Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00439DD6 FindFirstFileExW, |
0_2_00439DD6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0040BDAF _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
1_2_0040BDAF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_004011D9 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose, |
1_2_004011D9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_004093C1 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
1_2_004093C1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_004145BC _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
1_2_004145BC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_004097DC _EH_prolog,StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
1_2_004097DC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_00414960 _EH_prolog,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen, |
1_2_00414960 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_00414CC7 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
1_2_00414CC7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_00409E01 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
1_2_00409E01 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_00413F80 _EH_prolog,wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,memset,lstrcat,PathMatchSpecA,wsprintfA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose, |
1_2_00413F80 |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.1.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: RegAsm.exe, 00000001.00000002.3278458435.0000000001246000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enlX |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: Amcache.hve.4.dr |
String found in binary or memory: http://upx.sf.net |
Source: RegAsm.exe, 00000001.00000002.3279637275.00000000163BB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3283775993.000000001C35D000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.1.dr |
String found in binary or memory: http://www.sqlite.org/copyright.html. |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42/ |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42/C |
Source: 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://95.217.245.42:9000 |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.000000000055A000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/ |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001358000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/.245.42:9000/softokn3.dllessionKeyBackward |
Source: RegAsm.exe, 00000001.00000002.3278842283.0000000001405000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/0 |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/B |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/C |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/D |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/T |
Source: RegAsm.exe, 00000001.00000002.3277978801.000000000055A000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/freebl3.dll |
Source: RegAsm.exe, 00000001.00000002.3277978801.000000000055A000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/ing |
Source: RegAsm.exe, 00000001.00000002.3277978801.000000000055A000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/l |
Source: RegAsm.exe, 00000001.00000002.3277978801.000000000055A000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/mozglue.dll |
Source: RegAsm.exe, 00000001.00000002.3278894870.0000000001428000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/mozglue.dll- |
Source: RegAsm.exe, 00000001.00000002.3278894870.0000000001428000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/mozglue.dllT |
Source: RegAsm.exe, 00000001.00000002.3278894870.0000000001428000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.000000000055A000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/msvcp140.dll |
Source: RegAsm.exe, 00000001.00000002.3278894870.0000000001428000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/msvcp140.dll8 |
Source: RegAsm.exe, 00000001.00000002.3277978801.000000000055A000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/msvcp140.dllEdge |
Source: RegAsm.exe, 00000001.00000002.3277978801.000000000055A000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/nss3.dll |
Source: RegAsm.exe, 00000001.00000002.3277978801.000000000055A000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/nss3.dlloft |
Source: RegAsm.exe, 00000001.00000002.3278913269.0000000001432000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3278894870.0000000001428000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.000000000055A000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/softokn3.dll |
Source: RegAsm.exe, 00000001.00000002.3277978801.000000000055A000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/softokn3.dllEdge |
Source: RegAsm.exe, 00000001.00000002.3277978801.0000000000516000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/sqlx.dll |
Source: RegAsm.exe, 00000001.00000002.3277978801.000000000055A000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/vcruntime140.dll |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/vcruntime140.dll1 |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/vcruntime140.dll7 |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/vcruntime140.dllO |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/vcruntime140.dllk |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000/vcruntime140.dllp |
Source: RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:90006e311gle |
Source: RegAsm.exe, 00000001.00000002.3277978801.00000000005F4000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000GH |
Source: RegAsm.exe, 00000001.00000002.3277978801.000000000055A000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000al |
Source: RegAsm.exe, 00000001.00000002.3277978801.000000000055A000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://95.217.245.42:9000ming |
Source: RegAsm.exe, 00000001.00000002.3278842283.000000000141F000.00000004.00000020.00020000.00000000.sdmp, JKECGHCF.1.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg |
Source: RegAsm.exe, 00000001.00000002.3278842283.000000000141F000.00000004.00000020.00020000.00000000.sdmp, JKECGHCF.1.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: RegAsm.exe, 00000001.00000002.3278842283.000000000141F000.00000004.00000020.00020000.00000000.sdmp, JKECGHCF.1.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: RegAsm.exe, 00000001.00000002.3278842283.000000000141F000.00000004.00000020.00020000.00000000.sdmp, JKECGHCF.1.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: RegAsm.exe, 00000001.00000002.3278458435.0000000001264000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai |
Source: RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=tIrWyaxi8ABA&a |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG& |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english |
Source: RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: RegAsm.exe, 00000001.00000002.3278458435.0000000001264000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=roSu8uqw |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=_Vry |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=KyfgrihL0xta&l=e |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english |
Source: 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6& |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0 |
Source: RegAsm.exe, 00000001.00000002.3278842283.000000000141F000.00000004.00000020.00020000.00000000.sdmp, JKECGHCF.1.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: RegAsm.exe, 00000001.00000002.3278842283.000000000141F000.00000004.00000020.00020000.00000000.sdmp, JKECGHCF.1.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: RegAsm.exe, 00000001.00000002.3278842283.000000000141F000.00000004.00000020.00020000.00000000.sdmp, JKECGHCF.1.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://help.steampowered.com/en/ |
Source: 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://steamcommunity.com/ |
Source: RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: RegAsm.exe, 00000001.00000002.3278458435.0000000001246000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/D? |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199680449169 |
Source: RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://steamcommunity.com/market/ |
Source: RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: file.exe, file.exe, 00000000.00000002.2121740390.000000000044D000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000001.00000002.3278458435.0000000001246000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199680449169 |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://steamcommunity.com/profiles/76561199680449169/badges |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://steamcommunity.com/profiles/76561199680449169/inventory/ |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://store.steampowered.com/ |
Source: 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://store.steampowered.com/about/ |
Source: RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://store.steampowered.com/explore/ |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://store.steampowered.com/legal/ |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://store.steampowered.com/mobile |
Source: RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://store.steampowered.com/news/ |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://store.steampowered.com/stats/ |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, file.exe, 00000000.00000002.2121740390.000000000044D000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000001.00000002.3277978801.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/r1g1o |
Source: RegAsm.exe, 00000001.00000002.3278842283.000000000141F000.00000004.00000020.00020000.00000000.sdmp, JKECGHCF.1.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: RegAsm.exe, 00000001.00000002.3278842283.000000000141F000.00000004.00000020.00020000.00000000.sdmp, JKECGHCF.1.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: RegAsm.exe, 00000001.00000002.3278592972.0000000001275000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3277978801.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 76561199680449169[1].htm.1.dr |
String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0046B0A0 |
0_2_0046B0A0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004352E6 |
0_2_004352E6 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0043C43B |
0_2_0043C43B |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004694DB |
0_2_004694DB |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0042F5D0 |
0_2_0042F5D0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0042C5FB |
0_2_0042C5FB |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0042C943 |
0_2_0042C943 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00468A39 |
0_2_00468A39 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00469BB7 |
0_2_00469BB7 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0043DDBF |
0_2_0043DDBF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00468F8A |
0_2_00468F8A |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00433F93 |
0_2_00433F93 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0041A609 |
1_2_0041A609 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0041B787 |
1_2_0041B787 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0041AB5A |
1_2_0041AB5A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0041CC70 |
1_2_0041CC70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C124CF0 |
1_2_1C124CF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C141C50 |
1_2_1C141C50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C11292D |
1_2_1C11292D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C279CC0 |
1_2_1C279CC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1112A8 |
1_2_1C1112A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C112AA9 |
1_2_1C112AA9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C111C9E |
1_2_1C111C9E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1C5940 |
1_2_1C1C5940 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C239A20 |
1_2_1C239A20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C112018 |
1_2_1C112018 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C279430 |
1_2_1C279430 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C11D4C0 |
1_2_1C11D4C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1B9690 |
1_2_1C1B9690 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1CD6D0 |
1_2_1C1CD6D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C129000 |
1_2_1C129000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C235040 |
1_2_1C235040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C2ED209 |
1_2_1C2ED209 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C113580 |
1_2_1C113580 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1A53B0 |
1_2_1C1A53B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C138D2A |
1_2_1C138D2A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C14CE10 |
1_2_1C14CE10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C11C800 |
1_2_1C11C800 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C111EF1 |
1_2_1C111EF1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C214A60 |
1_2_1C214A60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C250480 |
1_2_1C250480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C138680 |
1_2_1C138680 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C138763 |
1_2_1C138763 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C174760 |
1_2_1C174760 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1A8760 |
1_2_1C1A8760 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C238030 |
1_2_1C238030 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C190090 |
1_2_1C190090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C198120 |
1_2_1C198120 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C113AB2 |
1_2_1C113AB2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C11290A |
1_2_1C11290A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C147810 |
1_2_1C147810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C11251D |
1_2_1C11251D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C13BAB0 |
1_2_1C13BAB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C11F160 |
1_2_1C11F160 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C11174E |
1_2_1C11174E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C143370 |
1_2_1C143370 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1119DD |
1_2_1C1119DD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C2EAEBE |
1_2_1C2EAEBE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C156E80 |
1_2_1C156E80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C172EE0 |
1_2_1C172EE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C24E800 |
1_2_1C24E800 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C113E3B |
1_2_1C113E3B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C11481D |
1_2_1C11481D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C22A900 |
1_2_1C22A900 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C20A940 |
1_2_1C20A940 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1F69C0 |
1_2_1C1F69C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C11AA40 |
1_2_1C11AA40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C11EA80 |
1_2_1C11EA80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1147AF |
1_2_1C1147AF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C13A560 |
1_2_1C13A560 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C20A590 |
1_2_1C20A590 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1266C0 |
1_2_1C1266C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C19A0B0 |
1_2_1C19A0B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C11209F |
1_2_1C11209F |
Source: RegAsm.exe, 00000001.00000002.3279637275.00000000163BB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3283625258.000000001C328000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.1.dr |
Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: RegAsm.exe, 00000001.00000002.3279637275.00000000163BB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3283625258.000000001C328000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.1.dr |
Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB); |
Source: RegAsm.exe, RegAsm.exe, 00000001.00000002.3279637275.00000000163BB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3283625258.000000001C328000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.1.dr |
Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB); |
Source: RegAsm.exe, 00000001.00000002.3279637275.00000000163BB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3283625258.000000001C328000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.1.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx)); |
Source: RegAsm.exe, RegAsm.exe, 00000001.00000002.3279637275.00000000163BB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3283625258.000000001C328000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.1.dr |
Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check'); |
Source: RegAsm.exe, 00000001.00000002.3279637275.00000000163BB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3283625258.000000001C328000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.1.dr |
Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0; |
Source: RegAsm.exe, 00000001.00000002.3279637275.00000000163BB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3283625258.000000001C328000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.1.dr |
Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q); |
Source: RegAsm.exe, 00000001.00000002.3279637275.00000000163BB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3283625258.000000001C328000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.1.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB); |
Source: RegAsm.exe, 00000001.00000002.3279637275.00000000163BB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3283625258.000000001C328000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.1.dr |
Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN); |
Source: HDGCFHIDAKECFHIEBFCG.1.dr, IDHIIJJJKEGIDGCBAFIJ.1.dr |
Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key)); |
Source: RegAsm.exe, RegAsm.exe, 00000001.00000002.3279637275.00000000163BB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3283625258.000000001C328000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.1.dr |
Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode); |
Source: RegAsm.exe, 00000001.00000002.3279637275.00000000163BB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3283625258.000000001C328000.00000002.00001000.00020000.00000000.sdmp, sqlx[1].dll.1.dr |
Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN); |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptnet.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00439DD6 FindFirstFileExW, |
0_2_00439DD6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0040BDAF _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
1_2_0040BDAF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_004011D9 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose, |
1_2_004011D9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_004093C1 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
1_2_004093C1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_004145BC _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
1_2_004145BC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_004097DC _EH_prolog,StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
1_2_004097DC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_00414960 _EH_prolog,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen, |
1_2_00414960 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_00414CC7 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
1_2_00414CC7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_00409E01 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
1_2_00409E01 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_00413F80 _EH_prolog,wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,memset,lstrcat,PathMatchSpecA,wsprintfA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose, |
1_2_00413F80 |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware |
Source: KECGHIJD.1.dr |
Binary or memory string: interactivebrokers.co.inVMware20,11696428655d |
Source: KECGHIJD.1.dr |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655 |
Source: RegAsm.exe, 00000001.00000002.3278996019.0000000003815000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: VMwareVMware? |
Source: KECGHIJD.1.dr |
Binary or memory string: global block list test formVMware20,11696428655 |
Source: Amcache.hve.4.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: RegAsm.exe, 00000001.00000002.3278458435.0000000001264000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3278458435.00000000011EA000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: KECGHIJD.1.dr |
Binary or memory string: account.microsoft.com/profileVMware20,11696428655u |
Source: Amcache.hve.4.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: KECGHIJD.1.dr |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.sys |
Source: KECGHIJD.1.dr |
Binary or memory string: AMC password management pageVMware20,11696428655 |
Source: KECGHIJD.1.dr |
Binary or memory string: tasks.office.comVMware20,11696428655o |
Source: KECGHIJD.1.dr |
Binary or memory string: turbotax.intuit.comVMware20,11696428655t |
Source: KECGHIJD.1.dr |
Binary or memory string: interactivebrokers.comVMware20,11696428655 |
Source: KECGHIJD.1.dr |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655 |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.4.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.4.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: RegAsm.exe, 00000001.00000002.3278996019.0000000003815000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: VMwareVMware |
Source: KECGHIJD.1.dr |
Binary or memory string: Interactive Brokers - HKVMware20,11696428655] |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.4.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.4.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: KECGHIJD.1.dr |
Binary or memory string: bankofamerica.comVMware20,11696428655x |
Source: KECGHIJD.1.dr |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655 |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: KECGHIJD.1.dr |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655x |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware, Inc. |
Source: KECGHIJD.1.dr |
Binary or memory string: discord.comVMware20,11696428655f |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.4.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.4.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: KECGHIJD.1.dr |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655} |
Source: Amcache.hve.4.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: KECGHIJD.1.dr |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655 |
Source: KECGHIJD.1.dr |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^ |
Source: KECGHIJD.1.dr |
Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE |
Source: KECGHIJD.1.dr |
Binary or memory string: www.interactivebrokers.comVMware20,11696428655} |
Source: Amcache.hve.4.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: KECGHIJD.1.dr |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n |
Source: KECGHIJD.1.dr |
Binary or memory string: outlook.office365.comVMware20,11696428655t |
Source: KECGHIJD.1.dr |
Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: KECGHIJD.1.dr |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655 |
Source: KECGHIJD.1.dr |
Binary or memory string: outlook.office.comVMware20,11696428655s |
Source: KECGHIJD.1.dr |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~ |
Source: KECGHIJD.1.dr |
Binary or memory string: ms.portal.azure.comVMware20,11696428655 |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.syshbin` |
Source: KECGHIJD.1.dr |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z |
Source: Amcache.hve.4.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: KECGHIJD.1.dr |
Binary or memory string: dev.azure.comVMware20,11696428655j |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: KECGHIJD.1.dr |
Binary or memory string: netportal.hdfcbank.comVMware20,11696428655 |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: KECGHIJD.1.dr |
Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C125C70 sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset, |
1_2_1C125C70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C18DFC0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_mprintf,sqlite3_bind_text,sqlite3_step,sqlite3_reset, |
1_2_1C18DFC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C191FE0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
1_2_1C191FE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1B5910 sqlite3_mprintf,sqlite3_bind_int64, |
1_2_1C1B5910 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C23D9E0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log, |
1_2_1C23D9E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C18DB10 sqlite3_initialize,sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free, |
1_2_1C18DB10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C23D4F0 sqlite3_bind_value,sqlite3_log,sqlite3_log,sqlite3_log, |
1_2_1C23D4F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C2314D0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log, |
1_2_1C2314D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1B55B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
1_2_1C1B55B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1ED610 sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
1_2_1C1ED610 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1A9090 sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_errmsg,sqlite3_mprintf, |
1_2_1C1A9090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1B51D0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
1_2_1C1B51D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1CD3B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
1_2_1C1CD3B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C148CB0 sqlite3_bind_zeroblob, |
1_2_1C148CB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1F4D40 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free, |
1_2_1C1F4D40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C140FB0 sqlite3_result_int64,sqlite3_result_double,sqlite3_result_int,sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset, |
1_2_1C140FB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C124820 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_initialize, |
1_2_1C124820 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C148970 sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob, |
1_2_1C148970 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C148430 sqlite3_bind_int64, |
1_2_1C148430 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C168550 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset, |
1_2_1C168550 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C138680 sqlite3_mprintf,sqlite3_mprintf,sqlite3_initialize,sqlite3_finalize,sqlite3_free,sqlite3_mprintf,sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_int64, |
1_2_1C138680 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1606E0 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset, |
1_2_1C1606E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1F4140 sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_initialize,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset, |
1_2_1C1F4140 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C188200 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset, |
1_2_1C188200 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C147810 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset, |
1_2_1C147810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C13B400 sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,sqlite3_reset,sqlite3_step,sqlite3_reset,sqlite3_column_int64, |
1_2_1C13B400 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1D3770 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
1_2_1C1D3770 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1F37E0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
1_2_1C1F37E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C16EF30 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code, |
1_2_1C16EF30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C1266C0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_bind_value,sqlite3_free,sqlite3_bind_value,sqlite3_step,sqlite3_reset, |
1_2_1C1266C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C18A6F0 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value, |
1_2_1C18A6F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C17E090 sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset, |
1_2_1C17E090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C18E170 sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
1_2_1C18E170 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1C17E200 sqlite3_initialize,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset, |
1_2_1C17E200 |