Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: katC422.tmp, 00000002.00000003.2155967589.00000000008AC000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2275940732.00000000008AA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/ |
Source: katC422.tmp, 00000002.00000002.3345409329.00000000007D6000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.2.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: katC422.tmp, 00000002.00000002.3345409329.00000000007B5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enb |
Source: pDHKarOK2v.exe, 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000000.2096817178.00000000004B4000.00000002.00000001.01000000.00000004.sdmp, katC422.tmp.0.dr |
String found in binary or memory: http://rpi.net.au/~ajohnson/resourcehacker |
Source: katC422.tmp, 00000002.00000003.2140481149.00000000007EE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.microsoft. |
Source: katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352160364.000000002037D000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
String found in binary or memory: http://www.sqlite.org/copyright.html. |
Source: katC422.tmp, 00000002.00000003.2276254993.000000000087A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.1 |
Source: katC422.tmp, 00000002.00000002.3345868978.0000000000817000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.0000000000816000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2297205059.0000000000812000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230716161.0000000000816000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121/ |
Source: katC422.tmp, 00000002.00000002.3345868978.0000000000817000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.0000000000816000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2297205059.0000000000812000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230716161.0000000000816000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121/b |
Source: katC422.tmp, 00000002.00000003.3230716161.00000000007E9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000 |
Source: katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2289095428.000000000087D000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2287681886.000000000087A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/ |
Source: katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/159.121:9000/freebl3.dll |
Source: katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/159.121:9000/msvcp140.dll |
Source: katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/:0 |
Source: katC422.tmp, 00000002.00000003.2286588934.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2288693962.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2289095428.000000000087D000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2287681886.000000000087A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/B7 |
Source: katC422.tmp, 00000002.00000003.2301990990.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346029837.000000000087E000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/D |
Source: katC422.tmp, 00000002.00000003.2286588934.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2288693962.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2289095428.000000000087D000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2287681886.000000000087A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/J0 |
Source: katC422.tmp, 00000002.00000003.2301990990.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2296801499.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2299936389.000000000087D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/L |
Source: katC422.tmp, 00000002.00000003.2301990990.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2296801499.000000000087A000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2299936389.000000000087D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/R |
Source: katC422.tmp, 00000002.00000002.3346029837.000000000087E000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/X |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/c530icrosoft |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/cal |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2301685212.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346448498.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2301685212.00000000009C6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/freebl3.dll |
Source: katC422.tmp, 00000002.00000003.2301685212.00000000009C6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/freebl3.dll)Fqc? |
Source: katC422.tmp, 00000002.00000003.2301685212.00000000009C3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/freebl3.dll)MIb |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/freebl3.dllft |
Source: katC422.tmp, 00000002.00000003.2301685212.00000000009C6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/freebl3.dllmFMc5 |
Source: katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/j00b |
Source: katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/lowedCert_AutoUpdate_1 |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346448498.00000000009C3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/mozglue.dll |
Source: katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/mozglue.dll4 |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/mozglue.dllft |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/mozglue.dllposition: |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346448498.00000000009C3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/msvcp140.dll |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/msvcp140.dllt |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/nss3.dll |
Source: katC422.tmp, 00000002.00000002.3346448498.00000000009D8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/nss3.dllhx |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/nss3.dllosoft |
Source: katC422.tmp, 00000002.00000002.3346448498.00000000009D8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/nss3.dlltx |
Source: katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/r |
Source: katC422.tmp, 00000002.00000003.3230343222.000000000087A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/r0(b |
Source: katC422.tmp, 00000002.00000003.3230716161.000000000080C000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.00000000007E9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/soft |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346448498.00000000009C3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/softokn3.dll |
Source: katC422.tmp, 00000002.00000002.3346448498.00000000009C3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/softokn3.dllZL |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/softokn3.dllt |
Source: katC422.tmp, 00000002.00000003.2288952609.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346448498.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2273930953.00000000009C0000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2287445433.00000000009D8000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2288510535.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2301685212.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2299686257.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3345409329.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2296525829.00000000009D8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/sqlt.dll |
Source: katC422.tmp, 00000002.00000003.3230343222.00000000008D2000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000539000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/vcruntime140.dll |
Source: katC422.tmp, 00000002.00000003.3230343222.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346155752.00000000008AA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/vcruntime140.dlletsC |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000539000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/vcruntime140.dllge |
Source: katC422.tmp, 00000002.00000003.3230343222.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3346155752.00000000008AA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/vcruntime140.dllpet |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000539000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:90000c530oogle |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000el |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000oaming |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000539000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000ocal |
Source: katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000srss.exe |
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: pDHKarOK2v.exe, 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097882429.0000000002BC0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097925927.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000425000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199707802586 |
Source: pDHKarOK2v.exe, 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097882429.0000000002BC0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097925927.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000425000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll |
Source: katC422.tmp, 00000002.00000002.3345409329.000000000076E000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3345409329.00000000007D6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/ |
Source: pDHKarOK2v.exe, 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097882429.0000000002BC0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097925927.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000445000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000425000.00000040.00000400.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2302338504.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3345409329.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2140481149.00000000007EE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/g067n |
Source: pDHKarOK2v.exe, 00000000.00000002.2097682899.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097882429.0000000002BC0000.00000040.00001000.00020000.00000000.sdmp, pDHKarOK2v.exe, 00000000.00000002.2097925927.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3344136913.0000000000425000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/g067nry1neMozilla/5.0 |
Source: katC422.tmp, 00000002.00000003.2140481149.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.3230716161.00000000007E9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://web.telegram.org |
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: katC422.tmp, 00000002.00000003.2287681886.0000000000871000.00000004.00000020.00020000.00000000.sdmp, FCFBFH.2.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: C:\Users\user\Desktop\pDHKarOK2v.exe |
Code function: 0_2_029FC510 |
0_2_029FC510 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20144CF0 |
2_2_20144CF0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201BA0B0 |
2_2_201BA0B0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2013209F |
2_2_2013209F |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201347AF |
2_2_201347AF |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2015A560 |
2_2_2015A560 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2022A590 |
2_2_2022A590 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201466C0 |
2_2_201466C0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2026E800 |
2_2_2026E800 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20133E3B |
2_2_20133E3B |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2013481D |
2_2_2013481D |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2024A900 |
2_2_2024A900 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2022A940 |
2_2_2022A940 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_202169C0 |
2_2_202169C0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2013AA40 |
2_2_2013AA40 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2013EA80 |
2_2_2013EA80 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201319DD |
2_2_201319DD |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2030AEBE |
2_2_2030AEBE |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20176E80 |
2_2_20176E80 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20192EE0 |
2_2_20192EE0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2013F160 |
2_2_2013F160 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2013174E |
2_2_2013174E |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20163370 |
2_2_20163370 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20167810 |
2_2_20167810 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2013251D |
2_2_2013251D |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2015BAB0 |
2_2_2015BAB0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2013290A |
2_2_2013290A |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20258030 |
2_2_20258030 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201B0090 |
2_2_201B0090 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201B8120 |
2_2_201B8120 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20133AB2 |
2_2_20133AB2 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20270480 |
2_2_20270480 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20158680 |
2_2_20158680 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20158763 |
2_2_20158763 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20194760 |
2_2_20194760 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201C8760 |
2_2_201C8760 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2013C800 |
2_2_2013C800 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20131EF1 |
2_2_20131EF1 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20234A60 |
2_2_20234A60 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20158D2A |
2_2_20158D2A |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2016CE10 |
2_2_2016CE10 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20149000 |
2_2_20149000 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20255040 |
2_2_20255040 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2030D209 |
2_2_2030D209 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20133580 |
2_2_20133580 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201C53B0 |
2_2_201C53B0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20299430 |
2_2_20299430 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2013D4C0 |
2_2_2013D4C0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201D9690 |
2_2_201D9690 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201ED6D0 |
2_2_201ED6D0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20131C9E |
2_2_20131C9E |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201E5940 |
2_2_201E5940 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20259A20 |
2_2_20259A20 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20132018 |
2_2_20132018 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20161C50 |
2_2_20161C50 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2013292D |
2_2_2013292D |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20299CC0 |
2_2_20299CC0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201312A8 |
2_2_201312A8 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20132AA9 |
2_2_20132AA9 |
Source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB); |
Source: katC422.tmp, 00000002.00000002.3345409329.000000000076E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT url FROM urls LIMIT 1000O; |
Source: katC422.tmp, katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB); |
Source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx)); |
Source: katC422.tmp, katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check'); |
Source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0; |
Source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q); |
Source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB); |
Source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN); |
Source: katC422.tmp, 00000002.00000003.2296801499.00000000008DF000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2299936389.00000000008DF000.00000004.00000020.00020000.00000000.sdmp, katC422.tmp, 00000002.00000003.2286588934.0000000000862000.00000004.00000020.00020000.00000000.sdmp, AAKEGD.2.dr, AECAEC.2.dr |
Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key)); |
Source: katC422.tmp, katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode); |
Source: katC422.tmp, 00000002.00000002.3351982838.0000000020348000.00000002.00001000.00020000.00000000.sdmp, katC422.tmp, 00000002.00000002.3352553847.000000002BC21000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN); |
Source: C:\Users\user\Desktop\pDHKarOK2v.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pDHKarOK2v.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pDHKarOK2v.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pDHKarOK2v.exe |
Section loaded: olepro32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pDHKarOK2v.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pDHKarOK2v.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: cryptnet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: HIDGCF.2.dr |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552 |
Source: HIDGCF.2.dr |
Binary or memory string: secure.bankofamerica.comVMware20,11696487552|UE |
Source: HIDGCF.2.dr |
Binary or memory string: account.microsoft.com/profileVMware20,11696487552u |
Source: HIDGCF.2.dr |
Binary or memory string: discord.comVMware20,11696487552f |
Source: HIDGCF.2.dr |
Binary or memory string: bankofamerica.comVMware20,11696487552x |
Source: HIDGCF.2.dr |
Binary or memory string: www.interactivebrokers.comVMware20,11696487552} |
Source: HIDGCF.2.dr |
Binary or memory string: ms.portal.azure.comVMware20,11696487552 |
Source: katC422.tmp, 00000002.00000002.3345409329.00000000007D6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: katC422.tmp, 00000002.00000002.3345409329.000000000076E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWh |
Source: HIDGCF.2.dr |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552 |
Source: HIDGCF.2.dr |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552 |
Source: HIDGCF.2.dr |
Binary or memory string: global block list test formVMware20,11696487552 |
Source: HIDGCF.2.dr |
Binary or memory string: tasks.office.comVMware20,11696487552o |
Source: HIDGCF.2.dr |
Binary or memory string: AMC password management pageVMware20,11696487552 |
Source: HIDGCF.2.dr |
Binary or memory string: interactivebrokers.co.inVMware20,11696487552d |
Source: HIDGCF.2.dr |
Binary or memory string: interactivebrokers.comVMware20,11696487552 |
Source: HIDGCF.2.dr |
Binary or memory string: dev.azure.comVMware20,11696487552j |
Source: HIDGCF.2.dr |
Binary or memory string: Interactive Brokers - HKVMware20,11696487552] |
Source: HIDGCF.2.dr |
Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x |
Source: HIDGCF.2.dr |
Binary or memory string: netportal.hdfcbank.comVMware20,11696487552 |
Source: HIDGCF.2.dr |
Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h |
Source: HIDGCF.2.dr |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z |
Source: HIDGCF.2.dr |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~ |
Source: HIDGCF.2.dr |
Binary or memory string: outlook.office365.comVMware20,11696487552t |
Source: HIDGCF.2.dr |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^ |
Source: katC422.tmp, 00000002.00000002.3345409329.000000000076E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: VMwareVMware |
Source: HIDGCF.2.dr |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p |
Source: HIDGCF.2.dr |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n |
Source: HIDGCF.2.dr |
Binary or memory string: outlook.office.comVMware20,11696487552s |
Source: HIDGCF.2.dr |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552 |
Source: HIDGCF.2.dr |
Binary or memory string: turbotax.intuit.comVMware20,11696487552t |
Source: HIDGCF.2.dr |
Binary or memory string: Canara Transaction PasswordVMware20,11696487552x |
Source: HIDGCF.2.dr |
Binary or memory string: Canara Transaction PasswordVMware20,11696487552} |
Source: HIDGCF.2.dr |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2019E090 sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset, |
2_2_2019E090 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201AE170 sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
2_2_201AE170 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2019E200 sqlite3_initialize,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset, |
2_2_2019E200 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201466C0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_bind_value,sqlite3_free,sqlite3_bind_value,sqlite3_step,sqlite3_reset, |
2_2_201466C0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201AA6F0 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value, |
2_2_201AA6F0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2018EF30 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code, |
2_2_2018EF30 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2015B400 sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,sqlite3_reset,sqlite3_step,sqlite3_reset,sqlite3_column_int64, |
2_2_2015B400 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201F3770 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
2_2_201F3770 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_202137E0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
2_2_202137E0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20167810 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset, |
2_2_20167810 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20214140 sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_initialize,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset, |
2_2_20214140 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201A8200 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset, |
2_2_201A8200 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20168430 sqlite3_bind_int64, |
2_2_20168430 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20188550 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset, |
2_2_20188550 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20158680 sqlite3_mprintf,sqlite3_mprintf,sqlite3_initialize,sqlite3_finalize,sqlite3_free,sqlite3_mprintf,sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_int64, |
2_2_20158680 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201806E0 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset, |
2_2_201806E0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20144820 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_initialize, |
2_2_20144820 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20168970 sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob, |
2_2_20168970 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20168CB0 sqlite3_bind_zeroblob, |
2_2_20168CB0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20214D40 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free, |
2_2_20214D40 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20160FB0 sqlite3_result_int64,sqlite3_result_double,sqlite3_result_int,sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset, |
2_2_20160FB0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201C9090 sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_errmsg,sqlite3_mprintf, |
2_2_201C9090 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201D51D0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
2_2_201D51D0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201ED3B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
2_2_201ED3B0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2025D4F0 sqlite3_bind_value,sqlite3_log,sqlite3_log,sqlite3_log, |
2_2_2025D4F0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_202514D0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log, |
2_2_202514D0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201D55B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
2_2_201D55B0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2020D610 sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
2_2_2020D610 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201D5910 sqlite3_mprintf,sqlite3_bind_int64, |
2_2_201D5910 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_2025D9E0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log, |
2_2_2025D9E0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201ADB10 sqlite3_initialize,sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free, |
2_2_201ADB10 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_20145C70 sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset, |
2_2_20145C70 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201ADFC0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_mprintf,sqlite3_bind_text,sqlite3_step,sqlite3_reset, |
2_2_201ADFC0 |
Source: C:\Users\user\AppData\Local\Temp\katC422.tmp |
Code function: 2_2_201B1FE0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
2_2_201B1FE0 |