Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0040A1F6 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,LocalAlloc,BCryptDecrypt,BCryptCloseAlgorithmProvider,BCryptDestroyKey, |
0_2_0040A1F6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_004245C3 CryptAcquireContextA,CryptCreateHash,lstrlenW,CryptHashData,CryptGetHashParam,wsprintfW,lstrcatW,wsprintfW,lstrcatW,CryptDestroyHash,CryptReleaseContext,lstrlenW,CryptUnprotectData,LocalFree, |
0_2_004245C3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_00424796 lstrlenW,lstrlenW,lstrlenW,CredEnumerateW,CryptUnprotectData,LocalFree,CredFree, |
0_2_00424796 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0040A7BA GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData, |
0_2_0040A7BA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0040C9A1 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,CryptUnprotectData,LocalFree, |
0_2_0040C9A1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0040AEC3 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree, |
0_2_0040AEC3 |
Source: |
Binary string: msvcrt.pdbk source: WerFault.exe, 00000004.00000003.245687051.0000000005232000.00000004.00000040.sdmp |
Source: |
Binary string: dhcpcsvc.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: bcrypt.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: ktmw32.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: mskeyprotect.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 00000004.00000003.245687051.0000000005232000.00000004.00000040.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 00000004.00000003.245687051.0000000005232000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: wrpcrt4.pdbk source: WerFault.exe, 00000004.00000003.245687051.0000000005232000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: winnsi.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 00000004.00000003.245687051.0000000005232000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: mskeyprotect.pdb_ source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: msvcr100.i386.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: schannel.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: rasadhlp.pdb|? source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: shcore.pdbb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: dnsapi.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: wmswsock.pdbJ source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: userenv.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 00000004.00000003.245750481.0000000005230000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: wUxTheme.pdbP source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: winhttp.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wUxTheme.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: ntasn1.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: gdiplus.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: ktmw32.pdbV source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: dhcpcsvc6.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: ws2_32.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdbn source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 00000004.00000003.245687051.0000000005232000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: nsi.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: webio.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdbt source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: ncryptsslp.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdb\ source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdbk source: WerFault.exe, 00000004.00000003.245687051.0000000005232000.00000004.00000040.sdmp |
Source: |
Binary string: wmswsock.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: webio.pdbD source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: msasn1.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000004.00000003.245750481.0000000005230000.00000004.00000040.sdmp |
Source: |
Binary string: fwpuclnt.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 00000004.00000003.245750481.0000000005230000.00000004.00000040.sdmp |
Source: |
Binary string: sechost.pdbk source: WerFault.exe, 00000004.00000003.245687051.0000000005232000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000004.00000003.245750481.0000000005230000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 00000004.00000003.245750481.0000000005230000.00000004.00000040.sdmp |
Source: |
Binary string: ws2_32.pdb> source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: ncrypt.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: dpapi.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: dnsapi.pdbj? source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: rasadhlp.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdbh source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: fltLib.pdbz source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: crypt32.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.260697668.0000000002512000.00000004.00000001.sdmp |
String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0 |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261006956.000000000254F000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0 |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.260697668.0000000002512000.00000004.00000001.sdmp |
String found in binary or memory: http://cps.letsencrypt.org0 |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.260697668.0000000002512000.00000004.00000001.sdmp |
String found in binary or memory: http://cps.root-x1.letsencrypt.org0 |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.260697668.0000000002512000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261006956.000000000254F000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07 |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261006956.000000000254F000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261006956.000000000254F000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0 |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261006956.000000000254F000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261006956.000000000254F000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0: |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.260697668.0000000002512000.00000004.00000001.sdmp |
String found in binary or memory: http://r3.i.lencr.org/0Y |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.260697668.0000000002512000.00000004.00000001.sdmp |
String found in binary or memory: http://r3.o.lencr.org0 |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261006956.000000000254F000.00000004.00000001.sdmp |
String found in binary or memory: http://www.digicert.com/CPS0v |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261006956.000000000254F000.00000004.00000001.sdmp |
String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400 |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261006956.000000000254F000.00000004.00000001.sdmp |
String found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261006956.000000000254F000.00000004.00000001.sdmp |
String found in binary or memory: https://telete.in/jojmalbec |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.260838180.0000000002520000.00000004.00000001.sdmp |
String found in binary or memory: https://telete.in/jojmalbecW |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261006956.000000000254F000.00000004.00000001.sdmp |
String found in binary or memory: https://telete.in/org/img/t_logo.png |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261006956.000000000254F000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261006956.000000000254F000.00000004.00000001.sdmp |
String found in binary or memory: https://yearofthepig.top/ |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261006956.000000000254F000.00000004.00000001.sdmp |
String found in binary or memory: https://yearofthepig.top/A= |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261006956.000000000254F000.00000004.00000001.sdmp |
String found in binary or memory: https://yearofthepig.top/error.php |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261006956.000000000254F000.00000004.00000001.sdmp |
String found in binary or memory: https://yearofthepig.top/x |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_004266C0 GdiplusStartup,GetDesktopWindow,GetWindowRect,GetWindowDC,GetDeviceCaps,CreateCompatibleDC,CreateDIBSection,DeleteDC,DeleteDC,DeleteDC,SaveDC,SelectObject,BitBlt,RestoreDC,DeleteDC,DeleteDC,DeleteDC,GdipAlloc,GdipCreateBitmapFromHBITMAP,_mbstowcs,GdipSaveImageToFile,DeleteObject,GdiplusShutdown, |
0_2_004266C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0042693B |
0_2_0042693B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_00414B7F |
0_2_00414B7F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0045A249 |
0_2_0045A249 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0044824A |
0_2_0044824A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0044A210 |
0_2_0044A210 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0045A369 |
0_2_0045A369 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0041A4E6 |
0_2_0041A4E6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_004644EB |
0_2_004644EB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_004144A8 |
0_2_004144A8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0042865E |
0_2_0042865E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_004187C0 |
0_2_004187C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0040A7BA |
0_2_0040A7BA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0042495F |
0_2_0042495F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_00412930 |
0_2_00412930 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0043C990 |
0_2_0043C990 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0040C9A1 |
0_2_0040C9A1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_00436ACF |
0_2_00436ACF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_00442BF0 |
0_2_00442BF0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0045CD9E |
0_2_0045CD9E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0040AEC3 |
0_2_0040AEC3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0041AE8D |
0_2_0041AE8D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_00419003 |
0_2_00419003 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: String function: 004102CD appears 56 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: String function: 0044EE89 appears 50 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: String function: 00440070 appears 32 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: String function: 0043FC0D appears 56 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: String function: 004677E0 appears 94 times |
|
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261979576.0000000004020000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261967442.0000000004010000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemswsock.dll.muij% vs SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.261922673.0000000004000000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamenlsbres.dll.muij% vs SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Source: |
Binary string: msvcrt.pdbk source: WerFault.exe, 00000004.00000003.245687051.0000000005232000.00000004.00000040.sdmp |
Source: |
Binary string: dhcpcsvc.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wkernel32.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: bcrypt.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: ucrtbase.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: ktmw32.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: mskeyprotect.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: msvcrt.pdb source: WerFault.exe, 00000004.00000003.245687051.0000000005232000.00000004.00000040.sdmp |
Source: |
Binary string: wrpcrt4.pdb source: WerFault.exe, 00000004.00000003.245687051.0000000005232000.00000004.00000040.sdmp |
Source: |
Binary string: wntdll.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: wrpcrt4.pdbk source: WerFault.exe, 00000004.00000003.245687051.0000000005232000.00000004.00000040.sdmp |
Source: |
Binary string: shcore.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: winnsi.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: advapi32.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: fltLib.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdb source: WerFault.exe, 00000004.00000003.245687051.0000000005232000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: mskeyprotect.pdb_ source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: msvcr100.i386.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: schannel.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: rasadhlp.pdb|? source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: msvcp_win.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: shcore.pdbb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: dnsapi.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wkernelbase.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: wmswsock.pdbJ source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: userenv.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wimm32.pdb source: WerFault.exe, 00000004.00000003.245750481.0000000005230000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wwin32u.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: wUxTheme.pdbP source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: winhttp.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wUxTheme.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: ntasn1.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: gdiplus.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: ktmw32.pdbV source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: profapi.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: dhcpcsvc6.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: ws2_32.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: shlwapi.pdbn source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wgdi32full.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: sechost.pdb source: WerFault.exe, 00000004.00000003.245687051.0000000005232000.00000004.00000040.sdmp |
Source: |
Binary string: iphlpapi.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: nsi.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: webio.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdbt source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: ncryptsslp.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: powrprof.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: shell32.pdb\ source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: wsspicli.pdbk source: WerFault.exe, 00000004.00000003.245687051.0000000005232000.00000004.00000040.sdmp |
Source: |
Binary string: wmswsock.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: ole32.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: webio.pdbD source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: msasn1.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000004.00000003.245750481.0000000005230000.00000004.00000040.sdmp |
Source: |
Binary string: fwpuclnt.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: cryptbase.pdb source: WerFault.exe, 00000004.00000003.245750481.0000000005230000.00000004.00000040.sdmp |
Source: |
Binary string: sechost.pdbk source: WerFault.exe, 00000004.00000003.245687051.0000000005232000.00000004.00000040.sdmp |
Source: |
Binary string: cfgmgr32.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000004.00000003.245750481.0000000005230000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: Windows.Storage.pdb source: WerFault.exe, 00000004.00000003.245750481.0000000005230000.00000004.00000040.sdmp |
Source: |
Binary string: ws2_32.pdb> source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: ncrypt.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: dpapi.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: apphelp.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: wuser32.pdb source: WerFault.exe, 00000004.00000003.245714031.0000000005091000.00000004.00000001.sdmp |
Source: |
Binary string: dnsapi.pdbj? source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: rasadhlp.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: combase.pdbh source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: fltLib.pdbz source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: |
Binary string: crypt32.pdb source: WerFault.exe, 00000004.00000003.245759878.0000000005239000.00000004.00000040.sdmp |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0042495F GetVersionExW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,StrStrIW,lstrlenW,lstrlenW,FreeLibrary, |
0_2_0042495F |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: WerFault.exe, 00000004.00000002.257640769.0000000004E90000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.260838180.0000000002520000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW\ |
Source: SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe, 00000000.00000002.260882651.000000000252F000.00000004.00000001.sdmp, WerFault.exe, 00000004.00000002.257609596.0000000004CAF000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW |
Source: WerFault.exe, 00000004.00000002.257640769.0000000004E90000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: WerFault.exe, 00000004.00000002.257640769.0000000004E90000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: WerFault.exe, 00000004.00000002.257640769.0000000004E90000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0042495F GetVersionExW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,StrStrIW,lstrlenW,lstrlenW,FreeLibrary, |
0_2_0042495F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_004402A4 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_004402A4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_004463B5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_004463B5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_00440406 SetUnhandledExceptionFilter, |
0_2_00440406 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_004405C8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_004405C8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: CoInitialize,GetUserDefaultLCID,GetLocaleInfoA,Sleep,GetUserNameA,_strlen,_strlen,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,CreateThread,GetModuleHandleA,FreeLibrary,WaitForSingleObject,GetEnvironmentVariableA,ShellExecuteA,ShellExecuteA,CoUninitialize, |
0_2_0042693B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
0_2_00462121 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: EnumSystemLocalesW, |
0_2_00458367 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: EnumSystemLocalesW, |
0_2_004623C3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: EnumSystemLocalesW, |
0_2_0046240E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: EnumSystemLocalesW, |
0_2_004624A9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00462534 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: GetLocaleInfoW, |
0_2_00462787 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_004628AD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: GetLocaleInfoW, |
0_2_00458994 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: GetLocaleInfoW, |
0_2_004629B3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: _strftime,GetUserDefaultLCID,GetLocaleInfoA,GetUserNameA,GetUserNameA,GetComputerNameA,GetUserNameA,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,EnumDisplayDevicesA,EnumDisplayDevicesA,EnumDisplayDevicesA, |
0_2_00436ACF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00462A82 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0042693B CoInitialize,GetUserDefaultLCID,GetLocaleInfoA,Sleep,GetUserNameA,_strlen,_strlen,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,CreateThread,GetModuleHandleA,FreeLibrary,WaitForSingleObject,GetEnvironmentVariableA,ShellExecuteA,ShellExecuteA,CoUninitialize, |
0_2_0042693B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe |
Code function: 0_2_0042495F GetVersionExW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,StrStrIW,lstrlenW,lstrlenW,FreeLibrary, |
0_2_0042495F |