Source: https://162.55.53.18:9000/A |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/softokn3.dllEdge |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/B |
Avira URL Cloud: Label: malware |
Source: https://t.me/memve4erin |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/softokn3.dll10.15; |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/freebl3.dllu |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/sqlt.dll |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/46ff6le |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/msvcp140.dll |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/tm |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/softokn3.dll |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/msvcp140.dllEdge |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/vcruntime140.dllUser |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/p |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/MH |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/l |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/freebl3.dllsposition: |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/bW |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/vcruntime140.dlle |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/ |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/sqlt.dllB |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/ZG |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/nss3.dlloft |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/vcruntime140.dll |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/Zm |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/$ |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/freebl3.dll |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/vcruntime140.dllA |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/cG4 |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/vcruntime140.dllppet |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/nss3.dllJ |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000 |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/softokn3.dll2 |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/nss3.dll |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/4 |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18/ |
Avira URL Cloud: Label: malware |
Source: https://steamcommunity.com/profiles/76561199699680841 |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/freebl3.dll~ |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/mozglue.dll |
Avira URL Cloud: Label: malware |
Source: https://162.55.53.18:9000/.53.18:9000/ |
Avira URL Cloud: Label: malware |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FF3EC7 FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
0_2_00FF3EC7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040D1BA _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
3_2_0040D1BA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040A025 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
3_2_0040A025 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00417148 _EH_prolog,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA, |
3_2_00417148 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00401162 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose, |
3_2_00401162 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040A440 _EH_prolog,StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
3_2_0040A440 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040B4C3 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose, |
3_2_0040B4C3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00417591 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
3_2_00417591 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004166D7 _EH_prolog,wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,memset,lstrcat,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose, |
3_2_004166D7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040AAB4 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
3_2_0040AAB4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00416DA3 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
3_2_00416DA3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040BFA5 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
3_2_0040BFA5 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.55.53.18 |
Source: 77EC63BDA74BD0D0E0426DC8F80085060.3.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: RegAsm.exe, 00000003.00000002.2942656368.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabtO |
Source: RegAsm.exe, 00000003.00000002.2942656368.0000000000FD1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enN |
Source: Amcache.hve.6.dr |
String found in binary or memory: http://upx.sf.net |
Source: RegAsm.exe, 00000003.00000002.2949605614.000000001B61D000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2943981511.0000000015676000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.3.dr |
String found in binary or memory: http://www.sqlite.org/copyright.html. |
Source: RegAsm.exe, 00000003.00000002.2942794241.0000000001009000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18/ |
Source: RegAsm.exe, 00000003.00000002.2942656368.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000 |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/ |
Source: RegAsm.exe, 00000003.00000002.2942794241.0000000001009000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/$ |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010BD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/.53.18:9000/ |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/4 |
Source: RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/46ff6le |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010BD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/A |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010BD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/B |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/MH |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/ZG |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/Zm |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/bW |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/cG4 |
Source: RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/freebl3.dll |
Source: RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/freebl3.dllsposition: |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/freebl3.dllu |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/freebl3.dll~ |
Source: RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/l |
Source: RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/mozglue.dll |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/msvcp140.dll |
Source: RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/msvcp140.dllEdge |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010E2000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/nss3.dll |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010E2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/nss3.dllJ |
Source: RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/nss3.dlloft |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/p |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/softokn3.dll |
Source: RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/softokn3.dll10.15; |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010E2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/softokn3.dll2 |
Source: RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/softokn3.dllEdge |
Source: RegAsm.exe, 00000003.00000002.2942073770.0000000000491000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/sqlt.dll |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010E2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/sqlt.dllB |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/tm |
Source: RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/vcruntime140.dll |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010E2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/vcruntime140.dllA |
Source: RegAsm.exe, 00000003.00000002.2942073770.0000000000453000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/vcruntime140.dllUser |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010E2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/vcruntime140.dlle |
Source: RegAsm.exe, 00000003.00000002.2942919191.00000000010E2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000/vcruntime140.dllppet |
Source: RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:90001234567890hrome |
Source: RegAsm.exe, 00000003.00000002.2942073770.0000000000453000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2942073770.00000000004B6000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000646ff6le |
Source: RegAsm.exe, 00000003.00000002.2942073770.0000000000453000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000FID |
Source: RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2942073770.0000000000497000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000al |
Source: RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000ming |
Source: RegAsm.exe, 00000003.00000002.2942073770.00000000004D5000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000nbfoldnt-Disposition: |
Source: RegAsm.exe, 00000003.00000002.2942073770.00000000004D5000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000tacrosoft |
Source: RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://162.55.53.18:9000tel |
Source: BAEHIE.3.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: BAEHIE.3.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: BAEHIE.3.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: BAEHIE.3.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: BAEHIE.3.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: BAEHIE.3.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: BAEHIE.3.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: file.exe, 00000000.00000002.1828525742.000000000100A000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000003.00000002.2942073770.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199699680841 |
Source: RegAsm.exe, 00000003.00000002.2942073770.00000000004D5000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp, GDBFHD.3.dr |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: GDBFHD.3.dr |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
Source: RegAsm.exe, 00000003.00000002.2942073770.00000000004D5000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe |
Source: RegAsm.exe, 00000003.00000002.2942073770.00000000004D5000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2942073770.000000000056E000.00000040.00000400.00020000.00000000.sdmp, GDBFHD.3.dr |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
Source: GDBFHD.3.dr |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
Source: RegAsm.exe, 00000003.00000002.2942073770.00000000004D5000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe |
Source: RegAsm.exe, 00000003.00000002.2942656368.0000000000F7A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/ |
Source: RegAsm.exe, 00000003.00000002.2942656368.0000000000F7A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/m |
Source: file.exe, 00000000.00000002.1828525742.000000000100A000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000003.00000002.2942073770.0000000000453000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2942073770.0000000000400000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2942656368.0000000000FD1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2942656368.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/memve4erin |
Source: RegAsm.exe, 00000003.00000002.2942656368.0000000000FD1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/memve4erin& |
Source: RegAsm.exe, 00000003.00000002.2942073770.0000000000453000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2942656368.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://web.telegram.org |
Source: BAEHIE.3.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: BAEHIE.3.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FD9390 |
0_2_00FD9390 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FD60F0 |
0_2_00FD60F0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FE7842 |
0_2_00FE7842 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FD5810 |
0_2_00FD5810 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FDD1F0 |
0_2_00FDD1F0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FF8124 |
0_2_00FF8124 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FF13BF |
0_2_00FF13BF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FE7B8A |
0_2_00FE7B8A |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FE24D3 |
0_2_00FE24D3 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FED4B9 |
0_2_00FED4B9 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FE4480 |
0_2_00FE4480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0041E008 |
3_2_0041E008 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0041D3DA |
3_2_0041D3DA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0041F4F0 |
3_2_0041F4F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0041CE89 |
3_2_0041CE89 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3E4CF0 |
3_2_1B3E4CF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4F9A20 |
3_2_1B4F9A20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D2018 |
3_2_1B3D2018 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B485940 |
3_2_1B485940 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D1C9E |
3_2_1B3D1C9E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D2AA9 |
3_2_1B3D2AA9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D12A8 |
3_2_1B3D12A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D292D |
3_2_1B3D292D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B539CC0 |
3_2_1B539CC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D3580 |
3_2_1B3D3580 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4653B0 |
3_2_1B4653B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B5AD209 |
3_2_1B5AD209 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4F5040 |
3_2_1B4F5040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3E9000 |
3_2_1B3E9000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B48D6D0 |
3_2_1B48D6D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B479690 |
3_2_1B479690 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B539430 |
3_2_1B539430 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4D4A60 |
3_2_1B4D4A60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D1EF1 |
3_2_1B3D1EF1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3F8D2A |
3_2_1B3F8D2A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D3AB2 |
3_2_1B3D3AB2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B458120 |
3_2_1B458120 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4F8030 |
3_2_1B4F8030 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B450090 |
3_2_1B450090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B434760 |
3_2_1B434760 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B468760 |
3_2_1B468760 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3F8763 |
3_2_1B3F8763 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3F8680 |
3_2_1B3F8680 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B510480 |
3_2_1B510480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3FBAB0 |
3_2_1B3FBAB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D251D |
3_2_1B3D251D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B407810 |
3_2_1B407810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D290A |
3_2_1B3D290A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B403370 |
3_2_1B403370 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D174E |
3_2_1B3D174E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3DF160 |
3_2_1B3DF160 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3DAA40 |
3_2_1B3DAA40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3DEA80 |
3_2_1B3DEA80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4CA940 |
3_2_1B4CA940 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4EA900 |
3_2_1B4EA900 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4B69C0 |
3_2_1B4B69C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D3E3B |
3_2_1B3D3E3B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B50E800 |
3_2_1B50E800 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D481D |
3_2_1B3D481D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B432EE0 |
3_2_1B432EE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B416E80 |
3_2_1B416E80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B5AAEBE |
3_2_1B5AAEBE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D19DD |
3_2_1B3D19DD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D209F |
3_2_1B3D209F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B45A0B0 |
3_2_1B45A0B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3E66C0 |
3_2_1B3E66C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3FA560 |
3_2_1B3FA560 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4CA590 |
3_2_1B4CA590 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D47AF |
3_2_1B3D47AF |
Source: RegAsm.exe, 00000003.00000002.2949428646.000000001B5E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2943981511.0000000015676000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.3.dr |
Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: RegAsm.exe, 00000003.00000002.2949428646.000000001B5E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2943981511.0000000015676000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.3.dr |
Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB); |
Source: RegAsm.exe, RegAsm.exe, 00000003.00000002.2949428646.000000001B5E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2943981511.0000000015676000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.3.dr |
Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB); |
Source: RegAsm.exe, 00000003.00000002.2949428646.000000001B5E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2943981511.0000000015676000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.3.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx)); |
Source: RegAsm.exe, RegAsm.exe, 00000003.00000002.2949428646.000000001B5E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2943981511.0000000015676000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.3.dr |
Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check'); |
Source: RegAsm.exe, 00000003.00000002.2949428646.000000001B5E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2943981511.0000000015676000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.3.dr |
Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0; |
Source: RegAsm.exe, 00000003.00000002.2949428646.000000001B5E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2943981511.0000000015676000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.3.dr |
Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q); |
Source: RegAsm.exe, 00000003.00000002.2949428646.000000001B5E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2943981511.0000000015676000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.3.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB); |
Source: RegAsm.exe, 00000003.00000002.2949428646.000000001B5E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2943981511.0000000015676000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.3.dr |
Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN); |
Source: CBKFBA.3.dr |
Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key)); |
Source: RegAsm.exe, RegAsm.exe, 00000003.00000002.2949428646.000000001B5E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2943981511.0000000015676000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.3.dr |
Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode); |
Source: RegAsm.exe, 00000003.00000002.2949428646.000000001B5E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2943981511.0000000015676000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.3.dr |
Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN); |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptnet.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004189AF GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
3_2_004189AF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004189AF GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
3_2_004189AF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FF3EC7 FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
0_2_00FF3EC7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040D1BA _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
3_2_0040D1BA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040A025 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
3_2_0040A025 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00417148 _EH_prolog,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA, |
3_2_00417148 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00401162 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose, |
3_2_00401162 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040A440 _EH_prolog,StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
3_2_0040A440 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040B4C3 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose, |
3_2_0040B4C3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00417591 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
3_2_00417591 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004166D7 _EH_prolog,wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,memset,lstrcat,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose, |
3_2_004166D7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040AAB4 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
3_2_0040AAB4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_00416DA3 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
3_2_00416DA3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0040BFA5 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
3_2_0040BFA5 |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.6.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.6.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.6.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.6.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: RegAsm.exe, 00000003.00000002.2942656368.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.6.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.6.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: RegAsm.exe, 00000003.00000002.2942656368.0000000000F7A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.6.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.6.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.6.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.6.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.6.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.6.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.6.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.6.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: RegAsm.exe, 00000003.00000002.2943348984.0000000003595000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: VMwareVMware |
Source: Amcache.hve.6.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.6.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.6.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.6.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.6.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_004189AF GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
3_2_004189AF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FE0863 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00FE0863 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FDCA4D IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00FDCA4D |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FDCBDA SetUnhandledExceptionFilter, |
0_2_00FDCBDA |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00FDC746 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00FDC746 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0041A6DF memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
3_2_0041A6DF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0041F798 SetUnhandledExceptionFilter, |
3_2_0041F798 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_0041BC07 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
3_2_0041BC07 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D42AF SetUnhandledExceptionFilter, |
3_2_1B3D42AF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3D2C8E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
3_2_1B3D2C8E |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00FF68D5 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00FF683A |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00FF6960 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_00FEE26B |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_00FF6BB3 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_00FF6CDC |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_00FF6DE2 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00FEDDA0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetACP,IsValidCodePage,GetLocaleInfoW, |
0_2_00FF654D |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00FF6EB1 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00FF67EF |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_00FF6748 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: _EH_prolog,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree, |
3_2_0041098E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: GetLocaleInfoW, |
3_2_1B3D2112 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: GetLocaleInfoW, |
3_2_1B3D2112 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: EnumSystemLocalesW, |
3_2_1B5AFF17 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
3_2_1B5C3300 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
3_2_1B3D3AA3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: EnumSystemLocalesW, |
3_2_1B5C2D38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: EnumSystemLocalesW, |
3_2_1B5C2DF9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: EnumSystemLocalesW, |
3_2_1B5C2CB6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B44DB10 sqlite3_initialize,sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free, |
3_2_1B44DB10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B475910 sqlite3_mprintf,sqlite3_bind_int64, |
3_2_1B475910 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4FD9E0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log, |
3_2_1B4FD9E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B44DFC0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_mprintf,sqlite3_bind_text,sqlite3_step,sqlite3_reset, |
3_2_1B44DFC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B451FE0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
3_2_1B451FE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3E5C70 sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset, |
3_2_1B3E5C70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B48D3B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
3_2_1B48D3B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4751D0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
3_2_1B4751D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B469090 sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_errmsg,sqlite3_mprintf, |
3_2_1B469090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4AD610 sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
3_2_1B4AD610 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4755B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
3_2_1B4755B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4F14D0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log, |
3_2_1B4F14D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4FD4F0 sqlite3_bind_value,sqlite3_log,sqlite3_log,sqlite3_log, |
3_2_1B4FD4F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3E4820 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_initialize, |
3_2_1B3E4820 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B400FB0 sqlite3_result_int64,sqlite3_result_double,sqlite3_result_int,sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset, |
3_2_1B400FB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4B4D40 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,InitOnceBeginInitialize,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free, |
3_2_1B4B4D40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B448200 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset, |
3_2_1B448200 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4206E0 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset, |
3_2_1B4206E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3F8680 sqlite3_mprintf,sqlite3_mprintf,sqlite3_initialize,sqlite3_finalize,sqlite3_free,sqlite3_mprintf,sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_int64, |
3_2_1B3F8680 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B428550 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset, |
3_2_1B428550 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B407810 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset, |
3_2_1B407810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B493770 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
3_2_1B493770 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B4B37E0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
3_2_1B4B37E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3FB400 sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,sqlite3_reset,sqlite3_step,sqlite3_reset,sqlite3_column_int64, |
3_2_1B3FB400 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B42EF30 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code, |
3_2_1B42EF30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B43E200 sqlite3_initialize,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset, |
3_2_1B43E200 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B44E170 sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
3_2_1B44E170 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B43E090 sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset, |
3_2_1B43E090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B44A6F0 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value, |
3_2_1B44A6F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 3_2_1B3E66C0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_bind_value,sqlite3_free,sqlite3_bind_value,sqlite3_step,sqlite3_reset, |
3_2_1B3E66C0 |