Source: |
Binary string: shcore.pdb= source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wininet.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: cfgmgr32.pdb% source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.Storage.pdb> source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: urlmon.pdbC source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb= source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wsock32.pdbO source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: oleaut32.pdb+ source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: mfc42.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: ntmarta.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: urlmon.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: psapi.pdbI source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: ntmarta.pdbU source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb{ source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: comdlg32.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: ws2_32.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: iertutil.pdb[ source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: comdlg32.pdbk source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdbk source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: iertutil.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: psapi.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: comctl32v582.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdb7 source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp60.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdbk source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: oleaut32.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: mfc42.pdbk source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: shell32.pdb1 source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: wsock32.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_00428DCB memset,FindFirstFileA,FindClose, |
0_2_00428DCB |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_004251F0 __EH_prolog,#536,#924,#922,#924,#800,#800,#800,FindFirstFileA,#537,#537,#922,#923,#922,DeleteFileA,#800,#800,#800,#800,#800,FindNextFileA,FindClose,#800, |
0_2_004251F0 |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_004255B0 __EH_prolog,#537,#924,#922,#800,#800,FindFirstFileA,sscanf,sscanf,sscanf,#551,#3337,#3337,#3337,#3337,#3337,#3337,#551,FindNextFileA,FindClose,#800, |
0_2_004255B0 |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_004247C9 __EH_prolog,#537,#924,#922,#800,#800,#3811,FindFirstFileA,sscanf,sscanf,sscanf,#551,#536,#924,#922,#924,#800,#800,#800,DeleteFileA,#800,FindNextFileA,FindClose,#800, |
0_2_004247C9 |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_004258FF __EH_prolog,#3811,#924,#924,#924,#924,#924,#924,#858,#858,#858,#3790,#3790,#3790,#540,#924,#858,#800,#537,#537,#922,#923,#922,#537,#924,#800,#800,#800,#800,#800,#800,#800,#3790,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,lstrcpyA,lstrcpyA,lstrcpyA,InternetOpenA,InternetCloseHandle,InternetConnectA,FtpSetCurrentDirectoryA,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,GetComputerNameA,#3337,#3337,#3337,#3337,#3337,#3337,sprintf,FtpCreateDirectoryA,lstrcatA,lstrlenA,lstrcatA,lstrcatA,FtpSetCurrentDirectoryA,InternetCloseHandle,InternetCloseHandle,FtpPutFileA,FtpPutFileA,FtpPutFileA,FtpPutFileA,FtpPutFileA,DeleteFileA,#924,DeleteFileA,#800,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,#537,#537,#922,#923,#922,DeleteFileA,#800,#800,#800,#800,#800,#537,#537,#922,#924,#922,DeleteFileA,#800,#800,#800,#800,#800,GetUserNameA,#924,FtpPutFileA,DeleteFileA,#537,#922,#923,#800,#800,FtpCreateDirectoryA,#537,#537,#923,#922,#923,#800,#800,#800,#800,#924,#941,#924,FtpPutFileA,#800,#924,DeleteFileA,#800,#924,#924,DeleteFileA,#800,#800,#800,#800,#800,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,#924,#800,#800,#800,#800,#800,#800,#800,#800,#800,#800, |
0_2_004258FF |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_0041B588 __EH_prolog,InternetGetConnectedState,#1199,GetDlgItem,EnableWindow,GetDlgItemTextA,GetDlgItemTextA,GetDlgItemTextA,GetDlgItemTextA,GetDlgItemTextA,GetDlgItemInt,lstrcpyA,IsDlgButtonChecked,InternetOpenA,#1199,GetDlgItem,EnableWindow,InternetCloseHandle,InternetConnectA,#1199,GetDlgItem,EnableWindow,FtpSetCurrentDirectoryA,lstrcpyA,FtpCreateDirectoryA,lstrlenA,lstrcatA,lstrcatA,FtpSetCurrentDirectoryA,#1199,GetDlgItem,EnableWindow,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,#924,CreateFileA,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,WriteFile,CloseHandle,CloseHandle,FtpPutFileA,#1199,GetDlgItem,EnableWindow,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,DeleteFileA,GetDlgItem,EnableWindow,#1199,#800,#800, |
0_2_0041B588 |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_004276F1 __EH_prolog,lstrcpyA,lstrcpyA,InternetOpenA,InternetCloseHandle,InternetConnectA,FtpSetCurrentDirectoryA,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,GetComputerNameA,GetUserNameA,#3811,#537,#537,#924,#922,#922,#800,#800,#800,#800,#537,#537,#926,#922,FtpPutFileA,#800,#800,#800,#800,DeleteFileA,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,#800, |
0_2_004276F1 |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_0042221F __EH_prolog,#924,#537,#537,#922,URLDownloadToFileA,#800,#800,#800,memset,CreateFileA,ReadFile,CloseHandle,#800,CloseHandle,DeleteFileA,atoi,#1199,ShellExecuteA,#800,#800, |
0_2_0042221F |
Source: WerFault.exe, 00000004.00000003.682815138.0000000004ED6000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.microsoft |
Source: executable.4420.exe |
String found in binary or memory: http://www.blazingtools.com/ |
Source: executable.4420.exe |
String found in binary or memory: http://www.blazingtools.com/downloads.html |
Source: executable.4420.exe |
String found in binary or memory: http://www.blazingtools.com/orderbpk.html_This |
Source: executable.4420.exe |
String found in binary or memory: http://www.blazingtools.com/update.tmpupdates/bpk.dat |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_00428E0F IsWindow,IsWindowUnicode,IsClipboardFormatAvailable,IsClipboardFormatAvailable,IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,GlobalLock,lstrlenW,#823,WideCharToMultiByte,#860,#825,#860,GlobalUnlock,CloseClipboard, |
0_2_00428E0F |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_00428E0F IsWindow,IsWindowUnicode,IsClipboardFormatAvailable,IsClipboardFormatAvailable,IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,GlobalLock,lstrlenW,#823,WideCharToMultiByte,#860,#825,#860,GlobalUnlock,CloseClipboard, |
0_2_00428E0F |
Source: |
Binary string: shcore.pdb= source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wininet.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: cfgmgr32.pdb% source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.Storage.pdb> source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: urlmon.pdbC source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb= source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wsock32.pdbO source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: oleaut32.pdb+ source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: mfc42.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: ntmarta.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: urlmon.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: psapi.pdbI source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: ntmarta.pdbU source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb{ source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: comdlg32.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: ws2_32.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: iertutil.pdb[ source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: comdlg32.pdbk source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdbk source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: iertutil.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: psapi.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: comctl32v582.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdb7 source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp60.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdbk source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: oleaut32.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: mfc42.pdbk source: WerFault.exe, 00000004.00000003.666086995.00000000052A0000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: shell32.pdb1 source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 00000004.00000003.666073263.000000000512F000.00000004.00000001.sdmp |
Source: |
Binary string: wsock32.pdb source: WerFault.exe, 00000004.00000003.666092251.00000000052A7000.00000004.00000040.sdmp |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_0042221F __EH_prolog,#924,#537,#537,#922,URLDownloadToFileA,#800,#800,#800,memset,CreateFileA,ReadFile,CloseHandle,#800,CloseHandle,DeleteFileA,atoi,#1199,ShellExecuteA,#800,#800, |
0_2_0042221F |
Source: C:\Users\user\Desktop\executable.4420.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\executable.4420.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\executable.4420.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_00428DCB memset,FindFirstFileA,FindClose, |
0_2_00428DCB |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_004251F0 __EH_prolog,#536,#924,#922,#924,#800,#800,#800,FindFirstFileA,#537,#537,#922,#923,#922,DeleteFileA,#800,#800,#800,#800,#800,FindNextFileA,FindClose,#800, |
0_2_004251F0 |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_004255B0 __EH_prolog,#537,#924,#922,#800,#800,FindFirstFileA,sscanf,sscanf,sscanf,#551,#3337,#3337,#3337,#3337,#3337,#3337,#551,FindNextFileA,FindClose,#800, |
0_2_004255B0 |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_004247C9 __EH_prolog,#537,#924,#922,#800,#800,#3811,FindFirstFileA,sscanf,sscanf,sscanf,#551,#536,#924,#922,#924,#800,#800,#800,DeleteFileA,#800,FindNextFileA,FindClose,#800, |
0_2_004247C9 |
Source: WerFault.exe, 00000004.00000002.685643995.0000000004F30000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: WerFault.exe, 00000004.00000002.685584401.0000000004EE7000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW |
Source: WerFault.exe, 00000004.00000002.685643995.0000000004F30000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: WerFault.exe, 00000004.00000002.685643995.0000000004F30000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: WerFault.exe, 00000004.00000003.683034880.0000000004EA8000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW^ |
Source: WerFault.exe, 00000004.00000003.672880218.0000000004EE7000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll73 |
Source: WerFault.exe, 00000004.00000002.685643995.0000000004F30000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_004258FF __EH_prolog,#3811,#924,#924,#924,#924,#924,#924,#858,#858,#858,#3790,#3790,#3790,#540,#924,#858,#800,#537,#537,#922,#923,#922,#537,#924,#800,#800,#800,#800,#800,#800,#800,#3790,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,lstrcpyA,lstrcpyA,lstrcpyA,InternetOpenA,InternetCloseHandle,InternetConnectA,FtpSetCurrentDirectoryA,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,GetComputerNameA,#3337,#3337,#3337,#3337,#3337,#3337,sprintf,FtpCreateDirectoryA,lstrcatA,lstrlenA,lstrcatA,lstrcatA,FtpSetCurrentDirectoryA,InternetCloseHandle,InternetCloseHandle,FtpPutFileA,FtpPutFileA,FtpPutFileA,FtpPutFileA,FtpPutFileA,DeleteFileA,#924,DeleteFileA,#800,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,#537,#537,#922,#923,#922,DeleteFileA,#800,#800,#800,#800,#800,#537,#537,#922,#924,#922,DeleteFileA,#800,#800,#800,#800,#800,GetUserNameA,#924,FtpPutFileA,DeleteFileA,#537,#922,#923,#800,#800,FtpCreateDirectoryA,#537,#537,#923,#922,#923,#800,#800,#800,#800,#924,#941,#924,FtpPutFileA,#800,#924,DeleteFileA,#800,#924,#924,DeleteFileA,#800,#800,#800,#800,#800,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,#924,#800,#800,#800,#800,#800,#800,#800,#800,#800,#800, |
0_2_004258FF |
Source: C:\Users\user\Desktop\executable.4420.exe |
Code function: 0_2_00410C1A strlen,memset,htons,inet_addr,gethostbyname,bind,memset,htons,inet_addr,gethostbyname,WSASetLastError, |
0_2_00410C1A |