Source: | Binary string: netutils.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.380967509.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wkernel32.pdb source: PLAY.mal_.exe, 00000000.00000003.380378382.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: bcrypt.pdb source: PLAY.mal_.exe, 00000000.00000003.380946454.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: ucrtbase.pdb source: PLAY.mal_.exe, 00000000.00000003.381007395.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: msvcrt.pdb source: PLAY.mal_.exe, 00000000.00000003.392615104.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wrpcrt4.pdb source: PLAY.mal_.exe, 00000000.00000003.381337074.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wntdll.pdb source: PLAY.mal_.exe, 00000000.00000003.380084663.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: shcore.pdb source: PLAY.mal_.exe, 00000000.00000003.393091382.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wwin32u.pdbGCTL source: PLAY.mal_.exe, 00000000.00000003.402134952.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: bcryptprimitives.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381571826.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wgdi32.pdb source: PLAY.mal_.exe, 00000000.00000003.398338084.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: advapi32.pdb source: PLAY.mal_.exe, 00000000.00000003.397854199.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: fltLib.pdb source: PLAY.mal_.exe, 00000000.00000003.402653498.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wsspicli.pdb source: PLAY.mal_.exe, 00000000.00000003.381518459.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: cfgmgr32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.392986515.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: shell32.pdb source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wrpcrt4.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381337074.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: msvcp_win.pdb source: PLAY.mal_.exe, 00000000.00000003.399573219.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wgdi32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.398338084.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wimm32.pdb source: PLAY.mal_.exe, 00000000.00000003.402719687.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wkernelbase.pdb source: PLAY.mal_.exe, 00000000.00000003.380476408.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: shlwapi.pdb source: PLAY.mal_.exe, 00000000.00000003.398164138.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: mpr.pdb source: PLAY.mal_.exe, 00000000.00000003.402907884.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: shlwapi.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.398164138.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wwin32u.pdb source: PLAY.mal_.exe, 00000000.00000003.402134952.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wsspicli.pdbGCTL source: PLAY.mal_.exe, 00000000.00000003.381518459.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: combase.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.393364039.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: ucrtbase.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381007395.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: srvcli.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381294989.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wkernelbase.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.380476408.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: cryptbase.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381549375.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wuser32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.400002647.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: shell32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: srvcli.pdb source: PLAY.mal_.exe, 00000000.00000003.381294989.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wimm32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.402719687.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: fltLib.pdbGCTL source: PLAY.mal_.exe, 00000000.00000003.402653498.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: profapi.pdb source: PLAY.mal_.exe, 00000000.00000003.402283247.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wgdi32full.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.398793778.000000000317B000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: ws2_32.pdb source: PLAY.mal_.exe, 00000000.00000003.382187348.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: iphlpapi.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381918022.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wgdi32full.pdb source: PLAY.mal_.exe, 00000000.00000003.398793778.000000000317B000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: shcore.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.393091382.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: mpr.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.402907884.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: sechost.pdb source: PLAY.mal_.exe, 00000000.00000003.381665426.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: iphlpapi.pdb source: PLAY.mal_.exe, 00000000.00000003.381918022.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: XAMLHostHwndvolumelabelmasteredudfhelpJOLIETUDFData\Program Files\$Windows.~BT\Windows\ProgramData\Program Files (x86)\Program Files\Data\Windows\Data\ProgramData\Data\Program Files (x86)\.cer.cdxml.cat.automaticdestinations-ms.appxpackage.appxbundle.appxWindows.old\.fon.etl.efi.dsft.dmp.customdestinations-ms.cookie.msm.msip.mpb.mp.p12.p10.otf.ost.olb.ocx.nst.mui.pdb.partial.p7x.p7s.p7r.p7m.p7c.p7b.psf.psd1.pfx.pfm.pem.ttc.sys.sst.spkg.spc.sft.rll.winmd.wim.wfs.vsix.vsi.vmrs.vmcxWININET.xap%s (%d).%s\shellIfExecBrowserFlagsft%06dNeverShowExtAlwaysShowExtTopicL source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wntdll.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.380084663.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: powrprof.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.402395094.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: powrprof.pdb source: PLAY.mal_.exe, 00000000.00000003.402395094.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: Windows.Storage.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.394554162.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: apphelp.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.380856909.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: Kernel.Appcore.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.402226498.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: wkernel32.pdbGCTL source: PLAY.mal_.exe, 00000000.00000003.380378382.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: sechost.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381665426.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: PLAY.mal_.exe, 00000000.00000003.402226498.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: bcrypt.pdbGCTL source: PLAY.mal_.exe, 00000000.00000003.380946454.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: msvcp_win.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.399573219.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: advapi32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.397854199.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: cryptbase.pdb source: PLAY.mal_.exe, 00000000.00000003.381549375.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: PLAY.mal_.exe, 00000000.00000003.381571826.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: cfgmgr32.pdb source: PLAY.mal_.exe, 00000000.00000003.392986515.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: Windows.Storage.pdb source: PLAY.mal_.exe, 00000000.00000003.394554162.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: combase.pdb source: PLAY.mal_.exe, 00000000.00000003.393364039.0000000003100000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: ApplicationFrameWindowWindows.Foundation.Collections.IIterator`1<IUnknown>Windows.Foundation.Collections.IVectorView`1<IUnknown>Windows.Foundation.Collections.IVector`1<IUnknown>@%SystemRoot%\System32\SettingSyncCore.dll,-1024internal\onecoreuapshell\private\inc\shouldswitchtodesktop.hinternal\onecoreuapshell\private\inc\sharedstoragesources\syncrootcommon.hData\Program Files\Data\Program Files (x86)\Data\ProgramData\Data\Windows\Program Files\Program Files (x86)\ProgramData\Windows\$Windows.~BT\Windows.old\.appx.appxbundle.appxpackage.automaticdestinations-ms.cat.cdxml.cer.cookie.customdestinations-ms.dmp.dsft.efi.etl.fon.ini.iso.mp.mpb.msip.msm.mui.nst.ocx.olb.ost.otf.p10.p12.p7b.p7c.p7m.p7r.p7s.p7x.partial.pdb.pem.pfm.pfx.psd1.psf.rll.sft.spc.spkg.sst.ttc.ttf.vmcx.vmrs.vsi.vsix.wfs.wim.winmd.xapFTSearched0000000000000000000BasicPropertiesDocumentPropertiesImagePropertiesVideoPropertiesMusicPropertiesRenameAsyncOverloadDefaultOptionsRenameAsyncIStorageItem2GetParentAsyncIsEqualGetThumbnailAsyncOverloadDefaultSizeDefaultOptionsGetThumbnailAsyncOverloadDefaultOptionsget_DisplayNameIStorageItemProperties2GetScaledImageAsThumbnailAsyncOverloadDefaultSizeDefaultOptionsGetScaledImageAsThumbnailAsyncOverloadDefaultOptionsGetScaledImageAsThumbnailAsyncIStorageItemPropertiesWithProviderget_ProviderIStorageItemThumbnailAccessPrivGetScaledImageOrThumbnailAsyncIStorageItemHandleAcccessOpenAsyncPrivatePauseDeferredUpdateSetStreamedFileCallbackGetStreamedFileCallbackGetSpecialInternalPropertySetSpecialInternalPropertyCreateTempFileInSameLocationCopyOverloadDefaultOptionsCopyOverloadCopyAndReplaceAsyncMoveOverloadDefaultNameAndOptionsWindows.Security.EnterpriseData.FileProtectionManagerMoveOverloadDefaultOptionsoptionsCreateFolderAsyncOverloadDefaultOptionsGetItemAsyncGetItemsAsyncOverloadDefaultStartAndCountCreateFileQueryOverloadDefaultCreateFileQueryCreateFolderQueryOverloadDefaultCreateFolderQueryCreateFolderQueryWithOptionsCreateItemQueryWithOptionsGetFilesAsyncOverloadDefaultStartAndCountGetFoldersAsyncOverloadDefaultStartAndCountget_MusicLibraryget_HomeGroupget_RemovableDevicesget_MediaServerDevicesget_Playlistsget_SavedPicturesget_Objects3Dget_AppCapturesget_RecordedCallsGetFolderForUserAsyncget_ApplicationDataSharedLocalGetPublisherCacheFolderGetApplicationDataFolderForUserGetPublisherCacheFolderForUserknownfolder:{AB5FB87B-7CE2-4F83-915D-550846C9537B}knownfolder:{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}knownfolder:{1C2AC1DC-4358-4B6 |