Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0040A1F6 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,LocalAlloc,BCryptDecrypt,BCryptCloseAlgorithmProvider,BCryptDestroyKey, |
0_2_0040A1F6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_004245C3 CryptAcquireContextA,CryptCreateHash,lstrlenW,CryptHashData,CryptGetHashParam,wsprintfW,lstrcatW,wsprintfW,lstrcatW,CryptDestroyHash,CryptReleaseContext,lstrlenW,CryptUnprotectData,LocalFree, |
0_2_004245C3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_00424796 lstrlenW,lstrlenW,lstrlenW,CredEnumerateW,CryptUnprotectData,LocalFree,CredFree, |
0_2_00424796 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0040A7BA GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData, |
0_2_0040A7BA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0040C9A1 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,CryptUnprotectData,LocalFree, |
0_2_0040C9A1 |
Source: |
Binary string: msvcrt.pdbk source: WerFault.exe, 00000005.00000003.660730906.00000000055D2000.00000004.00000040.sdmp |
Source: |
Binary string: ktmw32.pdb~p source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: dhcpcsvc.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: bcrypt.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: ktmw32.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: dnsapi.pdbN source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: mskeyprotect.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 00000005.00000003.660730906.00000000055D2000.00000004.00000040.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 00000005.00000003.660730906.00000000055D2000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: wrpcrt4.pdbk source: WerFault.exe, 00000005.00000003.660730906.00000000055D2000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: winnsi.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 00000005.00000003.660730906.00000000055D2000.00000004.00000040.sdmp |
Source: |
Binary string: wmswsock.pdbbp source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: mskeyprotect.pdb_ source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: msvcr100.i386.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: schannel.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: winnsi.pdb2 source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: dnsapi.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: userenv.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 00000005.00000003.660800358.00000000055D0000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: schannel.pdb, source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: dhcpcsvc.pdb4 source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: winhttp.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wUxTheme.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: ntasn1.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: gdiplus.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdbdp source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: dhcpcsvc6.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: ws2_32.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 00000005.00000003.660730906.00000000055D2000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: nsi.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: fltLib.pdbhp source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: webio.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: ncryptsslp.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdbk source: WerFault.exe, 00000005.00000003.660730906.00000000055D2000.00000004.00000040.sdmp |
Source: |
Binary string: wmswsock.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: bcrypt.pdbpp source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: msasn1.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000005.00000003.660800358.00000000055D0000.00000004.00000040.sdmp |
Source: |
Binary string: fwpuclnt.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 00000005.00000003.660800358.00000000055D0000.00000004.00000040.sdmp |
Source: |
Binary string: sechost.pdbk source: WerFault.exe, 00000005.00000003.660730906.00000000055D2000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000005.00000003.660800358.00000000055D0000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 00000005.00000003.660800358.00000000055D0000.00000004.00000040.sdmp |
Source: |
Binary string: ncrypt.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: dpapi.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: rasadhlp.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: crypt32.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0043E217 FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError, |
0_2_0043E217 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0043E387 GetFileAttributesExW,GetLastError,___std_fs_open_handle@16,GetLastError,GetFileInformationByHandle,FindFirstFileExW,FindClose, |
0_2_0043E387 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_004266C0 GdiplusStartup,GetDesktopWindow,GetWindowRect,GetWindowDC,GetDeviceCaps,CreateCompatibleDC,CreateDIBSection,DeleteDC,DeleteDC,DeleteDC,SaveDC,SelectObject,BitBlt,RestoreDC,DeleteDC,DeleteDC,DeleteDC,GdipAlloc,GdipCreateBitmapFromHBITMAP,_mbstowcs,GdipSaveImageToFile,DeleteObject,GdiplusShutdown, |
0_2_004266C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0042693B |
0_2_0042693B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_00414B7F |
0_2_00414B7F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0045A249 |
0_2_0045A249 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0044824A |
0_2_0044824A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0044A210 |
0_2_0044A210 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0045A369 |
0_2_0045A369 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0041A4E6 |
0_2_0041A4E6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_004644EB |
0_2_004644EB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_004144A8 |
0_2_004144A8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0042865E |
0_2_0042865E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_004187C0 |
0_2_004187C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0040A7BA |
0_2_0040A7BA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0042495F |
0_2_0042495F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_00412930 |
0_2_00412930 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0043C990 |
0_2_0043C990 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0040C9A1 |
0_2_0040C9A1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_00436ACF |
0_2_00436ACF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_00442BF0 |
0_2_00442BF0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: String function: 004102CD appears 47 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: String function: 0043FC0D appears 47 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: String function: 0044EE89 appears 33 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: String function: 004677E0 appears 74 times |
|
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.675310906.0000000004170000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.675301791.0000000004160000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemswsock.dll.muij% vs SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.675152667.00000000040A0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamenlsbres.dll.muij% vs SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Source: |
Binary string: msvcrt.pdbk source: WerFault.exe, 00000005.00000003.660730906.00000000055D2000.00000004.00000040.sdmp |
Source: |
Binary string: ktmw32.pdb~p source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: dhcpcsvc.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: bcrypt.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: ktmw32.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: dnsapi.pdbN source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: mskeyprotect.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 00000005.00000003.660730906.00000000055D2000.00000004.00000040.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 00000005.00000003.660730906.00000000055D2000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: wrpcrt4.pdbk source: WerFault.exe, 00000005.00000003.660730906.00000000055D2000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: winnsi.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 00000005.00000003.660730906.00000000055D2000.00000004.00000040.sdmp |
Source: |
Binary string: wmswsock.pdbbp source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: mskeyprotect.pdb_ source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: msvcr100.i386.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: schannel.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: winnsi.pdb2 source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: dnsapi.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: userenv.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 00000005.00000003.660800358.00000000055D0000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: schannel.pdb, source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: dhcpcsvc.pdb4 source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: winhttp.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wUxTheme.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: ntasn1.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: gdiplus.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdbdp source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: dhcpcsvc6.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: ws2_32.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 00000005.00000003.660730906.00000000055D2000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: nsi.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: fltLib.pdbhp source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: webio.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: ncryptsslp.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdbk source: WerFault.exe, 00000005.00000003.660730906.00000000055D2000.00000004.00000040.sdmp |
Source: |
Binary string: wmswsock.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: bcrypt.pdbpp source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: msasn1.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000005.00000003.660800358.00000000055D0000.00000004.00000040.sdmp |
Source: |
Binary string: fwpuclnt.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 00000005.00000003.660800358.00000000055D0000.00000004.00000040.sdmp |
Source: |
Binary string: sechost.pdbk source: WerFault.exe, 00000005.00000003.660730906.00000000055D2000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000005.00000003.660800358.00000000055D0000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 00000005.00000003.660800358.00000000055D0000.00000004.00000040.sdmp |
Source: |
Binary string: ncrypt.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: dpapi.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 00000005.00000003.660759508.0000000005441000.00000004.00000001.sdmp |
Source: |
Binary string: rasadhlp.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: |
Binary string: crypt32.pdb source: WerFault.exe, 00000005.00000003.660811839.00000000055D9000.00000004.00000040.sdmp |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0042495F GetVersionExW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,StrStrIW,lstrlenW,lstrlenW,FreeLibrary, |
0_2_0042495F |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0043E217 FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError, |
0_2_0043E217 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0043E387 GetFileAttributesExW,GetLastError,___std_fs_open_handle@16,GetLastError,GetFileInformationByHandle,FindFirstFileExW,FindClose, |
0_2_0043E387 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_00436ACF _strftime,GetUserDefaultLCID,GetLocaleInfoA,GetUserNameA,GetUserNameA,GetComputerNameA,GetUserNameA,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,EnumDisplayDevicesA,EnumDisplayDevicesA,EnumDisplayDevicesA, |
0_2_00436ACF |
Source: WerFault.exe, 00000005.00000002.672972673.0000000005240000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: WerFault.exe, 00000005.00000002.672718308.0000000004F40000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW |
Source: WerFault.exe, 00000005.00000002.672972673.0000000005240000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: WerFault.exe, 00000005.00000002.672972673.0000000005240000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: WerFault.exe, 00000005.00000002.672972673.0000000005240000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0042495F GetVersionExW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,StrStrIW,lstrlenW,lstrlenW,FreeLibrary, |
0_2_0042495F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_004402A4 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_004402A4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_004463B5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_004463B5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_00440406 SetUnhandledExceptionFilter, |
0_2_00440406 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_004405C8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_004405C8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: CoInitialize,GetUserDefaultLCID,GetLocaleInfoA,Sleep,GetUserNameA,_strlen,_strlen,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,CreateThread,GetModuleHandleA,FreeLibrary,WaitForSingleObject,GetEnvironmentVariableA,ShellExecuteA,ShellExecuteA,CoUninitialize, |
0_2_0042693B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
0_2_00462121 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: EnumSystemLocalesW, |
0_2_00458367 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: EnumSystemLocalesW, |
0_2_004623C3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: EnumSystemLocalesW, |
0_2_0046240E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: EnumSystemLocalesW, |
0_2_004624A9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00462534 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: GetLocaleInfoW, |
0_2_00462787 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_004628AD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: GetLocaleInfoW, |
0_2_00458994 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: GetLocaleInfoW, |
0_2_004629B3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: _strftime,GetUserDefaultLCID,GetLocaleInfoA,GetUserNameA,GetUserNameA,GetComputerNameA,GetUserNameA,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,EnumDisplayDevicesA,EnumDisplayDevicesA,EnumDisplayDevicesA, |
0_2_00436ACF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00462A82 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0042693B CoInitialize,GetUserDefaultLCID,GetLocaleInfoA,Sleep,GetUserNameA,_strlen,_strlen,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,CreateThread,GetModuleHandleA,FreeLibrary,WaitForSingleObject,GetEnvironmentVariableA,ShellExecuteA,ShellExecuteA,CoUninitialize, |
0_2_0042693B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0042495F GetVersionExW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,StrStrIW,lstrlenW,lstrlenW,FreeLibrary, |
0_2_0042495F |