Source: | Binary string: ole32.pdb# source: WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 0000000D.00000003.728766829.0000000003AC1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: propsys.pdb$ source: WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdbBa source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb) source: WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: regsvr32.pdbk source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb|g source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: | Binary string: regsvr32.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: mpr.pdb7 source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdbd_ source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: amstream.pdb source: explorer.exe, 00000004.00000003.702172421.0000000005361000.00000004.00000001.sdmp, explorer.exe, 00000005.00000003.702205579.0000000004F11000.00000004.00000001.sdmp, regsvr32.exe, 00000009.00000000.716853295.0000000010001000.00000020.00020000.sdmp, regsvr32.exe, 00000017.00000000.923266428.0000000010001000.00000020.00020000.sdmp, ZBvNS77A7a.dll.5.dr |
Source: | Binary string: propsys.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb5 source: WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdbK source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: amstream.pdbGCTL source: explorer.exe, 00000004.00000003.702172421.0000000005361000.00000004.00000001.sdmp, explorer.exe, 00000005.00000003.702205579.0000000004F11000.00000004.00000001.sdmp, regsvr32.exe, 00000009.00000000.716853295.0000000010001000.00000020.00020000.sdmp, regsvr32.exe, 00000017.00000000.923266428.0000000010001000.00000020.00020000.sdmp, ZBvNS77A7a.dll.5.dr |
Source: | Binary string: annjrqnCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000D.00000002.764287027.0000000002C32000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000002.938813664.0000000002962000.00000004.00000001.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdbvm source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: powrprof.pdbH{ source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdbk source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_030919A1 | 0_2_030919A1 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10016EC0 | 0_2_10016EC0 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10012351 | 0_2_10012351 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10011763 | 0_2_10011763 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1001538F | 0_2_1001538F |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10014FD0 | 0_2_10014FD0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_045819A1 | 2_2_045819A1 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_10016EC0 | 2_2_10016EC0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_10012351 | 2_2_10012351 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_10011763 | 2_2_10011763 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_1001538F | 2_2_1001538F |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_10014FD0 | 2_2_10014FD0 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_03611763 | 4_2_03611763 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_03612351 | 4_2_03612351 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_03614FD0 | 4_2_03614FD0 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_0361538F | 4_2_0361538F |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_03616EC0 | 4_2_03616EC0 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 5_2_00E66EC0 | 5_2_00E66EC0 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 5_2_00E64FD0 | 5_2_00E64FD0 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 5_2_00E6538F | 5_2_00E6538F |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 5_2_00E61763 | 5_2_00E61763 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 5_2_00E62351 | 5_2_00E62351 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1000C6CB NtCreateSection,DefWindowProcA,RegisterClassExA,CreateWindowExA,DestroyWindow,UnregisterClassA,GetCurrentProcess,NtMapViewOfSection,NtMapViewOfSection,VirtualAllocEx,WriteProcessMemory,GetCurrentProcess,NtUnmapViewOfSection,NtClose, | 0_2_1000C6CB |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1000CB82 memset,GetThreadContext,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,FreeLibrary, | 0_2_1000CB82 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_1000C6CB NtCreateSection,DefWindowProcA,RegisterClassExA,CreateWindowExA,DestroyWindow,UnregisterClassA,GetCurrentProcess,NtMapViewOfSection,NtMapViewOfSection,VirtualAllocEx,WriteProcessMemory,GetCurrentProcess,NtUnmapViewOfSection,NtClose, | 2_2_1000C6CB |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_1000CB82 memset,GetThreadContext,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,FreeLibrary, | 2_2_1000CB82 |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\ZBvNS77A7a.dll' | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\ZBvNS77A7a.dll',#1 | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\ZBvNS77A7a.dll',#1 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe | |
Source: C:\Windows\SysWOW64\explorer.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn payuhfp /tr 'regsvr32.exe -s \'C:\Users\user\Desktop\ZBvNS77A7a.dll\'' /SC ONCE /Z /ST 10:25 /ET 10:37 | |
Source: C:\Windows\SysWOW64\schtasks.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: unknown | Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe -s 'C:\Users\user\Desktop\ZBvNS77A7a.dll' | |
Source: C:\Windows\System32\regsvr32.exe | Process created: C:\Windows\SysWOW64\regsvr32.exe -s 'C:\Users\user\Desktop\ZBvNS77A7a.dll' | |
Source: C:\Windows\SysWOW64\regsvr32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 660 | |
Source: unknown | Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe -s 'C:\Users\user\Desktop\ZBvNS77A7a.dll' | |
Source: C:\Windows\System32\regsvr32.exe | Process created: C:\Windows\SysWOW64\regsvr32.exe -s 'C:\Users\user\Desktop\ZBvNS77A7a.dll' | |
Source: C:\Windows\SysWOW64\regsvr32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 652 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\ZBvNS77A7a.dll',#1 | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\ZBvNS77A7a.dll',#1 | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn payuhfp /tr 'regsvr32.exe -s \'C:\Users\user\Desktop\ZBvNS77A7a.dll\'' /SC ONCE /Z /ST 10:25 /ET 10:37 | Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe | Process created: C:\Windows\SysWOW64\regsvr32.exe -s 'C:\Users\user\Desktop\ZBvNS77A7a.dll' | Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe | Process created: C:\Windows\SysWOW64\regsvr32.exe -s 'C:\Users\user\Desktop\ZBvNS77A7a.dll' | Jump to behavior |
Source: | Binary string: ole32.pdb# source: WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 0000000D.00000003.728766829.0000000003AC1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: propsys.pdb$ source: WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdbBa source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb) source: WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: regsvr32.pdbk source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb|g source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: | Binary string: regsvr32.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: mpr.pdb7 source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: winspool.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: fltLib.pdbd_ source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: amstream.pdb source: explorer.exe, 00000004.00000003.702172421.0000000005361000.00000004.00000001.sdmp, explorer.exe, 00000005.00000003.702205579.0000000004F11000.00000004.00000001.sdmp, regsvr32.exe, 00000009.00000000.716853295.0000000010001000.00000020.00020000.sdmp, regsvr32.exe, 00000017.00000000.923266428.0000000010001000.00000020.00020000.sdmp, ZBvNS77A7a.dll.5.dr |
Source: | Binary string: propsys.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb5 source: WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdbK source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: amstream.pdbGCTL source: explorer.exe, 00000004.00000003.702172421.0000000005361000.00000004.00000001.sdmp, explorer.exe, 00000005.00000003.702205579.0000000004F11000.00000004.00000001.sdmp, regsvr32.exe, 00000009.00000000.716853295.0000000010001000.00000020.00020000.sdmp, regsvr32.exe, 00000017.00000000.923266428.0000000010001000.00000020.00020000.sdmp, ZBvNS77A7a.dll.5.dr |
Source: | Binary string: annjrqnCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000D.00000002.764287027.0000000002C32000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000002.938813664.0000000002962000.00000004.00000001.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: advapi32.pdbvm source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000D.00000003.737253466.0000000003DB0000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932298953.0000000003D30000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp, WerFault.exe, 00000019.00000003.932307324.0000000003D36000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: | Binary string: powrprof.pdbH{ source: WerFault.exe, 0000000D.00000003.737356835.0000000003DB6000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdbk source: WerFault.exe, 0000000D.00000003.737117016.0000000003DE1000.00000004.00000001.sdmp, WerFault.exe, 00000019.00000003.932275167.0000000003D61000.00000004.00000001.sdmp |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_030944AB push edi; mov dword ptr [esp], 00000003h | 0_2_030944FE |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_030944AB push edx; mov dword ptr [esp], 00F00000h | 0_2_03094507 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_030919A1 push 00000000h; mov dword ptr [esp], eax | 0_2_03091C63 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_030919A1 push 00000000h; mov dword ptr [esp], edx | 0_2_03091C89 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_030919A1 push 00000000h; mov dword ptr [esp], ecx | 0_2_03091D27 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_030919A1 push ebp; mov dword ptr [esp], 000FFFFFh | 0_2_03091EE2 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1001A006 push ebx; ret | 0_2_1001A007 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1001D485 push FFFFFF8Ah; iretd | 0_2_1001D50E |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1001D4B6 push FFFFFF8Ah; iretd | 0_2_1001D50E |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10019D54 push cs; iretd | 0_2_10019E2A |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_10019E56 push cs; iretd | 0_2_10019E2A |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_1001BB21 push esi; iretd | 0_2_1001BB26 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_045844AB push edi; mov dword ptr [esp], 00000003h | 2_2_045844FE |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_045844AB push edx; mov dword ptr [esp], 00F00000h | 2_2_04584507 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_045819A1 push 00000000h; mov dword ptr [esp], eax | 2_2_04581C63 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_045819A1 push 00000000h; mov dword ptr [esp], edx | 2_2_04581C89 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_045819A1 push 00000000h; mov dword ptr [esp], ecx | 2_2_04581D27 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_045819A1 push ebp; mov dword ptr [esp], 000FFFFFh | 2_2_04581EE2 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_1001A006 push ebx; ret | 2_2_1001A007 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_1001D485 push FFFFFF8Ah; iretd | 2_2_1001D50E |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_1001D4B6 push FFFFFF8Ah; iretd | 2_2_1001D50E |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_10019D54 push cs; iretd | 2_2_10019E2A |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_10019E56 push cs; iretd | 2_2_10019E2A |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_1001BB21 push esi; iretd | 2_2_1001BB26 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_0361BB21 push esi; iretd | 4_2_0361BB26 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_03619E56 push cs; iretd | 4_2_03619E2A |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_03619D54 push cs; iretd | 4_2_03619E2A |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_0361A006 push ebx; ret | 4_2_0361A007 |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_0361D4B6 push FFFFFF8Ah; iretd | 4_2_0361D50E |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 4_2_0361D485 push FFFFFF8Ah; iretd | 4_2_0361D50E |
Source: C:\Windows\SysWOW64\explorer.exe | Code function: 5_2_00E6D4B6 push FFFFFF8Ah; iretd | 5_2_00E6D50E |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |