This is about … .
Drwtsn32.log, traps a crashing program. It can create a file
User.dmp. 100% prove that the program was executed.
%UserProfile% = Default, Public, All)
This folder will contain the WER reports that might give a clue or a lead in the investigation. It contains the following info
🐾 timestamps ⏰ 🐾 report type 🐾 hash 🔥 🐾 application name 🐾 loaded modules