Source: | Binary string: Microsoft.ReportViewer.ProcessingObjectModel.pdb source: br4Cu3BycW.tmp, 00000006.00000003.313356977.0000000005020000.00000004.00000001.sdmp |
Source: | Binary string: D:\projects\capsa\output\x64_Release\pdb\tsharkdecode.pdb source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp |
Source: | Binary string: C:\lib\source\Programming\pdb\V\qt\YordansDev\SoftwareIdeasMod.pdb source: br4Cu3BycW.tmp, 00000006.00000003.313356977.0000000005020000.00000004.00000001.sdmp, CrystalReports.exe, 00000007.00000002.564667817.000000006E418000.00000002.00020000.sdmp |
Source: | Binary string: C:\SharpShell\Antlr4\2016\brutal\qtbase\pdb\obj\ReportSource\InstallDir.pdb, source: br4Cu3BycW.tmp, 00000006.00000003.313835151.0000000005454000.00000004.00000001.sdmp, CrystalReports.exe, 00000007.00000000.313157363.0000000000818000.00000002.00020000.sdmp |
Source: | Binary string: C:\SharpShell\Antlr4\2016\brutal\qtbase\pdb\obj\ReportSource\InstallDir.pdb source: br4Cu3BycW.tmp, 00000006.00000003.313835151.0000000005454000.00000004.00000001.sdmp, CrystalReports.exe, 00000007.00000000.313157363.0000000000818000.00000002.00020000.sdmp |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_0040AEF4 FindFirstFileW,FindClose, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: 3_2_0060C2B0 FindFirstFileW,GetLastError, |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: 3_2_0040E6A0 FindFirstFileW,FindClose, |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: 3_2_0040E0D4 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: 3_2_006B8DE4 FindFirstFileW,SetFileAttributesW,FindNextFileW,FindClose, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 5_2_0040AEF4 FindFirstFileW,FindClose, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 5_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: 6_2_0060C2B0 FindFirstFileW,GetLastError, |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: 6_2_0040E6A0 FindFirstFileW,FindClose, |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: 6_2_0040E0D4 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: 6_2_006B8DE4 FindFirstFileW,SetFileAttributesW,FindNextFileW,FindClose, |
Source: br4Cu3BycW.tmp, 00000006.00000003.313702473.000000000533D000.00000004.00000001.sdmp | String found in binary or memory: HTTP://WWW.MPEGLA.COM |
Source: br4Cu3BycW.tmp, 00000006.00000003.313702473.000000000533D000.00000004.00000001.sdmp | String found in binary or memory: HTTP://WWW.MPEGLA.COM. |
Source: CrystalReports.exe, 00000007.00000002.562905629.000000000298E000.00000004.00000001.sdmp, CrystalReports.exe, 00000007.00000002.562973809.00000000029C9000.00000004.00000001.sdmp | String found in binary or memory: http://147.135.170.166/ |
Source: CrystalReports.exe, 00000007.00000002.562956056.00000000029BC000.00000004.00000001.sdmp | String found in binary or memory: http://147.135.170.166/public/sqlite3.dll |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://alioth.debian.org/forum/?group_id=31080 |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=104456&repeatmerged=yes |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://bura-bura.com/blog/archives/2005/08/02/how-to-compile-an-application-for-102-or-103-using-xco |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp, CrystalReports.exe, 00000007.00000002.563020434.0000000002DF1000.00000004.00000001.sdmp | String found in binary or memory: http://fsf.org/ |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp | String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp | String found in binary or memory: http://s.symcd.com06 |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://scripts.sil.org/OFL |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://sdlpango.sourceforge.net |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://sourceforge.net/bugs/?func=detailbug&bug_id=131474&group_id=12715) |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://sourceforge.net/tracker/index.php?func=detail&aid=414339&group_id=12715&atid=112715) |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://sourceforge.net/tracker/index.php?func=detail&aid=421508&group_id=12715&atid=112715) |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://sources.redhat.com/pthreads-win32/d& |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp | String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp | String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp | String found in binary or memory: http://sv.symcd.com0& |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://translationproject.org/ |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://translationproject.org/extra/matrix.html |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp | String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp | String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp | String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://tux4kids.alioth.debian.org |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://tux4kids.net/~jdandr2) |
Source: br4Cu3BycW.tmp, 00000006.00000003.313702473.000000000533D000.00000004.00000001.sdmp | String found in binary or memory: http://www.elecard.com |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp | String found in binary or memory: http://www.filehelpers.com |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp | String found in binary or memory: http://www.filehelpers.com0 |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp | String found in binary or memory: http://www.filehelpers.com4 |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp | String found in binary or memory: http://www.filehelpers.comg |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://www.galuzzi.it. |
Source: CrystalReports.exe, 00000007.00000002.563020434.0000000002DF1000.00000004.00000001.sdmp | String found in binary or memory: http://www.gnu.org/licenses/ |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp, CrystalReports.exe, 00000007.00000002.563020434.0000000002DF1000.00000004.00000001.sdmp | String found in binary or memory: http://www.gnu.org/philosophy/why-not-lgpl.html |
Source: br4Cu3BycW.tmp, 00000006.00000003.313702473.000000000533D000.00000004.00000001.sdmp | String found in binary or memory: http://www.iisc.ernet.in |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://www.libsdl.org |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://www.libsdl.org/download-1.2.php |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://www.libsdl.org/projects/SDL_image |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://www.libsdl.org/projects/SDL_image/ |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://www.libsdl.org/projects/SDL_mixer |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://www.libsdl.org/projects/SDL_mixer/ |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://www.libsdl.org/projects/SDL_ttf |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://www.libsdl.org/projects/SDL_ttf/ |
Source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp | String found in binary or memory: http://www.tux4kids.com. |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp | String found in binary or memory: https://d.symcb.com/cps0% |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp | String found in binary or memory: https://d.symcb.com/rpa0 |
Source: br4Cu3BycW.tmp, 00000006.00000003.313906776.00000000054C8000.00000004.00000001.sdmp | String found in binary or memory: https://d.symcb.com/rpa0. |
Source: br4Cu3BycW.exe | String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdline |
Source: br4Cu3BycW.exe, 00000001.00000000.291530207.0000000000401000.00000020.00020000.sdmp, br4Cu3BycW.exe, 00000005.00000002.320866610.0000000000401000.00000020.00020000.sdmp | String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU |
Source: br4Cu3BycW.tmp, br4Cu3BycW.tmp, 00000006.00000002.317730068.0000000000401000.00000020.00020000.sdmp | String found in binary or memory: https://www.innosetup.com/ |
Source: br4Cu3BycW.tmp | String found in binary or memory: https://www.remobjects.com/ps |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: 3_2_0060F6D8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 5_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: 6_2_0060F6D8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004323DC |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004255DC |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_0040E9C4 |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: 3_2_006B786C |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: 3_2_0040C938 |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 5_2_004323DC |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 5_2_004255DC |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 5_2_0040E9C4 |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: 6_2_006B786C |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: 6_2_0040C938 |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: String function: 00427848 appears 42 times |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: String function: 0040CC60 appears 34 times |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: String function: 0040873C appears 36 times |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: String function: 005F5C7C appears 50 times |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: String function: 005F5F60 appears 62 times |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: String function: 005DE888 appears 40 times |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: String function: 0060CD28 appears 31 times |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: String function: 005F5C7C appears 50 times |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: String function: 005F5F60 appears 62 times |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: String function: 005DE888 appears 40 times |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: String function: 006163B4 appears 38 times |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: String function: 00616130 appears 39 times |
Source: br4Cu3BycW.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: br4Cu3BycW.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: br4Cu3BycW.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: br4Cu3BycW.tmp.1.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: br4Cu3BycW.tmp.1.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: br4Cu3BycW.tmp.1.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: br4Cu3BycW.tmp.1.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: br4Cu3BycW.tmp.5.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: br4Cu3BycW.tmp.5.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: br4Cu3BycW.tmp.5.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: br4Cu3BycW.tmp.5.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: is-7MTO8.tmp.6.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: unknown | Process created: C:\Users\user\Desktop\br4Cu3BycW.exe 'C:\Users\user\Desktop\br4Cu3BycW.exe' |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Process created: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp 'C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp' /SL5='$302CC,4283547,831488,C:\Users\user\Desktop\br4Cu3BycW.exe' |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Process created: C:\Users\user\Desktop\br4Cu3BycW.exe 'C:\Users\user\Desktop\br4Cu3BycW.exe' /VERYSILENT |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Process created: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp 'C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp' /SL5='$120262,4283547,831488,C:\Users\user\Desktop\br4Cu3BycW.exe' /VERYSILENT |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Process created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe 'C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe' |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Process created: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp 'C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp' /SL5='$302CC,4283547,831488,C:\Users\user\Desktop\br4Cu3BycW.exe' |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Process created: C:\Users\user\Desktop\br4Cu3BycW.exe 'C:\Users\user\Desktop\br4Cu3BycW.exe' /VERYSILENT |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Process created: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp 'C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp' /SL5='$120262,4283547,831488,C:\Users\user\Desktop\br4Cu3BycW.exe' /VERYSILENT |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Process created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe 'C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe' |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: 3_2_0060F6D8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 5_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: 6_2_0060F6D8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: CrystalReports.exe, 00000007.00000002.562307914.00000000007A7000.00000002.00020000.sdmp | Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: CrystalReports.exe, 00000007.00000002.562307914.00000000007A7000.00000002.00020000.sdmp | Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q); |
Source: CrystalReports.exe, 00000007.00000002.562307914.00000000007A7000.00000002.00020000.sdmp | Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode); |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Source: | Binary string: Microsoft.ReportViewer.ProcessingObjectModel.pdb source: br4Cu3BycW.tmp, 00000006.00000003.313356977.0000000005020000.00000004.00000001.sdmp |
Source: | Binary string: D:\projects\capsa\output\x64_Release\pdb\tsharkdecode.pdb source: br4Cu3BycW.tmp, 00000006.00000003.313634151.00000000052B7000.00000004.00000001.sdmp |
Source: | Binary string: C:\lib\source\Programming\pdb\V\qt\YordansDev\SoftwareIdeasMod.pdb source: br4Cu3BycW.tmp, 00000006.00000003.313356977.0000000005020000.00000004.00000001.sdmp, CrystalReports.exe, 00000007.00000002.564667817.000000006E418000.00000002.00020000.sdmp |
Source: | Binary string: C:\SharpShell\Antlr4\2016\brutal\qtbase\pdb\obj\ReportSource\InstallDir.pdb, source: br4Cu3BycW.tmp, 00000006.00000003.313835151.0000000005454000.00000004.00000001.sdmp, CrystalReports.exe, 00000007.00000000.313157363.0000000000818000.00000002.00020000.sdmp |
Source: | Binary string: C:\SharpShell\Antlr4\2016\brutal\qtbase\pdb\obj\ReportSource\InstallDir.pdb source: br4Cu3BycW.tmp, 00000006.00000003.313835151.0000000005454000.00000004.00000001.sdmp, CrystalReports.exe, 00000007.00000000.313157363.0000000000818000.00000002.00020000.sdmp |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004B5000 push 004B50DEh; ret |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004B5980 push 004B5A48h; ret |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_00458000 push ecx; mov dword ptr [esp], ecx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_0049B03C push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004A00F8 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_00458084 push ecx; mov dword ptr [esp], ecx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004B1084 push 004B10ECh; ret |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004A1094 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_0041A0B4 push ecx; mov dword ptr [esp], ecx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004270BC push 00427104h; ret |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_00458108 push ecx; mov dword ptr [esp], ecx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004321C8 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004A21D8 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_0049E1B8 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_0049A260 push 0049A378h; ret |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_00455268 push ecx; mov dword ptr [esp], ecx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004252D4 push ecx; mov dword ptr [esp], eax |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004592FC push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_0045B284 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_00430358 push ecx; mov dword ptr [esp], eax |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_00430370 push ecx; mov dword ptr [esp], eax |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_00459394 push ecx; mov dword ptr [esp], ecx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004A1428 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_0049B424 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004A24D8 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004224F0 push 004225F4h; ret |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_004304F0 push ecx; mov dword ptr [esp], eax |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_00499490 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_00458564 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_00458574 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_00457574 push ecx; mov dword ptr [esp], ecx |
Source: br4Cu3BycW.exe | Static PE information: section name: .didata |
Source: br4Cu3BycW.tmp.1.dr | Static PE information: section name: .didata |
Source: br4Cu3BycW.tmp.5.dr | Static PE information: section name: .didata |
Source: is-KTI9L.tmp.6.dr | Static PE information: section name: /4 |
Source: is-KTI9L.tmp.6.dr | Static PE information: section name: .xdata |
Source: is-KTI9L.tmp.6.dr | Static PE information: section name: /14 |
Source: is-VO510.tmp.6.dr | Static PE information: section name: .xdata |
Source: is-5P6B9.tmp.6.dr | Static PE information: section name: /4 |
Source: is-5P6B9.tmp.6.dr | Static PE information: section name: .xdata |
Source: is-5P6B9.tmp.6.dr | Static PE information: section name: /14 |
Source: is-33ENG.tmp.6.dr | Static PE information: section name: /4 |
Source: is-33ENG.tmp.6.dr | Static PE information: section name: .xdata |
Source: is-33ENG.tmp.6.dr | Static PE information: section name: /14 |
Source: is-FCT1V.tmp.6.dr | Static PE information: section name: /4 |
Source: is-FCT1V.tmp.6.dr | Static PE information: section name: .xdata |
Source: is-FCT1V.tmp.6.dr | Static PE information: section name: /14 |
Source: is-TECE4.tmp.6.dr | Static PE information: section name: /4 |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Local\Temp\is-627NM.tmp\_isetup\_setup64.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\Microsoft.ReportViewer.ProcessingObjectModel.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\imageformats\qjpeg4.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\imageformats\qgif4.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-1UL10.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-N95UU.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-KTI9L.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libogg-0.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\FileHelpers.DLL (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\imageformats\is-GS64B.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-5P6B9.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Local\Temp\is-D30UI.tmp\_isetup\_setup64.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-L6ITB.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\is-D43R5.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-HRO44.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libtasn1-6.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-7MTO8.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-FCT1V.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\pthreadGC2.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-TECE4.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libssl-40.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\mingwm10.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-MMNOC.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-AFSCM.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-33ENG.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libmongoc-1.0.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libgthread-2.0-0.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libbson-1.0.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-B5IQO.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-5F8P5.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\imageformats\is-0V44S.tmp | Jump to dropped file |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | File created: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\LC.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-OSEV1.tmp | Jump to dropped file |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | File created: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-VO510.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libgmodule-2.0-0.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\tsharkdecode.dll (copy) | |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libgpg-error6-0.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-Q7NRR.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libintl-8.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libnettle-4-6.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | File created: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libffi-6.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: 3_2_005C90B4 IsIconic,GetWindowLongW,GetWindowLongW,GetActiveWindow,MessageBoxW,SetActiveWindow, |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: 3_2_006A68B0 IsIconic,GetWindowLongW,GetWindowLongW,GetActiveWindow,SetActiveWindow, |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: 6_2_005C90B4 IsIconic,GetWindowLongW,GetWindowLongW,GetActiveWindow,MessageBoxW,SetActiveWindow, |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: 6_2_006A68B0 IsIconic,GetWindowLongW,GetWindowLongW,GetActiveWindow,SetActiveWindow, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-627NM.tmp\_isetup\_setup64.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\Microsoft.ReportViewer.ProcessingObjectModel.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\imageformats\qjpeg4.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\imageformats\qgif4.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-1UL10.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-KTI9L.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libogg-0.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-N95UU.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\FileHelpers.DLL (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\imageformats\is-GS64B.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-5P6B9.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-D30UI.tmp\_isetup\_setup64.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-L6ITB.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\is-D43R5.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-HRO44.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libtasn1-6.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\pthreadGC2.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-FCT1V.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-TECE4.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\mingwm10.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-MMNOC.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-AFSCM.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-33ENG.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libmongoc-1.0.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libgthread-2.0-0.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libbson-1.0.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-B5IQO.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-5F8P5.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\imageformats\is-0V44S.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\LC.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-OSEV1.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-VO510.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\tsharkdecode.dll (copy) | |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libgmodule-2.0-0.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libgpg-error6-0.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libintl-8.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-Q7NRR.tmp | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libnettle-4-6.dll (copy) | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Crystal Reports Extra\libffi-6.dll (copy) | Jump to dropped file |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_0040AEF4 FindFirstFileW,FindClose, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 1_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: 3_2_0060C2B0 FindFirstFileW,GetLastError, |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: 3_2_0040E6A0 FindFirstFileW,FindClose, |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: 3_2_0040E0D4 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: 3_2_006B8DE4 FindFirstFileW,SetFileAttributesW,FindNextFileW,FindClose, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 5_2_0040AEF4 FindFirstFileW,FindClose, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: 5_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: 6_2_0060C2B0 FindFirstFileW,GetLastError, |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: 6_2_0040E6A0 FindFirstFileW,FindClose, |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: 6_2_0040E0D4 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: 6_2_006B8DE4 FindFirstFileW,SetFileAttributesW,FindNextFileW,FindClose, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: GetUserDefaultUILanguage,GetLocaleInfoW, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: GetUserDefaultUILanguage,GetLocaleInfoW, |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: GetLocaleInfoW, |
Source: C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp | Code function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: GetUserDefaultUILanguage,GetLocaleInfoW, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\br4Cu3BycW.exe | Code function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: GetUserDefaultUILanguage,GetLocaleInfoW, |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: GetLocaleInfoW, |
Source: C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp | Code function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: CrystalReports.exe, 00000007.00000002.562871890.0000000002890000.00000004.00000001.sdmp | String found in binary or memory: \Electrum\wallets\ |
Source: CrystalReports.exe, 00000007.00000002.562865621.000000000285C000.00000004.00000001.sdmp | String found in binary or memory: ElectronCash |
Source: CrystalReports.exe, 00000007.00000002.562871890.0000000002890000.00000004.00000001.sdmp | String found in binary or memory: \Electrum\wallets\ |
Source: CrystalReports.exe, 00000007.00000002.562871890.0000000002890000.00000004.00000001.sdmp | String found in binary or memory: \jaxx\Local Storage\ |
Source: CrystalReports.exe, 00000007.00000002.562871890.0000000002890000.00000004.00000001.sdmp | String found in binary or memory: window-state.json |
Source: CrystalReports.exe, 00000007.00000002.562871890.0000000002890000.00000004.00000001.sdmp | String found in binary or memory: exodus.conf.json |
Source: CrystalReports.exe, 00000007.00000002.562865621.000000000285C000.00000004.00000001.sdmp | String found in binary or memory: \Exodus\ |
Source: CrystalReports.exe, 00000007.00000002.562865621.000000000285C000.00000004.00000001.sdmp | String found in binary or memory: info.seco |
Source: CrystalReports.exe, 00000007.00000002.562865621.000000000285C000.00000004.00000001.sdmp | String found in binary or memory: passphrase.json |
Source: CrystalReports.exe, 00000007.00000002.562871890.0000000002890000.00000004.00000001.sdmp | String found in binary or memory: \jaxx\Local Storage\ |
Source: CrystalReports.exe, 00000007.00000002.562865621.000000000285C000.00000004.00000001.sdmp | String found in binary or memory: \Exodus\ |
Source: CrystalReports.exe, 00000007.00000002.562865621.000000000285C000.00000004.00000001.sdmp | String found in binary or memory: default_wallet |
Source: CrystalReports.exe, 00000007.00000002.562871890.0000000002890000.00000004.00000001.sdmp | String found in binary or memory: file__0.localstorage |
Source: CrystalReports.exe, 00000007.00000002.562865621.000000000285C000.00000004.00000001.sdmp | String found in binary or memory: \MultiDoge\ |
Source: CrystalReports.exe, 00000007.00000002.562871890.0000000002890000.00000004.00000001.sdmp | String found in binary or memory: \Exodus\exodus.wallet\ |
Source: CrystalReports.exe, 00000007.00000002.562865621.000000000285C000.00000004.00000001.sdmp | String found in binary or memory: seed.seco |
Source: CrystalReports.exe, 00000007.00000002.562871890.0000000002890000.00000004.00000001.sdmp | String found in binary or memory: \Electrum-LTC\wallets\ |