Source: |
Binary string: ole32.pdb# source: WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 0000000D.00000003.728766829.0000000003AC1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: sfc_os.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: bcrypt.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: propsys.pdb$ source: WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdbBa source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb) source: WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: regsvr32.pdbk source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: mpr.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: setupapi.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb|g source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: |
Binary string: regsvr32.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: mpr.pdb7 source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdbk source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: winspool.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: fltLib.pdbd_ source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: amstream.pdb source: explorer.exe, 00000004.00000003.702172421.0000000005361000.00000004.00000001.sdmp, explorer.exe, 00000005.00000003.702205579.0000000004F11000.00000004.00000001.sdmp, regsvr32.exe, 00000009.00000000.716853295.0000000010001000.00000020.00020000.sdmp, regsvr32.exe, 00000017.00000000.923266428.0000000010001000.00000020.00020000.sdmp, ZBvNS77A7a.dll.5.dr |
Source: |
Binary string: propsys.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: sfc_os.pdb5 source: WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: sfc.pdbK source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: AcLayers.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: amstream.pdbGCTL source: explorer.exe, 00000004.00000003.702172421.0000000005361000.00000004.00000001.sdmp, explorer.exe, 00000005.00000003.702205579.0000000004F11000.00000004.00000001.sdmp, regsvr32.exe, 00000009.00000000.716853295.0000000010001000.00000020.00020000.sdmp, regsvr32.exe, 00000017.00000000.923266428.0000000010001000.00000020.00020000.sdmp, ZBvNS77A7a.dll.5.dr |
Source: |
Binary string: annjrqnCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000D.00000002.764287027.0000000002C32000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000002.938813664.0000000002962000.00000004.00000001.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: advapi32.pdbvm source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: oleaut32.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: sfc.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: powrprof.pdbH{ source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdbk source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_030919A1 |
0_2_030919A1 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_10016EC0 |
0_2_10016EC0 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_10012351 |
0_2_10012351 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_10011763 |
0_2_10011763 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_1001538F |
0_2_1001538F |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_10014FD0 |
0_2_10014FD0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_045819A1 |
2_2_045819A1 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_10016EC0 |
2_2_10016EC0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_10012351 |
2_2_10012351 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_10011763 |
2_2_10011763 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_1001538F |
2_2_1001538F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_10014FD0 |
2_2_10014FD0 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 4_2_03611763 |
4_2_03611763 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 4_2_03612351 |
4_2_03612351 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 4_2_03614FD0 |
4_2_03614FD0 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 4_2_0361538F |
4_2_0361538F |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 4_2_03616EC0 |
4_2_03616EC0 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 5_2_00E66EC0 |
5_2_00E66EC0 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 5_2_00E64FD0 |
5_2_00E64FD0 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 5_2_00E6538F |
5_2_00E6538F |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 5_2_00E61763 |
5_2_00E61763 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 5_2_00E62351 |
5_2_00E62351 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_1000C6CB NtCreateSection,DefWindowProcA,RegisterClassExA,CreateWindowExA,DestroyWindow,UnregisterClassA,GetCurrentProcess,NtMapViewOfSection,NtMapViewOfSection,VirtualAllocEx,WriteProcessMemory,GetCurrentProcess,NtUnmapViewOfSection,NtClose, |
0_2_1000C6CB |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_1000CB82 memset,GetThreadContext,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,FreeLibrary, |
0_2_1000CB82 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_1000C6CB NtCreateSection,DefWindowProcA,RegisterClassExA,CreateWindowExA,DestroyWindow,UnregisterClassA,GetCurrentProcess,NtMapViewOfSection,NtMapViewOfSection,VirtualAllocEx,WriteProcessMemory,GetCurrentProcess,NtUnmapViewOfSection,NtClose, |
2_2_1000C6CB |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_1000CB82 memset,GetThreadContext,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,FreeLibrary, |
2_2_1000CB82 |
Source: unknown |
Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\ZBvNS77A7a.dll' |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\ZBvNS77A7a.dll',#1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\ZBvNS77A7a.dll',#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn payuhfp /tr 'regsvr32.exe -s \'C:\Users\user\Desktop\ZBvNS77A7a.dll\'' /SC ONCE /Z /ST 10:25 /ET 10:37 |
|
Source: C:\Windows\SysWOW64\schtasks.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe -s 'C:\Users\user\Desktop\ZBvNS77A7a.dll' |
|
Source: C:\Windows\System32\regsvr32.exe |
Process created: C:\Windows\SysWOW64\regsvr32.exe -s 'C:\Users\user\Desktop\ZBvNS77A7a.dll' |
|
Source: C:\Windows\SysWOW64\regsvr32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 660 |
|
Source: unknown |
Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe -s 'C:\Users\user\Desktop\ZBvNS77A7a.dll' |
|
Source: C:\Windows\System32\regsvr32.exe |
Process created: C:\Windows\SysWOW64\regsvr32.exe -s 'C:\Users\user\Desktop\ZBvNS77A7a.dll' |
|
Source: C:\Windows\SysWOW64\regsvr32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 652 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\ZBvNS77A7a.dll',#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\ZBvNS77A7a.dll',#1 |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn payuhfp /tr 'regsvr32.exe -s \'C:\Users\user\Desktop\ZBvNS77A7a.dll\'' /SC ONCE /Z /ST 10:25 /ET 10:37 |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Process created: C:\Windows\SysWOW64\regsvr32.exe -s 'C:\Users\user\Desktop\ZBvNS77A7a.dll' |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Process created: C:\Windows\SysWOW64\regsvr32.exe -s 'C:\Users\user\Desktop\ZBvNS77A7a.dll' |
Jump to behavior |
Source: |
Binary string: ole32.pdb# source: WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 0000000D.00000003.728766829.0000000003AC1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: sfc_os.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: bcrypt.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: propsys.pdb$ source: WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdbBa source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb) source: WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: regsvr32.pdbk source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: mpr.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: setupapi.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb|g source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: |
Binary string: regsvr32.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: mpr.pdb7 source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdbk source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: winspool.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: fltLib.pdbd_ source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: amstream.pdb source: explorer.exe, 00000004.00000003.702172421.0000000005361000.00000004.00000001.sdmp, explorer.exe, 00000005.00000003.702205579.0000000004F11000.00000004.00000001.sdmp, regsvr32.exe, 00000009.00000000.716853295.0000000010001000.00000020.00020000.sdmp, regsvr32.exe, 00000017.00000000.923266428.0000000010001000.00000020.00020000.sdmp, ZBvNS77A7a.dll.5.dr |
Source: |
Binary string: propsys.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: sfc_os.pdb5 source: WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: sfc.pdbK source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: AcLayers.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: amstream.pdbGCTL source: explorer.exe, 00000004.00000003.702172421.0000000005361000.00000004.00000001.sdmp, explorer.exe, 00000005.00000003.702205579.0000000004F11000.00000004.00000001.sdmp, regsvr32.exe, 00000009.00000000.716853295.0000000010001000.00000020.00020000.sdmp, regsvr32.exe, 00000017.00000000.923266428.0000000010001000.00000020.00020000.sdmp, ZBvNS77A7a.dll.5.dr |
Source: |
Binary string: annjrqnCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000D.00000002.764287027.0000000002C32000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000002.938813664.0000000002962000.00000004.00000001.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: advapi32.pdbvm source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: oleaut32.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: sfc.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: |
Binary string: powrprof.pdbH{ source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdbk source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_030944AB push edi; mov dword ptr [esp], 00000003h |
0_2_030944FE |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_030944AB push edx; mov dword ptr [esp], 00F00000h |
0_2_03094507 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_030919A1 push 00000000h; mov dword ptr [esp], eax |
0_2_03091C63 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_030919A1 push 00000000h; mov dword ptr [esp], edx |
0_2_03091C89 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_030919A1 push 00000000h; mov dword ptr [esp], ecx |
0_2_03091D27 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_030919A1 push ebp; mov dword ptr [esp], 000FFFFFh |
0_2_03091EE2 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_1001A006 push ebx; ret |
0_2_1001A007 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_1001D485 push FFFFFF8Ah; iretd |
0_2_1001D50E |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_1001D4B6 push FFFFFF8Ah; iretd |
0_2_1001D50E |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_10019D54 push cs; iretd |
0_2_10019E2A |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_10019E56 push cs; iretd |
0_2_10019E2A |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_1001BB21 push esi; iretd |
0_2_1001BB26 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_045844AB push edi; mov dword ptr [esp], 00000003h |
2_2_045844FE |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_045844AB push edx; mov dword ptr [esp], 00F00000h |
2_2_04584507 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_045819A1 push 00000000h; mov dword ptr [esp], eax |
2_2_04581C63 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_045819A1 push 00000000h; mov dword ptr [esp], edx |
2_2_04581C89 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_045819A1 push 00000000h; mov dword ptr [esp], ecx |
2_2_04581D27 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_045819A1 push ebp; mov dword ptr [esp], 000FFFFFh |
2_2_04581EE2 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_1001A006 push ebx; ret |
2_2_1001A007 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_1001D485 push FFFFFF8Ah; iretd |
2_2_1001D50E |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_1001D4B6 push FFFFFF8Ah; iretd |
2_2_1001D50E |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_10019D54 push cs; iretd |
2_2_10019E2A |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_10019E56 push cs; iretd |
2_2_10019E2A |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_1001BB21 push esi; iretd |
2_2_1001BB26 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 4_2_0361BB21 push esi; iretd |
4_2_0361BB26 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 4_2_03619E56 push cs; iretd |
4_2_03619E2A |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 4_2_03619D54 push cs; iretd |
4_2_03619E2A |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 4_2_0361A006 push ebx; ret |
4_2_0361A007 |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 4_2_0361D4B6 push FFFFFF8Ah; iretd |
4_2_0361D50E |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 4_2_0361D485 push FFFFFF8Ah; iretd |
4_2_0361D50E |
Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 5_2_00E6D4B6 push FFFFFF8Ah; iretd |
5_2_00E6D50E |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |