{"Version": 22202, "C2 list": ["203.114.109.124:443", "82.165.145.100:6601", "94.177.255.18:8172"], "RC4 keys": ["BwjTiXD0nMT8wuL0lzuDMT1lwajgYLnSPMpMch1H2fk8H", "q9kldr5IysNmmZqCx9jFzlSDl8TYcZm1jGiJKdnQ5Lg6QzqUnZo1jkSGDQVP1"]}
Source: | Binary string: bcrypt.pdb+( source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: ClusApi.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: glu32.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb!( source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdbk source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: dnsapi.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: rasapi32.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb#-8[VE source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb5( source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: opengl32.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb'( source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: ws2_32.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: rasman.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: nsi.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: fpmvppp.pdb source: loaddll32.exe, 00000000.00000002.231135027.0000000010024000.00000002.00020000.sdmp, WerFault.exe, 00000010.00000002.325705287.0000000005130000.00000002.00000001.sdmp, 87324661_by_Libranalysis.dll |
Source: | Binary string: msctf.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: rasapi32.pdb( source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb?( source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: WerFault.exe, 00000010.00000002.325705287.0000000005130000.00000002.00000001.sdmp, 87324661_by_Libranalysis.dll | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: WerFault.exe, 00000010.00000002.325705287.0000000005130000.00000002.00000001.sdmp, 87324661_by_Libranalysis.dll | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: WerFault.exe, 00000010.00000002.325705287.0000000005130000.00000002.00000001.sdmp, 87324661_by_Libranalysis.dll | String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s |
Source: WerFault.exe, 00000010.00000002.325705287.0000000005130000.00000002.00000001.sdmp, 87324661_by_Libranalysis.dll | String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0# |
Source: WerFault.exe, 00000010.00000002.325705287.0000000005130000.00000002.00000001.sdmp, 87324661_by_Libranalysis.dll | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: WerFault.exe, 00000010.00000002.325705287.0000000005130000.00000002.00000001.sdmp, 87324661_by_Libranalysis.dll | String found in binary or memory: http://ocsp.sectigo.com0 |
Source: WerFault.exe, 00000010.00000002.325705287.0000000005130000.00000002.00000001.sdmp, 87324661_by_Libranalysis.dll | String found in binary or memory: https://sectigo.com/CPS0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_10001494 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_10011460 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_1000846C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_1000A52C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_10011D58 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_10019348 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_10010754 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_100090CC |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\87324661_by_Libranalysis.dll' |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\87324661_by_Libranalysis.dll',#1 |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\87324661_by_Libranalysis.dll',#1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 764 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\87324661_by_Libranalysis.dll',#1 |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\87324661_by_Libranalysis.dll',#1 |
Source: | Binary string: bcrypt.pdb+( source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: ClusApi.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: glu32.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb!( source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdbk source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: dnsapi.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: rasapi32.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb#-8[VE source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb5( source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: opengl32.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb'( source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: ws2_32.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: rasman.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: nsi.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: fpmvppp.pdb source: loaddll32.exe, 00000000.00000002.231135027.0000000010024000.00000002.00020000.sdmp, WerFault.exe, 00000010.00000002.325705287.0000000005130000.00000002.00000001.sdmp, 87324661_by_Libranalysis.dll |
Source: | Binary string: msctf.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: rasapi32.pdb( source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb?( source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000010.00000003.310608360.00000000051D0000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 00000010.00000003.310620787.00000000051D6000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000010.00000003.310596406.0000000005201000.00000004.00000001.sdmp |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10003625 push ecx; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1000657D push ecx; iretd |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_1000F6CC push esi; mov dword ptr [esp], 00000000h |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: WerFault.exe, 00000010.00000002.325002595.0000000004C77000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW( |
Source: WerFault.exe, 00000010.00000002.325097662.0000000004E90000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: WerFault.exe, 00000010.00000002.325062640.0000000004C9D000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW |
Source: WerFault.exe, 00000010.00000002.325097662.0000000004E90000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: WerFault.exe, 00000010.00000002.325097662.0000000004E90000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: WerFault.exe, 00000010.00000002.325097662.0000000004E90000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_10006D50 GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_10006D50 GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA, |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.