Source: C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll |
Metadefender: Detection: 45% |
Perma Link |
Source: C:\Users\user\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll |
ReversingLabs: Detection: 59% |
Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe |
Metadefender: Detection: 13% |
Perma Link |
Source: C:\Users\user\AppData\Local\Temp\csrss\injector\injector.exe |
ReversingLabs: Detection: 73% |
Source: C:\Users\user\Desktop\upd.exe |
Metadefender: Detection: 31% |
Perma Link |
Source: C:\Users\user\Desktop\upd.exe |
ReversingLabs: Detection: 85% |
Source: C:\Windows\rss\csrss.exe |
Metadefender: Detection: 31% |
Perma Link |
Source: C:\Windows\rss\csrss.exe |
ReversingLabs: Detection: 85% |
Source: C:\Windows\windefender.exe |
Metadefender: Detection: 28% |
Perma Link |
Source: C:\Windows\windefender.exe |
ReversingLabs: Detection: 78% |
Source: |
Binary string: Loader.pdb source: upd.exe, 00000005.00000002.319820615.0000000000401000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.347779189.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.561114927.0000000000401000.00000040.00020000.sdmp, bootx64.efi.11.dr |
Source: |
Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: Age does not matchThe module age and .pdb age do not match. source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: symsrv.pdb source: upd.exe, 00000005.00000002.321400821.0000000000C57000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.350292388.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.565483250.0000000000C57000.00000040.00020000.sdmp |
Source: |
Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: C:\Users\mac\Desktop\driver-process-monitor\x64\Release\WinmonProcessMonitor.pdb source: upd.exe, 00000005.00000002.319820615.0000000000401000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.347779189.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.561114927.0000000000401000.00000040.00020000.sdmp |
Source: |
Binary string: Downloading symbols for [%s] %ssrv*symsrv*http://https://_bad_pdb_file.pdb source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win7x64\x64\Release\SSDTHook.pdb source: upd.exe, 00000005.00000002.319820615.0000000000401000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.347779189.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.561114927.0000000000401000.00000040.00020000.sdmp |
Source: |
Binary string: '(.EfiGuardDxe.pdb source: upd.exe.0.dr |
Source: |
Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\Release\Winmon.pdb source: upd.exe, 00000005.00000002.319820615.0000000000401000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.347779189.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.561114927.0000000000401000.00000040.00020000.sdmp |
Source: |
Binary string: C:\vbox\branch\w64-1.6\out\win.amd64\release\obj\src\VBox\HostDrivers\VBoxDrv\VBoxDrv.pdb source: upd.exe, 00000005.00000002.319820615.0000000000401000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.347779189.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.561114927.0000000000401000.00000040.00020000.sdmp |
Source: |
Binary string: Drive not readyThis error indicates a .pdb file related failure. source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb source: upd.exe, 00000005.00000002.319820615.0000000000401000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.347779189.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.561114927.0000000000401000.00000040.00020000.sdmp |
Source: |
Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: C:\Users\vladimir\source\repos\driver-process-monitor\Release\WinmonProcessMonitor.pdb source: upd.exe, 00000005.00000002.319820615.0000000000401000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.347779189.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.561114927.0000000000401000.00000040.00020000.sdmp |
Source: |
Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: Unable to locate the .pdb file in this location source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\x64\Release\WinmonFS.pdb source: upd.exe, 00000005.00000002.319820615.0000000000401000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.347779189.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.561114927.0000000000401000.00000040.00020000.sdmp |
Source: |
Binary string: The module signature does not match with .pdb signature. source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: .pdb.dbg source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: '(EfiGuardDxe.pdbx source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp, EfiGuardDxe.efi.11.dr |
Source: |
Binary string: symsrv.pdbGCTL source: upd.exe, 00000005.00000002.321400821.0000000000C57000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.350292388.0000000000C57000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.565483250.0000000000C57000.00000040.00020000.sdmp |
Source: |
Binary string: or you do not have access permission to the .pdb location. source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\Release\WinmonFS.pdb source: upd.exe, 00000005.00000002.319820615.0000000000401000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.347779189.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.561114927.0000000000401000.00000040.00020000.sdmp |
Source: |
Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: EfiGuardDxe.pdb source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp, EfiGuardDxe.efi.11.dr |
Source: |
Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win7,10x32\Release\win7x32.pdb source: upd.exe, 00000005.00000002.319820615.0000000000401000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.347779189.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.561114927.0000000000401000.00000040.00020000.sdmp |
Source: |
Binary string: C:\Users\vladimir\source\repos\driver-process-monitor\x64\Release\WinmonProcessMonitor.pdb source: upd.exe, 00000005.00000002.319820615.0000000000401000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.347779189.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.561114927.0000000000401000.00000040.00020000.sdmp |
Source: |
Binary string: Signature does not matchThe module signature does not match with .pdb signature source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: dbghelp.pdb source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |
Source: |
Binary string: C:\Users\Admin\source\repos\ssdt-master\SSDT\win10x64\x64\Release\SSDTHook.pdb source: upd.exe, 00000005.00000002.319820615.0000000000401000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.347779189.0000000000401000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.561114927.0000000000401000.00000040.00020000.sdmp |
Source: |
Binary string: dbghelp.pdbGCTL source: upd.exe, 00000005.00000002.321110188.0000000000A5B000.00000040.00020000.sdmp, upd.exe, 00000008.00000002.349179433.0000000000A5B000.00000040.00020000.sdmp, csrss.exe, 0000000B.00000002.564142562.0000000000A5B000.00000040.00020000.sdmp |