| Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00144493 FindFirstFileExW, |
0_2_00144493 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00401162 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose, |
2_2_00401162 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_004162AF _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
2_2_004162AF |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_004153F6 _EH_prolog,wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,memset,lstrcat,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose, |
2_2_004153F6 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040B463 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
2_2_0040B463 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_004094E5 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
2_2_004094E5 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040C679 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
2_2_0040C679 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00415AC2 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
2_2_00415AC2 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00409F72 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
2_2_00409F72 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00409900 _EH_prolog,StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
2_2_00409900 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040A981 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose, |
2_2_0040A981 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00415E66 _EH_prolog,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA, |
2_2_00415E66 |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07 |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://ocsp.digicert.com0 |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://ocsp.digicert.com0A |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://ocsp.digicert.com0C |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://ocsp.digicert.com0N |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://ocsp.digicert.com0X |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: http://www.digicert.com/CPS0 |
| Source: RegAsm.exe, RegAsm.exe, 00000002.00000002.2475578054.000000006CCAD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr |
String found in binary or memory: http://www.mozilla.com/en-US/blocklist/ |
| Source: RegAsm.exe, 00000002.00000002.2472411920.000000001921D000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2468847118.000000001326F000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.2.dr |
String found in binary or memory: http://www.sqlite.org/copyright.html. |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: http://www.valvesoftware.com/legal.htm |
| Source: 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://78.47.123.174 |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://78.47.123.174/ |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://78.47.123.174/freebl3.dll |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://78.47.123.174/mozglue.dll |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://78.47.123.174/msvcp140.dll |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://78.47.123.174/nss3.dll |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://78.47.123.174/softokn3.dll |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000052E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467689392.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://78.47.123.174/sqls.dll |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://78.47.123.174/sqls.dllb |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467689392.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://78.47.123.174/vcruntime140.dll |
| Source: RegAsm.exe, 00000002.00000002.2467141925.0000000000534000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://78.47.123.174; |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://78.47.123.174DBKE |
| Source: RegAsm.exe, 00000002.00000002.2467141925.0000000000572000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://78.47.123.174HCAF |
| Source: HCFIJK.2.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
| Source: 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg |
| Source: RegAsm.exe, 00000002.00000002.2467689392.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, FIEHII.2.dr |
String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189. |
| Source: RegAsm.exe, 00000002.00000002.2467689392.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, FIEHII.2.dr |
String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta |
| Source: HCFIJK.2.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
| Source: HCFIJK.2.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
| Source: HCFIJK.2.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=Hpc3R3GOIT |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh& |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=en |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=7tll |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v= |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=PyuRtGtUpR0t&l=englis |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC& |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&l= |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engli |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=X93cgZRtuH6z&l=engli |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub& |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw& |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe& |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=1rP88j3WZLBx& |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl |
| Source: 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l= |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld& |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67& |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/heade |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0& |
| Source: RegAsm.exe, 00000002.00000002.2467689392.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, FIEHII.2.dr |
String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg |
| Source: RegAsm.exe, 00000002.00000002.2467689392.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, FIEHII.2.dr |
String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
| Source: HCFIJK.2.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
| Source: HCFIJK.2.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
| Source: HCFIJK.2.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://help.steampowered.com/en/ |
| Source: FIEHII.2.dr |
String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: https://mozilla.org0/ |
| Source: 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/ |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/discussions/ |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/login/ho |
| Source: 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199689717899 |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/m |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/market/ |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
| Source: file.exe, 00000000.00000002.2051331641.0000000000157000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.2467689392.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199689717899 |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/profiles/76561199689717899/badges |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/profiles/76561199689717899/inventory/ |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/workshop/ |
| Source: 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/ |
| Source: 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/about/ |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/explore/ |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/legal/ |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/mobile |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/news/ |
| Source: RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/points/shop/ |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/stats/ |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
| Source: IEHCAK.2.dr |
String found in binary or memory: https://support.mozilla.org |
| Source: IEHCAK.2.dr |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
| Source: IEHCAK.2.dr |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt |
| Source: file.exe, 00000000.00000002.2051331641.0000000000157000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.2467141925.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/copterwin |
| Source: RegAsm.exe, 00000002.00000002.2467689392.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, FIEHII.2.dr |
String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3 |
| Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.dr |
String found in binary or memory: https://www.digicert.com/CPS0 |
| Source: HCFIJK.2.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
| Source: HCFIJK.2.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
| Source: IEHCAK.2.dr |
String found in binary or memory: https://www.mozilla.org |
| Source: IEHCAK.2.dr |
String found in binary or memory: https://www.mozilla.org# |
| Source: IEHCAK.2.dr |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle |
| Source: IEHCAK.2.dr |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ |
| Source: IEHCAK.2.dr |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
| Source: RegAsm.exe, 00000002.00000002.2467689392.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, FIEHII.2.dr |
String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_ |
| Source: RegAsm.exe, 00000002.00000002.2467689392.0000000000F37000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2467141925.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.2.dr |
String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
| Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00146AF8 |
0_2_00146AF8 |
| Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00143560 |
0_2_00143560 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0041C07A |
2_2_0041C07A |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0041E190 |
2_2_0041E190 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0041BB29 |
2_2_0041BB29 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0041CCA7 |
2_2_0041CCA7 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC335A0 |
2_2_6CC335A0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC76CF0 |
2_2_6CC76CF0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC46C80 |
2_2_6CC46C80 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCAAC00 |
2_2_6CCAAC00 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC75C10 |
2_2_6CC75C10 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC82C10 |
2_2_6CC82C10 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC70DD0 |
2_2_6CC70DD0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC4FD00 |
2_2_6CC4FD00 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC5ED10 |
2_2_6CC5ED10 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC3BEF0 |
2_2_6CC3BEF0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC4FEF0 |
2_2_6CC4FEF0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC55E90 |
2_2_6CC55E90 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC94EA0 |
2_2_6CC94EA0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC82E4E |
2_2_6CC82E4E |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC59E50 |
2_2_6CC59E50 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC73E50 |
2_2_6CC73E50 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCA6E63 |
2_2_6CCA6E63 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC77E10 |
2_2_6CC77E10 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC99E30 |
2_2_6CC99E30 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC3DFE0 |
2_2_6CC3DFE0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC66FF0 |
2_2_6CC66FF0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC49F00 |
2_2_6CC49F00 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC758E0 |
2_2_6CC758E0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC58850 |
2_2_6CC58850 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC5D850 |
2_2_6CC5D850 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC47810 |
2_2_6CC47810 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC7B820 |
2_2_6CC7B820 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC84820 |
2_2_6CC84820 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC92990 |
2_2_6CC92990 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC3C9A0 |
2_2_6CC3C9A0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC6D9B0 |
2_2_6CC6D9B0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC5A940 |
2_2_6CC5A940 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC4D960 |
2_2_6CC4D960 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC8B970 |
2_2_6CC8B970 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC78AC0 |
2_2_6CC78AC0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC51AF0 |
2_2_6CC51AF0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCABA90 |
2_2_6CCABA90 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC64AA0 |
2_2_6CC64AA0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC4CAB0 |
2_2_6CC4CAB0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCA2AB0 |
2_2_6CCA2AB0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC79A60 |
2_2_6CC79A60 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC464C0 |
2_2_6CC464C0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC5D4D0 |
2_2_6CC5D4D0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC3D4E0 |
2_2_6CC3D4E0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC934A0 |
2_2_6CC934A0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC9C4A0 |
2_2_6CC9C4A0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC45440 |
2_2_6CC45440 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCA545C |
2_2_6CCA545C |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCA542B |
2_2_6CCA542B |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC985F0 |
2_2_6CC985F0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC60512 |
2_2_6CC60512 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCA76E3 |
2_2_6CCA76E3 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC9E680 |
2_2_6CC9E680 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC54640 |
2_2_6CC54640 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC3C670 |
2_2_6CC3C670 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC85600 |
2_2_6CC85600 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC877A0 |
2_2_6CC877A0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC77710 |
2_2_6CC77710 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCA50C7 |
2_2_6CCA50C7 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC5C0E0 |
2_2_6CC5C0E0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC660A0 |
2_2_6CC660A0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC7F070 |
2_2_6CC7F070 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC75190 |
2_2_6CC75190 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCAB170 |
2_2_6CCAB170 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC7E2F0 |
2_2_6CC7E2F0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC322A0 |
2_2_6CC322A0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCA53C8 |
2_2_6CCA53C8 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC3F380 |
2_2_6CC3F380 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC35340 |
2_2_6CC35340 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC4C370 |
2_2_6CC4C370 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CC7D320 |
2_2_6CC7D320 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD3ECD0 |
2_2_6CD3ECD0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCDECC0 |
2_2_6CCDECC0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCEAC60 |
2_2_6CCEAC60 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CDA6C00 |
2_2_6CDA6C00 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CDBAC30 |
2_2_6CDBAC30 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CE6CDC0 |
2_2_6CE6CDC0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD76D90 |
2_2_6CD76D90 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCE4DB0 |
2_2_6CCE4DB0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CDAED70 |
2_2_6CDAED70 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CE0AD50 |
2_2_6CE0AD50 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CE68D20 |
2_2_6CE68D20 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCEAEC0 |
2_2_6CCEAEC0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD80EC0 |
2_2_6CD80EC0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD66E90 |
2_2_6CD66E90 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD7EE70 |
2_2_6CD7EE70 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CDC0E20 |
2_2_6CDC0E20 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CDBEFF0 |
2_2_6CDBEFF0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCE0FE0 |
2_2_6CCE0FE0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CE28FB0 |
2_2_6CE28FB0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCEEFB0 |
2_2_6CCEEFB0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD4EF40 |
2_2_6CD4EF40 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CDA2F70 |
2_2_6CDA2F70 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CE20F20 |
2_2_6CE20F20 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CCE6F10 |
2_2_6CCE6F10 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CDE68E0 |
2_2_6CDE68E0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CDB4840 |
2_2_6CDB4840 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD30820 |
2_2_6CD30820 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD6A820 |
2_2_6CD6A820 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD149F0 |
2_2_6CD149F0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CDFC9E0 |
2_2_6CDFC9E0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CDA09B0 |
2_2_6CDA09B0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD709A0 |
2_2_6CD709A0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD9A9A0 |
2_2_6CD9A9A0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD18960 |
2_2_6CD18960 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD36900 |
2_2_6CD36900 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD5EA80 |
2_2_6CD5EA80 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD5CA70 |
2_2_6CD5CA70 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD8EA00 |
2_2_6CD8EA00 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CD98A30 |
2_2_6CD98A30 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6CDE6BE0 |
2_2_6CDE6BE0 |
| Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr |
Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2); |
| Source: RegAsm.exe, 00000002.00000002.2472331354.00000000191E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2476833209.000000006CE6F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2468847118.000000001326F000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.2.dr, nss3[1].dll.2.dr, nss3.dll.2.dr |
Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
| Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr |
Binary or memory string: SELECT ALL * FROM %s LIMIT 0; |
| Source: RegAsm.exe, 00000002.00000002.2472331354.00000000191E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2476833209.000000006CE6F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2468847118.000000001326F000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.2.dr, nss3[1].dll.2.dr, nss3.dll.2.dr |
Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB); |
| Source: RegAsm.exe, 00000002.00000002.2472331354.00000000191E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2476833209.000000006CE6F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2468847118.000000001326F000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.2.dr, nss3[1].dll.2.dr, nss3.dll.2.dr |
Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB); |
| Source: RegAsm.exe, 00000002.00000002.2472331354.00000000191E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2476833209.000000006CE6F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2468847118.000000001326F000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.2.dr, nss3[1].dll.2.dr, nss3.dll.2.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx)); |
| Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr |
Binary or memory string: UPDATE %s SET %s WHERE id=$ID; |
| Source: RegAsm.exe, 00000002.00000002.2472331354.00000000191E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2468847118.000000001326F000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.2.dr |
Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check'); |
| Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr |
Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID; |
| Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr |
Binary or memory string: SELECT ALL id FROM %s WHERE %s; |
| Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr |
Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1); |
| Source: RegAsm.exe, 00000002.00000002.2472331354.00000000191E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2468847118.000000001326F000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.2.dr |
Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0; |
| Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr |
Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s); |
| Source: RegAsm.exe, RegAsm.exe, 00000002.00000002.2472331354.00000000191E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2476833209.000000006CE6F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2468847118.000000001326F000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.2.dr, nss3[1].dll.2.dr, nss3.dll.2.dr |
Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q); |
| Source: RegAsm.exe, 00000002.00000002.2472331354.00000000191E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2476833209.000000006CE6F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2468847118.000000001326F000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.2.dr, nss3[1].dll.2.dr, nss3.dll.2.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB); |
| Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr |
Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2); |
| Source: RegAsm.exe, 00000002.00000002.2472331354.00000000191E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2468847118.000000001326F000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.2.dr |
Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN); |
| Source: GHJDBA.2.dr, FHDAFI.2.dr |
Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key)); |
| Source: RegAsm.exe, 00000002.00000002.2472331354.00000000191E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2468847118.000000001326F000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.2.dr |
Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode); |
| Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr |
Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD |
| Source: RegAsm.exe, 00000002.00000002.2472331354.00000000191E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2468847118.000000001326F000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.2.dr |
Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN); |
| Source: softokn3[1].dll.2.dr, softokn3.dll.2.dr |
Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1; |
| Source: C:\Users\user\Desktop\file.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: aclayers.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mpr.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wininet.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iertutil.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winhttp.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mswsock.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winnsi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: urlmon.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: srvcli.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: schannel.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dpapi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sxs.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mozglue.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wsock32.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: propsys.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windows.fileexplorer.common.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntshrui.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: linkinfo.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dlnashext.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wpdshext.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: edputil.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: appresolver.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: slc.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sppc.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: pcacli.dll |
Jump to behavior |
| Source: C:\Windows\SysWOW64\timeout.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00144493 FindFirstFileExW, |
0_2_00144493 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00401162 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose, |
2_2_00401162 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_004162AF _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
2_2_004162AF |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_004153F6 _EH_prolog,wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,memset,lstrcat,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose, |
2_2_004153F6 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040B463 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
2_2_0040B463 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_004094E5 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
2_2_004094E5 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040C679 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
2_2_0040C679 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00415AC2 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
2_2_00415AC2 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00409F72 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
2_2_00409F72 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00409900 _EH_prolog,StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
2_2_00409900 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0040A981 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose, |
2_2_0040A981 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_00415E66 _EH_prolog,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA, |
2_2_00415E66 |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet