.pdb* source: WerFault.exe, 0000000E.00000003.734183815.0000000004BE6000.00000004.00000040.sdmp |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1000742D push ebx; iretd |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10004836 push esp; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1000888E push ds; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_100090C5 push ds; retf |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_100070CF push ebx; retf |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10006909 push ds; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10007540 push bx; retf |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10005168 push ds; iretd |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1000918C push es; retf |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10007D8D push es; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_100079B5 push ecx; retf |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1000762B push ds; retf |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1000523E push esi; retf |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1000428B push FFFFFFA0h; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10002691 push edx; iretd |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_100036A2 push ecx; iretd |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_100066A4 push ecx; iretd |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_100036A5 push ds; iretd |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10007ECA push ds; iretd |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_100036ED push ds; iretd |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_100042EE push FFFFFFA0h; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10007307 push ebx; iretd |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1000772D push ecx; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10022F50 push edx; iretd |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1000435C push ebx; retf |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1000476B push es; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10004389 push FFFFFFA0h; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_100073B5 push ebx; iretd |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_100063C9 push esi; retf |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_100067CB push edi; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_1000F6CC push esi; mov dword ptr [esp], 00000000h |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: WerFault.exe, 0000000E.00000002.753015700.0000000004830000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: WerFault.exe, 0000000E.00000003.748950202.0000000004648000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW |
Source: WerFault.exe, 0000000E.00000002.753015700.0000000004830000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: WerFault.exe, 0000000E.00000002.753015700.0000000004830000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: WerFault.exe, 0000000E.00000002.753015700.0000000004830000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_10006D50 GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_10006D50 GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.