Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000013.00000003.685123755.000000000549C000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 00000013.00000003.686000163.0000000003521000.00000004.00000001.sdmp |
Source: | Binary string: combase.pdbK source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: WINMMBASE.pdbG source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000013.00000003.685476102.000000000352D000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdbA source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdbU source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: WINMMBASE.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: widevinecdm.dll.pdbp? source: widevinecdm.dll |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: winmm.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdbS source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: winmm.pdbi source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb1 source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: | Binary string: profapi.pdb(9 source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdbM source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000013.00000003.685476102.000000000352D000.00000004.00000001.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: widevinecdm.dll.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp, widevinecdm.dll |
Source: | Binary string: wimm32.pdb_ source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: widevinecdm.dll | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: widevinecdm.dll | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: widevinecdm.dll | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: WerFault.exe, 00000013.00000003.700533403.0000000005410000.00000004.00000001.sdmp | String found in binary or memory: http://crl.micro |
Source: widevinecdm.dll | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: widevinecdm.dll | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: widevinecdm.dll | String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: widevinecdm.dll | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: widevinecdm.dll | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: widevinecdm.dll | String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L |
Source: widevinecdm.dll | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: widevinecdm.dll | String found in binary or memory: http://ocsp.digicert.com0C |
Source: widevinecdm.dll | String found in binary or memory: http://ocsp.digicert.com0N |
Source: widevinecdm.dll | String found in binary or memory: http://ocsp.digicert.com0O |
Source: widevinecdm.dll | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: widevinecdm.dll | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\widevinecdm.dll' | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\widevinecdm.dll',#1 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\widevinecdm.dll,CreateCdmInstance | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\widevinecdm.dll',#1 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\widevinecdm.dll,DeinitializeCdmModule | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\widevinecdm.dll,GetCdmVersion | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\widevinecdm.dll,GetHandleVerifier | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\widevinecdm.dll,InitializeCdmModule_4 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\widevinecdm.dll,VerifyCdmHost_0 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\widevinecdm.dll',CreateCdmInstance | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\widevinecdm.dll',DeinitializeCdmModule | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\widevinecdm.dll',GetCdmVersion | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\widevinecdm.dll',GetHandleVerifier | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\widevinecdm.dll',InitializeCdmModule_4 | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 712 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\widevinecdm.dll',#1 | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\widevinecdm.dll,CreateCdmInstance | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\widevinecdm.dll,DeinitializeCdmModule | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\widevinecdm.dll,GetCdmVersion | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\widevinecdm.dll,GetHandleVerifier | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\widevinecdm.dll,InitializeCdmModule_4 | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\widevinecdm.dll,VerifyCdmHost_0 | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\widevinecdm.dll',CreateCdmInstance | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\widevinecdm.dll',DeinitializeCdmModule | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\widevinecdm.dll',GetCdmVersion | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\widevinecdm.dll',GetHandleVerifier | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\widevinecdm.dll',InitializeCdmModule_4 | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\widevinecdm.dll',#1 | Jump to behavior |
Source: widevinecdm.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: widevinecdm.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: widevinecdm.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: widevinecdm.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: widevinecdm.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: widevinecdm.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: | Binary string: wkernel32.pdb source: WerFault.exe, 00000013.00000003.685123755.000000000549C000.00000004.00000001.sdmp |
Source: | Binary string: bcrypt.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: sfc_os.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: msvcrt.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: | Binary string: wrpcrt4.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: wntdll.pdb source: WerFault.exe, 00000013.00000003.686000163.0000000003521000.00000004.00000001.sdmp |
Source: | Binary string: combase.pdbK source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: WINMMBASE.pdbG source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: | Binary string: advapi32.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: fltLib.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: shell32.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: msvcp_win.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: | Binary string: wkernelbase.pdb source: WerFault.exe, 00000013.00000003.685476102.000000000352D000.00000004.00000001.sdmp |
Source: | Binary string: wimm32.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: mpr.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: wwin32u.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: | Binary string: setupapi.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: wsspicli.pdbA source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: imagehlp.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: oleaut32.pdbU source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: wUxTheme.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: dwmapi.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: shcore.pdbk source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: WINMMBASE.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: profapi.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: widevinecdm.dll.pdbp? source: widevinecdm.dll |
Source: | Binary string: winspool.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: wgdi32full.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: | Binary string: shell32.pdbk source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: sechost.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: iphlpapi.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: propsys.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: ucrtbase.pdbk source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: winmm.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: powrprof.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdbS source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: winmm.pdbi source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: msctf.pdb1 source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: ole32.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: AcLayers.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: | Binary string: profapi.pdb(9 source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: shlwapi.pdbM source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: cryptbase.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: cfgmgr32.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: wkernelbase.pdb( source: WerFault.exe, 00000013.00000003.685476102.000000000352D000.00000004.00000001.sdmp |
Source: | Binary string: Windows.Storage.pdb source: WerFault.exe, 00000013.00000003.690618666.00000000058C0000.00000004.00000040.sdmp |
Source: | Binary string: combase.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: widevinecdm.dll.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp, widevinecdm.dll |
Source: | Binary string: wimm32.pdb_ source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: rundll32.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: | Binary string: oleaut32.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: sfc.pdb source: WerFault.exe, 00000013.00000003.690625280.00000000058C6000.00000004.00000040.sdmp |
Source: | Binary string: apphelp.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: | Binary string: wuser32.pdb source: WerFault.exe, 00000013.00000003.690605732.0000000005751000.00000004.00000001.sdmp |
Source: widevinecdm.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: widevinecdm.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: widevinecdm.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: widevinecdm.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: widevinecdm.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: WerFault.exe, 00000013.00000002.704377959.00000000058E0000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: WerFault.exe, 00000013.00000002.703987662.00000000053EC000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW |
Source: WerFault.exe, 00000013.00000002.704377959.00000000058E0000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: WerFault.exe, 00000013.00000002.704377959.00000000058E0000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: WerFault.exe, 00000013.00000002.704377959.00000000058E0000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 11_2_6C4B82B6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 11_2_6C4B82B6 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 11_2_6C4A9178 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 11_2_6C4A9178 |
Source: rundll32.exe, 0000000B.00000000.677885446.00000000030E0000.00000002.00000001.sdmp | Binary or memory string: Program Manager |
Source: rundll32.exe, 0000000B.00000000.677885446.00000000030E0000.00000002.00000001.sdmp | Binary or memory string: Shell_TrayWnd |
Source: rundll32.exe, 0000000B.00000000.677885446.00000000030E0000.00000002.00000001.sdmp | Binary or memory string: Progman |
Source: rundll32.exe, 0000000B.00000000.677885446.00000000030E0000.00000002.00000001.sdmp | Binary or memory string: Progmanlock |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.