Source: | Binary string: winspool.pdbxW source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 0000000D.00000003.375176370.00000000007F5000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdbTW source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: powrprof.pdbQ source: WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 0000000D.00000003.375740594.00000000007EF000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.572693362.00000000030BD000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: regsvr32.pdbk source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 0000000D.00000003.375280310.00000000007FB000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdbG source: WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdbe source: WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: regsvr32.pdb source: WerFault.exe, 0000000D.00000003.375158454.00000000007EA000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdbI source: WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: regsvr32.pdb( source: WerFault.exe, 0000000D.00000003.375158454.00000000007EA000.00000004.00000001.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdbZW source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: amstream.pdb source: explorer.exe, 00000004.00000003.360596035.0000000004491000.00000004.00000001.sdmp, explorer.exe, 00000005.00000003.360628617.00000000043E1000.00000004.00000001.sdmp, regsvr32.exe, 0000000A.00000000.370275460.0000000010001000.00000020.00020000.sdmp, regsvr32.exe, 0000001F.00000002.583080769.0000000010001000.00000020.00020000.sdmp, SAWHipN3nS.dll.5.dr |
Source: | Binary string: propsys.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb] source: WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdbo source: WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdbK source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: amstream.pdbGCTL source: explorer.exe, 00000004.00000003.360596035.0000000004491000.00000004.00000001.sdmp, explorer.exe, 00000005.00000003.360628617.00000000043E1000.00000004.00000001.sdmp, regsvr32.exe, 0000000A.00000000.370275460.0000000010001000.00000020.00020000.sdmp, regsvr32.exe, 0000001F.00000002.583080769.0000000010001000.00000020.00020000.sdmp, SAWHipN3nS.dll.5.dr |
Source: | Binary string: powrprof.pdb<W source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdbrW source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb~W source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb[ source: WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb`W source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000D.00000003.375189057.00000000007FB000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.566824953.00000000030C9000.00000004.00000001.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdbNW source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000021.00000003.566808703.00000000030C3000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdbBW source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: wntdll.pdbk source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: a/pjr2pCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000D.00000002.393309522.0000000000432000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000002.584600011.0000000002D52000.00000004.00000001.sdmp |
Source: | Binary string: sfc_os.pdbHW source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdbp source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_025E19A1 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_10016EC0 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_10012351 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_10011763 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_1001538F |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_10014FD0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_045A19A1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_10016EC0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_10012351 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_10011763 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_1001538F |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_10014FD0 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_026F6EC0 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_026F1763 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_026F2351 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_026F4FD0 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_026F538F |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 5_2_026F6EC0 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 5_2_026F1763 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 5_2_026F2351 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 5_2_026F4FD0 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 5_2_026F538F |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_1000C6CB NtCreateSection,DefWindowProcA,RegisterClassExA,CreateWindowExA,DestroyWindow,UnregisterClassA,GetCurrentProcess,NtMapViewOfSection,NtMapViewOfSection,VirtualAllocEx,WriteProcessMemory,GetCurrentProcess,NtUnmapViewOfSection,NtClose, |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_1000CB82 memset,GetThreadContext,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,FreeLibrary, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_1000C6CB NtCreateSection,DefWindowProcA,RegisterClassExA,CreateWindowExA,DestroyWindow,UnregisterClassA,GetCurrentProcess,NtMapViewOfSection,NtMapViewOfSection,VirtualAllocEx,WriteProcessMemory,GetCurrentProcess,NtUnmapViewOfSection,NtClose, |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_1000CB82 memset,GetThreadContext,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,FreeLibrary, |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SAWHipN3nS.dll' |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SAWHipN3nS.dll',#1 |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SAWHipN3nS.dll',#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe |
Source: C:\Windows\SysWOW64\explorer.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn yyhcsfwg /tr 'regsvr32.exe -s \'C:\Users\user\Desktop\SAWHipN3nS.dll\'' /SC ONCE /Z /ST 10:15 /ET 10:27 |
Source: C:\Windows\SysWOW64\schtasks.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe -s 'C:\Users\user\Desktop\SAWHipN3nS.dll' |
Source: C:\Windows\System32\regsvr32.exe | Process created: C:\Windows\SysWOW64\regsvr32.exe -s 'C:\Users\user\Desktop\SAWHipN3nS.dll' |
Source: C:\Windows\SysWOW64\regsvr32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 644 |
Source: unknown | Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe -s 'C:\Users\user\Desktop\SAWHipN3nS.dll' |
Source: C:\Windows\System32\regsvr32.exe | Process created: C:\Windows\SysWOW64\regsvr32.exe -s 'C:\Users\user\Desktop\SAWHipN3nS.dll' |
Source: C:\Windows\SysWOW64\regsvr32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 652 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SAWHipN3nS.dll',#1 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SAWHipN3nS.dll',#1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe |
Source: C:\Windows\SysWOW64\explorer.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn yyhcsfwg /tr 'regsvr32.exe -s \'C:\Users\user\Desktop\SAWHipN3nS.dll\'' /SC ONCE /Z /ST 10:15 /ET 10:27 |
Source: C:\Windows\System32\regsvr32.exe | Process created: C:\Windows\SysWOW64\regsvr32.exe -s 'C:\Users\user\Desktop\SAWHipN3nS.dll' |
Source: C:\Windows\System32\regsvr32.exe | Process created: C:\Windows\SysWOW64\regsvr32.exe -s 'C:\Users\user\Desktop\SAWHipN3nS.dll' |
Source: | Binary string: winspool.pdbxW source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 0000000D.00000003.375176370.00000000007F5000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdbTW source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: powrprof.pdbQ source: WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 0000000D.00000003.375740594.00000000007EF000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.572693362.00000000030BD000.00000004.00000001.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: regsvr32.pdbk source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 0000000D.00000003.375280310.00000000007FB000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdbG source: WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdbe source: WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: regsvr32.pdb source: WerFault.exe, 0000000D.00000003.375158454.00000000007EA000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdbI source: WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: regsvr32.pdb( source: WerFault.exe, 0000000D.00000003.375158454.00000000007EA000.00000004.00000001.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdbZW source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: amstream.pdb source: explorer.exe, 00000004.00000003.360596035.0000000004491000.00000004.00000001.sdmp, explorer.exe, 00000005.00000003.360628617.00000000043E1000.00000004.00000001.sdmp, regsvr32.exe, 0000000A.00000000.370275460.0000000010001000.00000020.00020000.sdmp, regsvr32.exe, 0000001F.00000002.583080769.0000000010001000.00000020.00020000.sdmp, SAWHipN3nS.dll.5.dr |
Source: | Binary string: propsys.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb] source: WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdbo source: WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdbK source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: amstream.pdbGCTL source: explorer.exe, 00000004.00000003.360596035.0000000004491000.00000004.00000001.sdmp, explorer.exe, 00000005.00000003.360628617.00000000043E1000.00000004.00000001.sdmp, regsvr32.exe, 0000000A.00000000.370275460.0000000010001000.00000020.00020000.sdmp, regsvr32.exe, 0000001F.00000002.583080769.0000000010001000.00000020.00020000.sdmp, SAWHipN3nS.dll.5.dr |
Source: | Binary string: powrprof.pdb<W source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdbrW source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb~W source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb[ source: WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb`W source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000D.00000003.375189057.00000000007FB000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.566824953.00000000030C9000.00000004.00000001.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577726861.0000000004080000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdbNW source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb( source: WerFault.exe, 00000021.00000003.566808703.00000000030C3000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp, WerFault.exe, 00000021.00000003.577738305.0000000004086000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdbBW source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: wntdll.pdbk source: WerFault.exe, 0000000D.00000003.386168716.0000000003681000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000003.577706381.00000000040B1000.00000004.00000001.sdmp |
Source: | Binary string: a/pjr2pCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000D.00000002.393309522.0000000000432000.00000004.00000001.sdmp, WerFault.exe, 00000021.00000002.584600011.0000000002D52000.00000004.00000001.sdmp |
Source: | Binary string: sfc_os.pdbHW source: WerFault.exe, 0000000D.00000003.386279399.00000000037E6000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdbp source: WerFault.exe, 0000000D.00000003.386268708.00000000037E0000.00000004.00000040.sdmp |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_025E44AB push edi; mov dword ptr [esp], 00000003h |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_025E44AB push edx; mov dword ptr [esp], 00F00000h |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_025E19A1 push 00000000h; mov dword ptr [esp], eax |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_025E19A1 push 00000000h; mov dword ptr [esp], edx |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_025E19A1 push 00000000h; mov dword ptr [esp], ecx |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_025E19A1 push ebp; mov dword ptr [esp], 000FFFFFh |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_1001A006 push ebx; ret |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_1001D485 push FFFFFF8Ah; iretd |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_1001D4B6 push FFFFFF8Ah; iretd |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_10019D54 push cs; iretd |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_10019E56 push cs; iretd |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_1001BB21 push esi; iretd |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_045A44AB push edi; mov dword ptr [esp], 00000003h |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_045A44AB push edx; mov dword ptr [esp], 00F00000h |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_045A19A1 push 00000000h; mov dword ptr [esp], eax |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_045A19A1 push 00000000h; mov dword ptr [esp], edx |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_045A19A1 push 00000000h; mov dword ptr [esp], ecx |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_045A19A1 push ebp; mov dword ptr [esp], 000FFFFFh |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_1001A006 push ebx; ret |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_1001D485 push FFFFFF8Ah; iretd |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_1001D4B6 push FFFFFF8Ah; iretd |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_10019D54 push cs; iretd |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_10019E56 push cs; iretd |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_1001BB21 push esi; iretd |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_026F9E56 push cs; iretd |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_026FBB21 push esi; iretd |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_026FA006 push ebx; ret |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_026FD4B6 push FFFFFF8Ah; iretd |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_026FD485 push FFFFFF8Ah; iretd |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_026F9D54 push cs; iretd |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 5_2_026F9E56 push cs; iretd |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |