Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004062F8 CryptUnprotectData,LocalAlloc,LocalFree, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00410D92 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00406295 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00408331 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,PK11_FreeSlot,lstrcat, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00402484 memset,CryptStringToBinaryA,CryptStringToBinaryA,CryptStringToBinaryA, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C95A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9544C0 PK11_PubEncrypt, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C924420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C954440 PK11_PrivDecrypt, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9A25B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C93E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C95A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C938670 PK11_ExportEncryptedPrivKeyInfo, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C97A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C980180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9543B0 PK11_PubEncryptPKCS1,PR_SetError, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C977C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C97BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C937D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C979EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C953FF0 PK11_PrivDecryptPKCS1, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C953850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C959840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006CF963 FindFirstFileExW, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006CFE47 FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00401162 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004163B3 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004154FA _EH_prolog,wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,memset,lstrcat,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040B4B6 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00409538 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040C6CD _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00415BC6 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00409FC5 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00409953 _EH_prolog,StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040A9D4 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00415F6A _EH_prolog,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA, |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://ocsp.digicert.com0 |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://ocsp.digicert.com0A |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://ocsp.digicert.com0C |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://ocsp.digicert.com0N |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://ocsp.digicert.com0X |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://store.st |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: RegAsm.exe, RegAsm.exe, 00000002.00000002.2178967195.000000006F90D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr | String found in binary or memory: http://www.mozilla.com/en-US/blocklist/ |
Source: RegAsm.exe, 00000002.00000002.2175331068.000000001B68D000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.2.dr | String found in binary or memory: http://www.sqlite.org/copyright.html. |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: 76561199681720597[1].htm.2.dr | String found in binary or memory: https://65.109.242.112 |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://65.109.242.112/# |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://65.109.242.112/freebl3.dll |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://65.109.242.112/freebl3.dllo |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://65.109.242.112/mozglue.dll |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://65.109.242.112/mozglue.dlle |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://65.109.242.112/msvcp140.dll |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://65.109.242.112/nss3.dll |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://65.109.242.112/nss3.dllMsi |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://65.109.242.112/p |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://65.109.242.112/softokn3.dll |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://65.109.242.112/softokn3.dllM |
Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://65.109.242.112/sqlx.dll |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://65.109.242.112/vcruntime140.dll |
Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://65.109.242.112HJJ |
Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://65.109.242.112JDG |
Source: EBAFBG.2.dr | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: 76561199681720597[1].htm.2.dr | String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.dr | String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417. |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.dr | String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta |
Source: EBAFBG.2.dr | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: EBAFBG.2.dr | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: EBAFBG.2.dr | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/ |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=L7WZiiqgcxXO&a |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG& |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=ZQOnBoEs |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=qzBY |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=yXrh2LzpDwct&l=e |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english |
Source: 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6& |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0 |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.dr | String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.dr | String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
Source: EBAFBG.2.dr | String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: EBAFBG.2.dr | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: EBAFBG.2.dr | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://help.steampowered.com/en/ |
Source: GHCGDA.2.dr | String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: https://mozilla.org0/ |
Source: 76561199681720597[1].htm.2.dr | String found in binary or memory: https://steamcommunity.com/ |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: 76561199681720597[1].htm.2.dr | String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199681720597 |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://steamcommunity.com/market/ |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: file.exe, 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2171023727.0000000000F50000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/profiles/76561199681720597 |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://steamcommunity.com/profiles/76561199681720597/badges |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://steamcommunity.com/profiles/76561199681720597/inventory/ |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F50000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/profiles/76561199681720597GL |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F50000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/profiles/76561199681720597eL |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: 76561199681720597[1].htm.2.dr | String found in binary or memory: https://store.steampowered.com/ |
Source: 76561199681720597[1].htm.2.dr | String found in binary or memory: https://store.steampowered.com/about/ |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://store.steampowered.com/explore/ |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://store.steampowered.com/legal/ |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://store.steampowered.com/mobile |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://store.steampowered.com/news/ |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://store.steampowered.com/stats/ |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: AEHIEC.2.dr | String found in binary or memory: https://support.mozilla.org |
Source: AEHIEC.2.dr | String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: AEHIEC.2.dr | String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe |
Source: file.exe, 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://t.me/talmatin |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.dr | String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94 |
Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: EBAFBG.2.dr | String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.dr | String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219 |
Source: EBAFBG.2.dr | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: AEHIEC.2.dr | String found in binary or memory: https://www.mozilla.org |
Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/about/ |
Source: AEHIEC.2.dr | String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2 |
Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/about/ost.exe |
Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/contribute/ |
Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/contribute/WHpWtlueYcBpS.exe |
Source: AEHIEC.2.dr | String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR |
Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/contribute/v4.0.30319 |
Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ |
Source: AEHIEC.2.dr | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe |
Source: AEHIEC.2.dr | String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/ |
Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe |
Source: AEHIEC.2.dr | String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%2 |
Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, 76561199681720597[1].htm.2.dr | String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006B017F |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006941FB |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006CC2C1 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006983D0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006B05BD |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006D477F |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006DC82F |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006B0AE6 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00680D28 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0065CF15 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0065CF15 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00694F90 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006B1022 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0065CF15 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006ADF2A |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006AE344 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006EE400 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0067A408 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_0067A408 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006AE770 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006AEB8A |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006AEFFB |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006AF47F |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006CB6F9 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00697820 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006AF8F0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006BB8A5 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006BB8A5 |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006AFD2E |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00697E90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041C1DA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041E2F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041BC89 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0041CE07 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C89ECC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8FECD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C966C00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C97AC30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8AAC60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C936D90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8A4DB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6CA2CDC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6CA28D20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9CAD50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C96ED70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C926E90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8AAEC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C940EC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C980E20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C93EE70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9E8FB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8AEFB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C97EFF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8A0FE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8A6F10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9E0F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C90EF40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C962F70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C98C8C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9A68E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8F0820 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C92A820 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C974840 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9609B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9309A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C95A9A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9BC9E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8D49F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8F6900 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8D8960 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C91EA80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C94EA00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C958A30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C91CA70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8A8BAC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C940BA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C98EBD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9A6BE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9CA480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C93A4D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8E64D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C92A430 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C904420 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8B8460 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8945B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C92E5F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C96A5E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9E8550 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8F8540 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9A4540 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C940570 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C902560 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8C46D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8FE6E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C93E6E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8FC650 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8CA7D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C920700 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C898090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C97C0B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8B00B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C968010 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C96C000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8EE070 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8A01E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C916130 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C984130 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C908140 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C96E2B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9722A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8BA2B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6CA262C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C96A210 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C978220 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C938250 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C928260 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8D23A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8FE3B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8F43E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C912320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8A8340 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C936370 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9E2370 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8A2370 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9BC360 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C93FC80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9DDCD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C961CE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8B1C30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8A3C40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9C9C40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C893D80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9E9D90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C971DC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C903D00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8C3EC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9ADE10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6CA25E60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9FBE70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8C1F90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9BDFC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6CA23FC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C94BFF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9A3F30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8D5F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C895F30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9F7F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C93F8C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C97F8F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8AD8E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8D38E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9FB8F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8FD810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C973840 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C971990 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8B1980 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9399C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C8D99D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9059F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_6C9379F0 |
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr | Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2); |
Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sqlx[1].dll.2.dr, nss3.dll.2.dr | Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr | Binary or memory string: SELECT ALL * FROM %s LIMIT 0; |
Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sqlx[1].dll.2.dr, nss3.dll.2.dr | Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB); |
Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sqlx[1].dll.2.dr, nss3.dll.2.dr | Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB); |
Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sqlx[1].dll.2.dr, nss3.dll.2.dr | Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx)); |
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr | Binary or memory string: UPDATE %s SET %s WHERE id=$ID; |
Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.2.dr | Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check'); |
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr | Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID; |
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr | Binary or memory string: SELECT ALL id FROM %s WHERE %s; |
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr | Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1); |
Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.2.dr | Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0; |
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr | Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s); |
Source: RegAsm.exe, RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sqlx[1].dll.2.dr, nss3.dll.2.dr | Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q); |
Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sqlx[1].dll.2.dr, nss3.dll.2.dr | Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB); |
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr | Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2); |
Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.2.dr | Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN); |
Source: IIEBAF.2.dr | Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key)); |
Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.2.dr | Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode); |
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr | Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD |
Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.2.dr | Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN); |
Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr | Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1; |
Source: C:\Users\user\Desktop\file.exe | Section loaded: apphelp.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: apphelp.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: aclayers.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mpr.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc_os.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sspicli.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wininet.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rstrtmgr.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ncrypt.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ntasn1.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dbghelp.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: iertutil.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: windows.storage.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wldp.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: profapi.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: kernel.appcore.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: winhttp.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mswsock.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: iphlpapi.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: winnsi.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: urlmon.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: srvcli.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: netutils.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dnsapi.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rasadhlp.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: fwpuclnt.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: schannel.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mskeyprotect.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: msasn1.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dpapi.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: cryptsp.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rsaenh.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: cryptbase.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: gpapi.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ncryptsslp.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wbemcomn.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: amsi.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: userenv.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: version.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: uxtheme.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sxs.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ntmarta.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mozglue.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wsock32.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: vcruntime140.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: msvcp140.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: windowscodecs.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: propsys.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: windows.fileexplorer.common.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ntshrui.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: windows.staterepositoryps.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: onecoreuapcommonproxystub.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: linkinfo.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dlnashext.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wpdshext.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: edputil.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wintypes.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: appresolver.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: bcp47langs.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: slc.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sppc.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: onecorecommonproxystub.dll |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: pcacli.dll |
Source: C:\Windows\SysWOW64\timeout.exe | Section loaded: version.dll |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006CF963 FindFirstFileExW, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_006CFE47 FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00401162 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004163B3 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_004154FA _EH_prolog,wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,memset,lstrcat,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040B4B6 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00409538 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040C6CD _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00415BC6 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00409FC5 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00409953 _EH_prolog,StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_0040A9D4 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Code function: 2_2_00415F6A _EH_prolog,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA, |