Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Trojan.Agent.FHBA.20741.16185

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.Agent.FHBA.20741.16185 (renamed file extension from 16185 to dll)
Analysis ID:483798
MD5:4b59be3cef04547514828f8c6443ae20
SHA1:bed0d3a622ca55a914ceaf885ebc2fb419e8a9eb
SHA256:b7ca395f51df95bd3d5b5b4a30a5c2381a9893f0d66aff011d605319d5c0ea7d
Tags:dll
Infos:

Most interesting Screenshot:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Uses 32bit PE files
One or more processes crash
Contains functionality to read the PEB
Uses code obfuscation techniques (call, push, ret)
Checks if the current process is being debugged
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 3668 cmdline: loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)
    • cmd.exe (PID: 5444 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 2564 cmdline: rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • WerFault.exe (PID: 5440 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 812 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • rundll32.exe (PID: 1752 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll,uvlcopdlxoed MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • WerFault.exe (PID: 716 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 804 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • rundll32.exe (PID: 2036 cmdline: rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll',uvlcopdlxoed MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • WerFault.exe (PID: 2600 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 804 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: SecuriteInfo.com.Trojan.Agent.FHBA.20741.dllAvira: detected
Multi AV Scanner detection for submitted fileShow sources
Source: SecuriteInfo.com.Trojan.Agent.FHBA.20741.dllVirustotal: Detection: 62%Perma Link
Source: SecuriteInfo.com.Trojan.Agent.FHBA.20741.dllMetadefender: Detection: 29%Perma Link
Source: SecuriteInfo.com.Trojan.Agent.FHBA.20741.dllReversingLabs: Detection: 75%
Source: SecuriteInfo.com.Trojan.Agent.FHBA.20741.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, RELOCS_STRIPPED
Source: Binary string: msacm32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: msvfw32.pdbL source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: msvfw32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: dwmapi.pdb7 source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000009.00000003.250625291.00000000052FD000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.250652039.0000000000C54000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.260648787.0000000004C2B000.00000004.00000001.sdmp
Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: setupapi.pdbCa source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: avicap32.pdbF source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260757907.0000000004F31000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.285705415.00000000050B1000.00000004.00000001.sdmp
Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: wntdll.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.251728422.0000000000C4E000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.263422997.0000000000B8E000.00000004.00000001.sdmp
Source: Binary string: userenv.pdb/ source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: winmm.pdbpt source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: msacm32.pdb% source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: advapi32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: iertutil.pdbht source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: mscms.pdbT source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: urlmon.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: cryptbase.pdb8 source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: msasn1.pdbXt source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.250660218.0000000000C5A000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.262553693.0000000000B9A000.00000004.00000001.sdmp
Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: mpr.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: winspool.pdb- source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: rtutils.pdb8 source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: ODBC32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: rtutils.pdbbt source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: shcore.pdbk source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: WINMMBASE.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: ws2_32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: iertutil.pdb[ source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: winspool.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: shell32.pdbk source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: imagehlp.pdbQa source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: nsi.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: cryptbase.pdbua source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: dwmapi.pdbb source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: winmm.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: avifil32.pdb8t6 source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: wimm32.pdb> source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: mpr.pdbZ source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp
Source: Binary string: powrprof.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: ole32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: AcLayers.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260757907.0000000004F31000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.285705415.00000000050B1000.00000004.00000001.sdmp
Source: Binary string: iertutil.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: rtm.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: msasn1.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: sfc.pdbY source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: comctl32v582.pdbY source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: comctl32v582.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: wmswsock.pdb source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: combase.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: crypt32.pdbu source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: rundll32.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260757907.0000000004F31000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.285705415.00000000050B1000.00000004.00000001.sdmp
Source: Binary string: wkernel32.pdb( source: WerFault.exe, 00000009.00000003.251452448.0000000003516000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.250652039.0000000000C54000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.260239602.0000000000B94000.00000004.00000001.sdmp
Source: Binary string: sfc.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: dpapi.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: msctf.pdb$t: source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: apphelp.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260757907.0000000004F31000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.285705415.00000000050B1000.00000004.00000001.sdmp
Source: Binary string: dpapi.pdbnt source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: ole32.pdb" source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: avifil32.pdb@ source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: ColorAdapterClient.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: shcore.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: sfc_os.pdby source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260757907.0000000004F31000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.285705415.00000000050B1000.00000004.00000001.sdmp
Source: Binary string: fltLib.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: shlwapi.pdb' source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: shell32.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: msvcp_win.pdbk source: WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: wsspicli.pdb5 source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: crypt32.pdb|t source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: userenv.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wimm32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: avifil32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260757907.0000000004F31000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.285705415.00000000050B1000.00000004.00000001.sdmp
Source: Binary string: setupapi.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: ole32.pdbIa source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: oleaut32.pdb; source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: imagehlp.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: iphlpapi.pdbk source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: rtutils.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wntdll.pdb( source: WerFault.exe, 00000009.00000003.251871969.0000000003510000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.251728422.0000000000C4E000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.263422997.0000000000B8E000.00000004.00000001.sdmp
Source: Binary string: profapi.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: WINMMBASE.pdby source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: powrprof.pdb]a source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260757907.0000000004F31000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.285705415.00000000050B1000.00000004.00000001.sdmp
Source: Binary string: sechost.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wUxTheme.pdb2t( source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: winmm.pdbm source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: setupapi.pdb! source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: combase.pdbWa source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: propsys.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: sfc_os.pdb4 source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: crypt32.pdbZ source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: userenv.pdbvt source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: msctf.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wmswsock.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: bcrypt.pdbe source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: mscms.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: avicap32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 00000009.00000003.251566449.000000000351C000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.250660218.0000000000C5A000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.262553693.0000000000B9A000.00000004.00000001.sdmp
Source: Binary string: ODBC32.pdbOa source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wuser32.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260757907.0000000004F31000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.285705415.00000000050B1000.00000004.00000001.sdmp
Source: Binary string: crypt32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: mscms.pdb>t< source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: WerFault.exe, 00000009.00000002.301167220.00000000051D3000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000002.300504231.0000000004A8D000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000002.317002782.0000000004B47000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: WerFault.exe, 0000000A.00000002.301075274.0000000004B73000.00000004.00000001.sdmpString found in binary or memory: https://watson.telemetry.mSg
Source: SecuriteInfo.com.Trojan.Agent.FHBA.20741.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, RELOCS_STRIPPED
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 812
Source: SecuriteInfo.com.Trojan.Agent.FHBA.20741.dllVirustotal: Detection: 62%
Source: SecuriteInfo.com.Trojan.Agent.FHBA.20741.dllMetadefender: Detection: 29%
Source: SecuriteInfo.com.Trojan.Agent.FHBA.20741.dllReversingLabs: Detection: 75%
Source: SecuriteInfo.com.Trojan.Agent.FHBA.20741.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll,uvlcopdlxoed
Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll'
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll',#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll,uvlcopdlxoed
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll',#1
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 812
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 804
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll',uvlcopdlxoed
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 804
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll',#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll,uvlcopdlxoedJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll',uvlcopdlxoedJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll',#1Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2564
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2036
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1752
Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E8A.tmpJump to behavior
Source: classification engineClassification label: mal56.winDLL@12/12@0/1
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: SecuriteInfo.com.Trojan.Agent.FHBA.20741.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: msacm32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: msvfw32.pdbL source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: msvfw32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: dwmapi.pdb7 source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000009.00000003.250625291.00000000052FD000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.250652039.0000000000C54000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.260648787.0000000004C2B000.00000004.00000001.sdmp
Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: setupapi.pdbCa source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: avicap32.pdbF source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260757907.0000000004F31000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.285705415.00000000050B1000.00000004.00000001.sdmp
Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: wntdll.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.251728422.0000000000C4E000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.263422997.0000000000B8E000.00000004.00000001.sdmp
Source: Binary string: userenv.pdb/ source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: winmm.pdbpt source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: msacm32.pdb% source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: advapi32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: iertutil.pdbht source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: mscms.pdbT source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: urlmon.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: cryptbase.pdb8 source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: msasn1.pdbXt source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.250660218.0000000000C5A000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.262553693.0000000000B9A000.00000004.00000001.sdmp
Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: mpr.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: winspool.pdb- source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: rtutils.pdb8 source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: ODBC32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: rtutils.pdbbt source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: shcore.pdbk source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: WINMMBASE.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: ws2_32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: iertutil.pdb[ source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: winspool.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: shell32.pdbk source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: imagehlp.pdbQa source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: nsi.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: cryptbase.pdbua source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: dwmapi.pdbb source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: winmm.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: avifil32.pdb8t6 source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: wimm32.pdb> source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: mpr.pdbZ source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp
Source: Binary string: powrprof.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: ole32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: AcLayers.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260757907.0000000004F31000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.285705415.00000000050B1000.00000004.00000001.sdmp
Source: Binary string: iertutil.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: rtm.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: msasn1.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: sfc.pdbY source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: comctl32v582.pdbY source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: comctl32v582.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: wmswsock.pdb source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: combase.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: crypt32.pdbu source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: rundll32.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260757907.0000000004F31000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.285705415.00000000050B1000.00000004.00000001.sdmp
Source: Binary string: wkernel32.pdb( source: WerFault.exe, 00000009.00000003.251452448.0000000003516000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.250652039.0000000000C54000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.260239602.0000000000B94000.00000004.00000001.sdmp
Source: Binary string: sfc.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: dpapi.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: msctf.pdb$t: source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: apphelp.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260757907.0000000004F31000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.285705415.00000000050B1000.00000004.00000001.sdmp
Source: Binary string: dpapi.pdbnt source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: ole32.pdb" source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: avifil32.pdb@ source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: ColorAdapterClient.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: shcore.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: sfc_os.pdby source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260757907.0000000004F31000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.285705415.00000000050B1000.00000004.00000001.sdmp
Source: Binary string: fltLib.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: shlwapi.pdb' source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: shell32.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: msvcp_win.pdbk source: WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: wsspicli.pdb5 source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: crypt32.pdb|t source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: userenv.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wimm32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: avifil32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260757907.0000000004F31000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.285705415.00000000050B1000.00000004.00000001.sdmp
Source: Binary string: setupapi.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: ole32.pdbIa source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: oleaut32.pdb; source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: imagehlp.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: iphlpapi.pdbk source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: rtutils.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wntdll.pdb( source: WerFault.exe, 00000009.00000003.251871969.0000000003510000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.251728422.0000000000C4E000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.263422997.0000000000B8E000.00000004.00000001.sdmp
Source: Binary string: profapi.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: WINMMBASE.pdby source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: powrprof.pdb]a source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260757907.0000000004F31000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.285705415.00000000050B1000.00000004.00000001.sdmp
Source: Binary string: sechost.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wUxTheme.pdb2t( source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: winmm.pdbm source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: setupapi.pdb! source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: combase.pdbWa source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: propsys.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: sfc_os.pdb4 source: WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: crypt32.pdbZ source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: userenv.pdbvt source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: msctf.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wmswsock.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: bcrypt.pdbe source: WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp
Source: Binary string: mscms.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: avicap32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000009.00000003.261050862.0000000005770000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260797033.00000000050B0000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285777005.0000000005080000.00000004.00000040.sdmp
Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 00000009.00000003.251566449.000000000351C000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.250660218.0000000000C5A000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.262553693.0000000000B9A000.00000004.00000001.sdmp
Source: Binary string: ODBC32.pdbOa source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: wuser32.pdb source: WerFault.exe, 00000009.00000003.261011560.00000000057A1000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.260757907.0000000004F31000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000003.285705415.00000000050B1000.00000004.00000001.sdmp
Source: Binary string: crypt32.pdb source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.260807722.00000000050B7000.00000004.00000040.sdmp, WerFault.exe, 0000000E.00000003.285836070.0000000005087000.00000004.00000040.sdmp
Source: Binary string: mscms.pdb>t< source: WerFault.exe, 00000009.00000003.261068482.0000000005776000.00000004.00000040.sdmp
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_02CEC28A push ds; iretd 12_2_02CEC29E
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_02CEC993 push ds; iretd 12_2_02CEC99E
Source: C:\Windows\SysWOW64\WerFault.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 120000Jump to behavior
Source: WerFault.exe, 0000000E.00000003.308936840.0000000004C13000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWP
Source: WerFault.exe, 00000009.00000002.301040929.00000000051BF000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000002.301075274.0000000004B73000.00000004.00000001.sdmp, WerFault.exe, 0000000E.00000002.317002782.0000000004B47000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
Source: WerFault.exe, 00000009.00000002.301542912.0000000005298000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW