Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00408B20 mmioSeek,mmioDescend,mmioDescend,mmioDescend,mmioSeek,mmioClose,CreateFileA,GetFileSize,SetFilePointer,SetFilePointer,ReadFile,CloseHandle,SetFilePointer,SetFilePointer,ReadFile,SetFilePointer,ClientToScreen,WindowFromPoint,GetActiveWindow,PlaySoundA,_TrackMouseEvent,GetDlgItem,lstrcpyW,GetCurrentDirectoryW,midiInGetNumDevs,midiInGetDevCapsA,midiInOpen,midiInStart,midiInClose,GetDlgItem,BeginPaint,GetClientRect,CreateFontA,SelectObject,DeleteObject,SetBkMode,DrawTextA,EndPaint,VirtualQuery,VirtualQuery,VirtualQuery,GetParent,SendDlgItemMessageA,SHAutoComplete,PostMessageA,_memset,InsertMenuItemA,lstrcpyW,NetUserEnum,lstrcpyA,lstrlenW,ImageList_DragMove,lstrcpyA,PathCompactPathA,lstrcpyA,lstrlenW,lstrcpyA,WideCharToMultiByte,NetApiBufferFree,MulDiv,CreateFontW,GetModuleHandleA,CreateWindowExA,SendMessageA,SendMessageA,GlobalAlloc,ExitProcess,LoadLibraryA,EnableWindow,GlobalAlloc,ExitProcess,DefDlgProcA,FindResourceA,SizeofResource,LoadResource,LockResource,CreateFileA,GetProcAddress,WriteFile,VirtualAlloc,CloseHandle,LoadBitmapA,lstrcatA,LoadLibraryA,GetProcAddress,WSACreateEvent,WSAWaitForMultipleEvents,ShowWindow,EnumChildWindows,ChooseFontA,CreateFontIndirectA,BeginPaint,SelectObject,TextOutA,EndPaint,DefWindowProcA,StartPage,GetTextMetricsW,PostQuitMessage,#17,CreateWindowExA,ImageList_LoadImageA,ImageList_LoadImageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetTextExtentExPointW,ExtTextOutW,_memmove,EndPage,GetLocalTime,GetTimeFormatW,SendMessageW,SendMessageW,SendMessageW,GetDateFormatW,SendMessageW,HideCaret, |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00408B20 |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_0040AC10 |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00407DF0 |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00438147 |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00423130 |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00430308 |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_0043943F |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_004464D0 |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_0043751A |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00447649 |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_004306F0 |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_0042F703 |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00405900 |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00437A6B |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00446AAD |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_0042FB98 |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00445DBF |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_0042FF36 |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00436FC9 |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00432FF6 |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_0045604F |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_0046E069 |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_0046A18D |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_0046A575 |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_0044C530 |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_0046E5BA |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_00456AB1 |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_0046EB0B |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_00454B1E |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_0044AB25 |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_00426E19 |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_00438FBA |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_0046F1E7 |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_00459280 |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_00469588 |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_004157E1 |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_004477E7 |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_00469A1D |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_00429DA3 |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_00469DBB |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_0043FE0C |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_00449EE7 |
Source: C:\Users\user\Desktop\555.exe | Code function: 4_2_0046FFB0 |
Source: 555.exe, 555.exe, 00000004.00000002.294243127.0000000000474000.00000002.00000001.01000000.00000003.sdmp, 555.exe, 00000004.00000000.271412453.0000000000400000.00000004.00000001.01000000.00000003.sdmp | Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence'; |
Source: 555.exe, 555.exe, 00000004.00000002.294243127.0000000000474000.00000002.00000001.01000000.00000003.sdmp, 555.exe, 00000004.00000000.271412453.0000000000400000.00000004.00000001.01000000.00000003.sdmp | Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q); |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp, 555.exe, 00000001.00000002.280000448.00000000047CA000.00000004.00000800.00020000.00000000.sdmp, 555.exe, 00000001.00000002.280450164.00000000048D8000.00000004.00000800.00020000.00000000.sdmp, 555.exe, 00000004.00000002.294243127.0000000000474000.00000002.00000001.01000000.00000003.sdmp, 555.exe, 00000004.00000000.271412453.0000000000400000.00000004.00000001.01000000.00000003.sdmp | Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger'); |
Source: 555.exe, 555.exe, 00000004.00000002.294243127.0000000000474000.00000002.00000001.01000000.00000003.sdmp, 555.exe, 00000004.00000000.271412453.0000000000400000.00000004.00000001.01000000.00000003.sdmp | Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0 |
Source: 555.exe, 555.exe, 00000004.00000002.294243127.0000000000474000.00000002.00000001.01000000.00000003.sdmp, 555.exe, 00000004.00000000.271412453.0000000000400000.00000004.00000001.01000000.00000003.sdmp | Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
Source: 555.exe, 555.exe, 00000004.00000002.294243127.0000000000474000.00000002.00000001.01000000.00000003.sdmp, 555.exe, 00000004.00000000.271412453.0000000000400000.00000004.00000001.01000000.00000003.sdmp | Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s; |
Source: 555.exe, 555.exe, 00000004.00000002.294243127.0000000000474000.00000002.00000001.01000000.00000003.sdmp, 555.exe, 00000004.00000000.271412453.0000000000400000.00000004.00000001.01000000.00000003.sdmp | Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00408B20 mmioSeek,mmioDescend,mmioDescend,mmioDescend,mmioSeek,mmioClose,CreateFileA,GetFileSize,SetFilePointer,SetFilePointer,ReadFile,CloseHandle,SetFilePointer,SetFilePointer,ReadFile,SetFilePointer,ClientToScreen,WindowFromPoint,GetActiveWindow,PlaySoundA,_TrackMouseEvent,GetDlgItem,lstrcpyW,GetCurrentDirectoryW,midiInGetNumDevs,midiInGetDevCapsA,midiInOpen,midiInStart,midiInClose,GetDlgItem,BeginPaint,GetClientRect,CreateFontA,SelectObject,DeleteObject,SetBkMode,DrawTextA,EndPaint,VirtualQuery,VirtualQuery,VirtualQuery,GetParent,SendDlgItemMessageA,SHAutoComplete,PostMessageA,_memset,InsertMenuItemA,lstrcpyW,NetUserEnum,lstrcpyA,lstrlenW,ImageList_DragMove,lstrcpyA,PathCompactPathA,lstrcpyA,lstrlenW,lstrcpyA,WideCharToMultiByte,NetApiBufferFree,MulDiv,CreateFontW,GetModuleHandleA,CreateWindowExA,SendMessageA,SendMessageA,GlobalAlloc,ExitProcess,LoadLibraryA,EnableWindow,GlobalAlloc,ExitProcess,DefDlgProcA,FindResourceA,SizeofResource,LoadResource,LockResource,CreateFileA,GetProcAddress,WriteFile,VirtualAlloc,CloseHandle,LoadBitmapA,lstrcatA,LoadLibraryA,GetProcAddress,WSACreateEvent,WSAWaitForMultipleEvents,ShowWindow,EnumChildWindows,ChooseFontA,CreateFontIndirectA,BeginPaint,SelectObject,TextOutA,EndPaint,DefWindowProcA,StartPage,GetTextMetricsW,PostQuitMessage,#17,CreateWindowExA,ImageList_LoadImageA,ImageList_LoadImageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetTextExtentExPointW,ExtTextOutW,_memmove,EndPage,GetLocalTime,GetTimeFormatW,SendMessageW,SendMessageW,SendMessageW,GetDateFormatW,SendMessageW,HideCaret, |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00408B20 mmioSeek,mmioDescend,mmioDescend,mmioDescend,mmioSeek,mmioClose,CreateFileA,GetFileSize,SetFilePointer,SetFilePointer,ReadFile,CloseHandle,SetFilePointer,SetFilePointer,ReadFile,SetFilePointer,ClientToScreen,WindowFromPoint,GetActiveWindow,PlaySoundA,_TrackMouseEvent,GetDlgItem,lstrcpyW,GetCurrentDirectoryW,midiInGetNumDevs,midiInGetDevCapsA,midiInOpen,midiInStart,midiInClose,GetDlgItem,BeginPaint,GetClientRect,CreateFontA,SelectObject,DeleteObject,SetBkMode,DrawTextA,EndPaint,VirtualQuery,VirtualQuery,VirtualQuery,GetParent,SendDlgItemMessageA,SHAutoComplete,PostMessageA,_memset,InsertMenuItemA,lstrcpyW,NetUserEnum,lstrcpyA,lstrlenW,ImageList_DragMove,lstrcpyA,PathCompactPathA,lstrcpyA,lstrlenW,lstrcpyA,WideCharToMultiByte,NetApiBufferFree,MulDiv,CreateFontW,GetModuleHandleA,CreateWindowExA,SendMessageA,SendMessageA,GlobalAlloc,ExitProcess,LoadLibraryA,EnableWindow,GlobalAlloc,ExitProcess,DefDlgProcA,FindResourceA,SizeofResource,LoadResource,LockResource,CreateFileA,GetProcAddress,WriteFile,VirtualAlloc,CloseHandle,LoadBitmapA,lstrcatA,LoadLibraryA,GetProcAddress,WSACreateEvent,WSAWaitForMultipleEvents,ShowWindow,EnumChildWindows,ChooseFontA,CreateFontIndirectA,BeginPaint,SelectObject,TextOutA,EndPaint,DefWindowProcA,StartPage,GetTextMetricsW,PostQuitMessage,#17,CreateWindowExA,ImageList_LoadImageA,ImageList_LoadImageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetTextExtentExPointW,ExtTextOutW,_memmove,EndPage,GetLocalTime,GetTimeFormatW,SendMessageW,SendMessageW,SendMessageW,GetDateFormatW,SendMessageW,HideCaret, |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00408B20 mmioSeek,mmioDescend,mmioDescend,mmioDescend,mmioSeek,mmioClose,CreateFileA,GetFileSize,SetFilePointer,SetFilePointer,ReadFile,CloseHandle,SetFilePointer,SetFilePointer,ReadFile,SetFilePointer,ClientToScreen,WindowFromPoint,GetActiveWindow,PlaySoundA,_TrackMouseEvent,GetDlgItem,lstrcpyW,GetCurrentDirectoryW,midiInGetNumDevs,midiInGetDevCapsA,midiInOpen,midiInStart,midiInClose,GetDlgItem,BeginPaint,GetClientRect,CreateFontA,SelectObject,DeleteObject,SetBkMode,DrawTextA,EndPaint,VirtualQuery,VirtualQuery,VirtualQuery,GetParent,SendDlgItemMessageA,SHAutoComplete,PostMessageA,_memset,InsertMenuItemA,lstrcpyW,NetUserEnum,lstrcpyA,lstrlenW,ImageList_DragMove,lstrcpyA,PathCompactPathA,lstrcpyA,lstrlenW,lstrcpyA,WideCharToMultiByte,NetApiBufferFree,MulDiv,CreateFontW,GetModuleHandleA,CreateWindowExA,SendMessageA,SendMessageA,GlobalAlloc,ExitProcess,LoadLibraryA,EnableWindow,GlobalAlloc,ExitProcess,DefDlgProcA,FindResourceA,SizeofResource,LoadResource,LockResource,CreateFileA,GetProcAddress,WriteFile,VirtualAlloc,CloseHandle,LoadBitmapA,lstrcatA,LoadLibraryA,GetProcAddress,WSACreateEvent,WSAWaitForMultipleEvents,ShowWindow,EnumChildWindows,ChooseFontA,CreateFontIndirectA,BeginPaint,SelectObject,TextOutA,EndPaint,DefWindowProcA,StartPage,GetTextMetricsW,PostQuitMessage,#17,CreateWindowExA,ImageList_LoadImageA,ImageList_LoadImageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetTextExtentExPointW,ExtTextOutW,_memmove,EndPage,GetLocalTime,GetTimeFormatW,SendMessageW,SendMessageW,SendMessageW,GetDateFormatW,SendMessageW,HideCaret, |
Source: C:\Users\user\Desktop\555.exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, |
Source: C:\Users\user\Desktop\555.exe | Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement, |
Source: C:\Users\user\Desktop\555.exe | Code function: ____lc_handle_func,GetLocaleInfoW, |
Source: C:\Users\user\Desktop\555.exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage, |
Source: C:\Users\user\Desktop\555.exe | Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen, |
Source: C:\Users\user\Desktop\555.exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, |
Source: C:\Users\user\Desktop\555.exe | Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, |
Source: C:\Users\user\Desktop\555.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,__alloca_probe_16,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea, |
Source: C:\Users\user\Desktop\555.exe | Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, |
Source: C:\Users\user\Desktop\555.exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
Source: C:\Users\user\Desktop\555.exe | Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s, |
Source: C:\Users\user\Desktop\555.exe | Code function: GetLocaleInfoA, |
Source: C:\Users\user\Desktop\555.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free, |
Source: C:\Users\user\Desktop\555.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW, |
Source: C:\Users\user\Desktop\555.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free, |
Source: C:\Users\user\Desktop\555.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
Source: C:\Users\user\Desktop\555.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\Users\user\Desktop\555.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free, |
Source: C:\Users\user\Desktop\555.exe | Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement, |
Source: C:\Users\user\Desktop\555.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free, |
Source: C:\Users\user\Desktop\555.exe | Code function: __EH_prolog3,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,_memset,LocalFree, |
Source: C:\Users\user\Desktop\555.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\Users\user\Desktop\555.exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, |
Source: C:\Users\user\Desktop\555.exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage, |
Source: C:\Users\user\Desktop\555.exe | Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen, |
Source: C:\Users\user\Desktop\555.exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, |
Source: C:\Users\user\Desktop\555.exe | Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, |
Source: C:\Users\user\Desktop\555.exe | Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, |
Source: C:\Users\user\Desktop\555.exe | Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s, |
Source: C:\Users\user\Desktop\555.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW, |
Source: C:\Users\user\Desktop\555.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea, |
Source: C:\Users\user\Desktop\555.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
Source: C:\Users\user\Desktop\555.exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
Source: C:\Users\user\Desktop\555.exe | Code function: GetLocaleInfoA, |
Source: C:\Users\user\Desktop\555.exe | Code function: 1_2_00408B20 mmioSeek,mmioDescend,mmioDescend,mmioDescend,mmioSeek,mmioClose,CreateFileA,GetFileSize,SetFilePointer,SetFilePointer,ReadFile,CloseHandle,SetFilePointer,SetFilePointer,ReadFile,SetFilePointer,ClientToScreen,WindowFromPoint,GetActiveWindow,PlaySoundA,_TrackMouseEvent,GetDlgItem,lstrcpyW,GetCurrentDirectoryW,midiInGetNumDevs,midiInGetDevCapsA,midiInOpen,midiInStart,midiInClose,GetDlgItem,BeginPaint,GetClientRect,CreateFontA,SelectObject,DeleteObject,SetBkMode,DrawTextA,EndPaint,VirtualQuery,VirtualQuery,VirtualQuery,GetParent,SendDlgItemMessageA,SHAutoComplete,PostMessageA,_memset,InsertMenuItemA,lstrcpyW,NetUserEnum,lstrcpyA,lstrlenW,ImageList_DragMove,lstrcpyA,PathCompactPathA,lstrcpyA,lstrlenW,lstrcpyA,WideCharToMultiByte,NetApiBufferFree,MulDiv,CreateFontW,GetModuleHandleA,CreateWindowExA,SendMessageA,SendMessageA,GlobalAlloc,ExitProcess,LoadLibraryA,EnableWindow,GlobalAlloc,ExitProcess,DefDlgProcA,FindResourceA,SizeofResource,LoadResource,LockResource,CreateFileA,GetProcAddress,WriteFile,VirtualAlloc,CloseHandle,LoadBitmapA,lstrcatA,LoadLibraryA,GetProcAddress,WSACreateEvent,WSAWaitForMultipleEvents,ShowWindow,EnumChildWindows,ChooseFontA,CreateFontIndirectA,BeginPaint,SelectObject,TextOutA,EndPaint,DefWindowProcA,StartPage,GetTextMetricsW,PostQuitMessage,#17,CreateWindowExA,ImageList_LoadImageA,ImageList_LoadImageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetTextExtentExPointW,ExtTextOutW,_memmove,EndPage,GetLocalTime,GetTimeFormatW,SendMessageW,SendMessageW,SendMessageW,GetDateFormatW,SendMessageW,HideCaret, |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: \Electrum-LTC\wallets\ |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: \ElectronCash\wallets\ |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: \Electrum\wallets\ |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: \jaxx\Local Storage\ |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: window-state.json |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: exodus.conf.json |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: info.seco |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: \Exodus\exodus.wallet\ |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: ElectrumLTC |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: \jaxx\Local Storage\ |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: passphrase.json |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: \Ethereum\ |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: \Exodus\exodus.wallet\ |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: file__0.localstorage |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: default_wallet |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: \Ethereum\ |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: \MultiDoge\ |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: \Exodus\exodus.wallet\ |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: seed.seco |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: keystore |
Source: 555.exe, 00000001.00000002.280513930.0000000004B63000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: \Electrum-LTC\wallets\ |