Source: https://49.13.159.121:9000/vcruntime140.dllh/Q |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/softokn3.dllEdge |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/MW |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/vcruntime140.dllrsaenh.dllE |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/softokn3.dll |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/vcruntime140.dlltQ |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/( |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/freebl3.dll |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000 |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/freebl3.dll7 |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/0 |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/mozglue.dll |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121/ |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/B |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/D |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/KD |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/nss3.dll |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/msvcp140.dll0.15; |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/sqlt.dll |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/vcruntime140.dllets |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/msvcp140.dll |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/nss3.dlloft |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/softokn3.dll2 |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/soft |
Avira URL Cloud: Label: malware |
Source: https://steamcommunity.com/profiles/76561199707802586 |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/ |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/softokn3.dllL |
Avira URL Cloud: Label: malware |
Source: https://t.me/g067n |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/l |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/msvcp140.dll~ |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/msvcp140.dllEdge |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/vcruntime140.dll |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/freebl3.dllAppData |
Avira URL Cloud: Label: malware |
Source: https://49.13.159.121:9000/ss3.dll |
Avira URL Cloud: Label: malware |
Source: 1.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: I8S% |
Source: 1.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: usernameField |
Source: 1.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: a GX Stable |
Source: 1.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: uctName |
Source: 1.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: layVersion |
Source: 1.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: sktop\ |
Source: 1.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: F783D5D3EF8C* |
Source: 1.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: T=@?VDX;W:R1J )M$ |
Source: 1.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: #5EG P%:{ |
Source: 1.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: ystemInfo |
Source: 1.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: 304FDQ8L\h$ |
Source: 1.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: %hu/%hu |
Source: 1.2.RegAsm.exe.400000.0.raw.unpack |
String decryptor: ero\wallet.k9ys |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00462D95 FindFirstFileExW, |
0_2_00462D95 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0046317F FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
0_2_0046317F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_00409FC0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
1_2_00409FC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_00401443 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose, |
1_2_00401443 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0040E016 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
1_2_0040E016 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0040C039 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
1_2_0040C039 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_004164C7 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose, |
1_2_004164C7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0040BC98 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
1_2_0040BC98 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_00416D7D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
1_2_00416D7D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0040D690 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose, |
1_2_0040D690 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0040C6B5 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
1_2_0040C6B5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_004177D3 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
1_2_004177D3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0041738D GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA, |
1_2_0041738D |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 49.13.159.121 |
Source: RegAsm.exe, 00000001.00000002.3367264206.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en |
Source: RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: Amcache.hve.5.dr |
String found in binary or memory: http://upx.sf.net |
Source: RegAsm.exe, 00000001.00000002.3370980408.0000000019EFA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3375092275.000000001FE9D000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.1.dr |
String found in binary or memory: http://www.sqlite.org/copyright.html. |
Source: RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121/ |
Source: RegAsm.exe, 00000001.00000002.3366822659.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3366822659.00000000004A9000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000 |
Source: RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3367264206.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3367482660.0000000001117000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3367456921.00000000010D2000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3366822659.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/ |
Source: RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/( |
Source: RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/0 |
Source: RegAsm.exe, 00000001.00000002.3367456921.00000000010D2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/B |
Source: RegAsm.exe, 00000001.00000002.3367456921.00000000010D2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/D |
Source: RegAsm.exe, 00000001.00000002.3367456921.00000000010D2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/KD |
Source: RegAsm.exe, 00000001.00000002.3367264206.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/MW |
Source: RegAsm.exe, 00000001.00000002.3366822659.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/freebl3.dll |
Source: RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/freebl3.dll7 |
Source: RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/freebl3.dllAppData |
Source: RegAsm.exe, 00000001.00000002.3366822659.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/l |
Source: RegAsm.exe, 00000001.00000002.3367264206.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/mW |
Source: RegAsm.exe, 00000001.00000002.3366822659.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/mozglue.dll |
Source: RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3367456921.00000000010D2000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3366822659.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/msvcp140.dll |
Source: RegAsm.exe, 00000001.00000002.3366822659.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/msvcp140.dll0.15; |
Source: RegAsm.exe, 00000001.00000002.3366822659.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/msvcp140.dllEdge |
Source: RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/msvcp140.dll~ |
Source: RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3366822659.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/nss3.dll |
Source: RegAsm.exe, 00000001.00000002.3366822659.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/nss3.dlloft |
Source: RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/soft |
Source: RegAsm.exe, 00000001.00000002.3367456921.00000000010D2000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3366822659.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/softokn3.dll |
Source: RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/softokn3.dll2 |
Source: RegAsm.exe, 00000001.00000002.3366822659.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/softokn3.dllEdge |
Source: RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/softokn3.dllL |
Source: RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/sqlt.dll |
Source: RegAsm.exe, 00000001.00000002.3367456921.00000000010D2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/ss3.dll |
Source: RegAsm.exe, 00000001.00000002.3366822659.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3367482660.00000000010F7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/vcruntime140.dll |
Source: RegAsm.exe, 00000001.00000002.3367482660.00000000010F7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/vcruntime140.dllets |
Source: RegAsm.exe, 00000001.00000002.3367482660.00000000010F7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/vcruntime140.dllh/Q |
Source: RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/vcruntime140.dllrsaenh.dllE |
Source: RegAsm.exe, 00000001.00000002.3367482660.00000000010F7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000/vcruntime140.dlltQ |
Source: RegAsm.exe, 00000001.00000002.3366822659.00000000004A9000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:900024 |
Source: RegAsm.exe, 00000001.00000002.3366822659.00000000005C8000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000a4f35rosoft |
Source: RegAsm.exe, 00000001.00000002.3366822659.00000000005C8000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000a4f35txtft |
Source: RegAsm.exe, 00000001.00000002.3366822659.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000al |
Source: RegAsm.exe, 00000001.00000002.3366822659.00000000005C8000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000alMicrosoft |
Source: RegAsm.exe, 00000001.00000002.3366822659.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://49.13.159.121:9000ming |
Source: GIIIEC.1.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: GIIIEC.1.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: GIIIEC.1.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: GIIIEC.1.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: GIIIEC.1.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: GIIIEC.1.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: GIIIEC.1.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: file.exe, 00000000.00000002.2136268298.000000000048A000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000001.00000002.3366822659.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199707802586 |
Source: file.exe, 00000000.00000002.2136268298.000000000048A000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, 00000001.00000002.3366822659.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll |
Source: RegAsm.exe, 00000001.00000002.3367264206.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/ |
Source: file.exe, 00000000.00000002.2136268298.000000000048A000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000001.00000002.3366822659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3366822659.0000000000445000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/g067n |
Source: RegAsm.exe, 00000001.00000002.3367264206.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/g067n4G |
Source: RegAsm.exe, 00000001.00000002.3367264206.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/g067nNG |
Source: file.exe, 00000000.00000002.2136268298.000000000048A000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, 00000001.00000002.3366822659.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/g067nry1neMozilla/5.0 |
Source: RegAsm.exe, 00000001.00000002.3367357842.0000000001011000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://web.telegram.org |
Source: GIIIEC.1.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: GIIIEC.1.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0046A00C |
0_2_0046A00C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0043E184 |
0_2_0043E184 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0045C2FF |
0_2_0045C2FF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0043C2A6 |
0_2_0043C2A6 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0043C5EE |
0_2_0043C5EE |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00452595 |
0_2_00452595 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0043E5A5 |
0_2_0043E5A5 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0043C945 |
0_2_0043C945 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0043E9D5 |
0_2_0043E9D5 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0045A9E4 |
0_2_0045A9E4 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0044C98E |
0_2_0044C98E |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0041EC10 |
0_2_0041EC10 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00468CE3 |
0_2_00468CE3 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0043CC8D |
0_2_0043CC8D |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0043D01B |
0_2_0043D01B |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0043D3B8 |
0_2_0043D3B8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0044D461 |
0_2_0044D461 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0044F4E0 |
0_2_0044F4E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00401550 |
0_2_00401550 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0043D746 |
0_2_0043D746 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_003F3770 |
0_2_003F3770 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004778F0 |
0_2_004778F0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0044FA10 |
0_2_0044FA10 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0043DAAB |
0_2_0043DAAB |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0044FE50 |
0_2_0044FE50 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0043DE1F |
0_2_0043DE1F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00423FD4 |
0_2_00423FD4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0041ECEC |
1_2_0041ECEC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0041E919 |
1_2_0041E919 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0041EEC1 |
1_2_0041EEC1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0041F6CF |
1_2_0041F6CF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC64CF0 |
1_2_1FC64CF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC512A8 |
1_2_1FC512A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC52AA9 |
1_2_1FC52AA9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FDB9CC0 |
1_2_1FDB9CC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC5292D |
1_2_1FC5292D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC81C50 |
1_2_1FC81C50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC52018 |
1_2_1FC52018 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD79A20 |
1_2_1FD79A20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD05940 |
1_2_1FD05940 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC51C9E |
1_2_1FC51C9E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD0D6D0 |
1_2_1FD0D6D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCF9690 |
1_2_1FCF9690 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC5D4C0 |
1_2_1FC5D4C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FDB9430 |
1_2_1FDB9430 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC53580 |
1_2_1FC53580 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCE53B0 |
1_2_1FCE53B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FE2D209 |
1_2_1FE2D209 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD75040 |
1_2_1FD75040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC69000 |
1_2_1FC69000 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC8CE10 |
1_2_1FC8CE10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC78D2A |
1_2_1FC78D2A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD54A60 |
1_2_1FD54A60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC5C800 |
1_2_1FC5C800 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC51EF1 |
1_2_1FC51EF1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC78763 |
1_2_1FC78763 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCB4760 |
1_2_1FCB4760 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCE8760 |
1_2_1FCE8760 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC78680 |
1_2_1FC78680 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD90480 |
1_2_1FD90480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC53AB2 |
1_2_1FC53AB2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCD8120 |
1_2_1FCD8120 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCD0090 |
1_2_1FCD0090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD78030 |
1_2_1FD78030 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC5290A |
1_2_1FC5290A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC7BAB0 |
1_2_1FC7BAB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC5251D |
1_2_1FC5251D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC87810 |
1_2_1FC87810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC83370 |
1_2_1FC83370 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC5F160 |
1_2_1FC5F160 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC5174E |
1_2_1FC5174E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCB2EE0 |
1_2_1FCB2EE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC96E80 |
1_2_1FC96E80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FE2AEBE |
1_2_1FE2AEBE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC519DD |
1_2_1FC519DD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC5EA80 |
1_2_1FC5EA80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC5AA40 |
1_2_1FC5AA40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD369C0 |
1_2_1FD369C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD4A940 |
1_2_1FD4A940 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD6A900 |
1_2_1FD6A900 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC5481D |
1_2_1FC5481D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC53E3B |
1_2_1FC53E3B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD8E800 |
1_2_1FD8E800 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC666C0 |
1_2_1FC666C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD4A590 |
1_2_1FD4A590 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC7A560 |
1_2_1FC7A560 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC547AF |
1_2_1FC547AF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC5209F |
1_2_1FC5209F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCDA0B0 |
1_2_1FCDA0B0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 00458C74 appears 33 times |
|
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 0041C798 appears 117 times |
|
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 00446D18 appears 32 times |
|
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 0041D150 appears 67 times |
|
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 0041C7CB appears 76 times |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: String function: 1FC53AF3 appears 37 times |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: String function: 1FE306B1 appears 36 times |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: String function: 1FC51F5A appears 36 times |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: String function: 1FC5395E appears 81 times |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: String function: 00404239 appears 287 times |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: String function: 1FC51C2B appears 47 times |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: String function: 1FC5415B appears 173 times |
|
Source: RegAsm.exe, 00000001.00000002.3374990292.000000001FE68000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3370980408.0000000019EFA000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.1.dr |
Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: RegAsm.exe, 00000001.00000002.3374990292.000000001FE68000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3370980408.0000000019EFA000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.1.dr |
Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB); |
Source: RegAsm.exe, RegAsm.exe, 00000001.00000002.3374990292.000000001FE68000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3370980408.0000000019EFA000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.1.dr |
Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB); |
Source: RegAsm.exe, 00000001.00000002.3374990292.000000001FE68000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3370980408.0000000019EFA000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.1.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx)); |
Source: RegAsm.exe, RegAsm.exe, 00000001.00000002.3374990292.000000001FE68000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3370980408.0000000019EFA000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.1.dr |
Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check'); |
Source: RegAsm.exe, 00000001.00000002.3374990292.000000001FE68000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3370980408.0000000019EFA000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.1.dr |
Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0; |
Source: RegAsm.exe, 00000001.00000002.3374990292.000000001FE68000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3370980408.0000000019EFA000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.1.dr |
Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q); |
Source: RegAsm.exe, 00000001.00000002.3374990292.000000001FE68000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3370980408.0000000019EFA000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.1.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB); |
Source: RegAsm.exe, 00000001.00000002.3374990292.000000001FE68000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3370980408.0000000019EFA000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.1.dr |
Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN); |
Source: CAEHJE.1.dr |
Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key)); |
Source: RegAsm.exe, RegAsm.exe, 00000001.00000002.3374990292.000000001FE68000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3370980408.0000000019EFA000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.1.dr |
Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode); |
Source: RegAsm.exe, 00000001.00000002.3374990292.000000001FE68000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3370980408.0000000019EFA000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.1.dr |
Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN); |
Source: RegAsm.exe, 00000001.00000002.3367264206.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT name, value FROM autofill; |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0041B050 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
1_2_0041B050 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0041B050 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
1_2_0041B050 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00462D95 FindFirstFileExW, |
0_2_00462D95 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0046317F FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
0_2_0046317F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_00409FC0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
1_2_00409FC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_00401443 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose, |
1_2_00401443 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0040E016 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
1_2_0040E016 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0040C039 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
1_2_0040C039 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_004164C7 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose, |
1_2_004164C7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0040BC98 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
1_2_0040BC98 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_00416D7D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
1_2_00416D7D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0040D690 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose, |
1_2_0040D690 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0040C6B5 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
1_2_0040C6B5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_004177D3 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
1_2_004177D3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0041738D GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA, |
1_2_0041738D |
Source: Amcache.hve.5.dr |
Binary or memory string: VMware |
Source: KEGCBK.1.dr |
Binary or memory string: interactivebrokers.co.inVMware20,11696428655d |
Source: KEGCBK.1.dr |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655 |
Source: KEGCBK.1.dr |
Binary or memory string: global block list test formVMware20,11696428655 |
Source: Amcache.hve.5.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: RegAsm.exe, 00000001.00000002.3367264206.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.3367264206.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: KEGCBK.1.dr |
Binary or memory string: account.microsoft.com/profileVMware20,11696428655u |
Source: Amcache.hve.5.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: KEGCBK.1.dr |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p |
Source: Amcache.hve.5.dr |
Binary or memory string: vmci.sys |
Source: KEGCBK.1.dr |
Binary or memory string: AMC password management pageVMware20,11696428655 |
Source: KEGCBK.1.dr |
Binary or memory string: tasks.office.comVMware20,11696428655o |
Source: KEGCBK.1.dr |
Binary or memory string: turbotax.intuit.comVMware20,11696428655t |
Source: KEGCBK.1.dr |
Binary or memory string: interactivebrokers.comVMware20,11696428655 |
Source: KEGCBK.1.dr |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655 |
Source: Amcache.hve.5.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.5.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.5.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.5.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: RegAsm.exe, 00000001.00000002.3367264206.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: VMwareVMware |
Source: KEGCBK.1.dr |
Binary or memory string: Interactive Brokers - HKVMware20,11696428655] |
Source: Amcache.hve.5.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.5.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.5.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.5.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.5.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.5.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: KEGCBK.1.dr |
Binary or memory string: bankofamerica.comVMware20,11696428655x |
Source: KEGCBK.1.dr |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655 |
Source: Amcache.hve.5.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: KEGCBK.1.dr |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655x |
Source: Amcache.hve.5.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.5.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.5.dr |
Binary or memory string: VMware, Inc. |
Source: KEGCBK.1.dr |
Binary or memory string: discord.comVMware20,11696428655f |
Source: Amcache.hve.5.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.5.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.5.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: KEGCBK.1.dr |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655} |
Source: Amcache.hve.5.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: KEGCBK.1.dr |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655 |
Source: KEGCBK.1.dr |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^ |
Source: KEGCBK.1.dr |
Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE |
Source: KEGCBK.1.dr |
Binary or memory string: www.interactivebrokers.comVMware20,11696428655} |
Source: Amcache.hve.5.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: KEGCBK.1.dr |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n |
Source: KEGCBK.1.dr |
Binary or memory string: outlook.office365.comVMware20,11696428655t |
Source: KEGCBK.1.dr |
Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x |
Source: Amcache.hve.5.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: KEGCBK.1.dr |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655 |
Source: KEGCBK.1.dr |
Binary or memory string: outlook.office.comVMware20,11696428655s |
Source: KEGCBK.1.dr |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~ |
Source: KEGCBK.1.dr |
Binary or memory string: ms.portal.azure.comVMware20,11696428655 |
Source: Amcache.hve.5.dr |
Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.5.dr |
Binary or memory string: vmci.syshbin` |
Source: KEGCBK.1.dr |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z |
Source: Amcache.hve.5.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: KEGCBK.1.dr |
Binary or memory string: dev.azure.comVMware20,11696428655j |
Source: Amcache.hve.5.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: KEGCBK.1.dr |
Binary or memory string: netportal.hdfcbank.comVMware20,11696428655 |
Source: Amcache.hve.5.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: KEGCBK.1.dr |
Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0041B050 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
1_2_0041B050 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0045A686 mov eax, dword ptr fs:[00000030h] |
0_2_0045A686 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0045A4DF mov eax, dword ptr fs:[00000030h] |
0_2_0045A4DF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0045A565 mov eax, dword ptr fs:[00000030h] |
0_2_0045A565 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0045A522 mov eax, dword ptr fs:[00000030h] |
0_2_0045A522 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0045A5C0 mov eax, dword ptr fs:[00000030h] |
0_2_0045A5C0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0045A6CA mov eax, dword ptr fs:[00000030h] |
0_2_0045A6CA |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0045A70E mov eax, dword ptr fs:[00000030h] |
0_2_0045A70E |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0045A73F mov eax, dword ptr fs:[00000030h] |
0_2_0045A73F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004557D9 mov ecx, dword ptr fs:[00000030h] |
0_2_004557D9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0041ACF3 mov eax, dword ptr fs:[00000030h] |
1_2_0041ACF3 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004469C1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_004469C1 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0041CEEF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_0041CEEF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0041D07F SetUnhandledExceptionFilter, |
0_2_0041D07F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0041D1B4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_0041D1B4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_00421C0B memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
1_2_00421C0B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_00423DCD SetUnhandledExceptionFilter, |
1_2_00423DCD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_0042224F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
1_2_0042224F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC542AF SetUnhandledExceptionFilter, |
1_2_1FC542AF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC52C8E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
1_2_1FC52C8E |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00458672 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00458803 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoEx,FormatMessageA, |
0_2_003FE9AF |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetACP,IsValidCodePage,GetLocaleInfoW, |
0_2_00466F54 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_0046714F |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_0045912E |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_004671F6 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_0046725F |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_004672FA |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00467385 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_004675D8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_00467701 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_00467807 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoEx, |
0_2_0041B80D |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_004678D6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree, |
1_2_00411D31 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: GetLocaleInfoW, |
1_2_1FC52112 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: GetLocaleInfoW, |
1_2_1FC52112 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: EnumSystemLocalesW, |
1_2_1FE2FF17 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: GetACP,IsValidCodePage,GetLocaleInfoW, |
1_2_1FC5298C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCCDFC0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_mprintf,sqlite3_bind_text,sqlite3_step,sqlite3_reset, |
1_2_1FCCDFC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCD1FE0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
1_2_1FCD1FE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC65C70 sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset, |
1_2_1FC65C70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCCDB10 sqlite3_initialize,sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free, |
1_2_1FCCDB10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD7D9E0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log, |
1_2_1FD7D9E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCF5910 sqlite3_mprintf,sqlite3_bind_int64, |
1_2_1FCF5910 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD2D610 sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
1_2_1FD2D610 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCF55B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
1_2_1FCF55B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD714D0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log, |
1_2_1FD714D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD7D4F0 sqlite3_bind_value,sqlite3_log,sqlite3_log,sqlite3_log, |
1_2_1FD7D4F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD0D3B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
1_2_1FD0D3B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCF51D0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
1_2_1FCF51D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCE9090 sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_errmsg,sqlite3_mprintf, |
1_2_1FCE9090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC80FB0 sqlite3_result_int64,sqlite3_result_double,sqlite3_result_int,sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset, |
1_2_1FC80FB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD34D40 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free, |
1_2_1FD34D40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC88CB0 sqlite3_bind_zeroblob, |
1_2_1FC88CB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC88970 sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob, |
1_2_1FC88970 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC64820 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_initialize, |
1_2_1FC64820 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCA06E0 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset, |
1_2_1FCA06E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC78680 sqlite3_mprintf,sqlite3_mprintf,sqlite3_initialize,sqlite3_finalize,sqlite3_free,sqlite3_mprintf,sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_int64, |
1_2_1FC78680 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCA8550 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset, |
1_2_1FCA8550 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC88430 sqlite3_bind_int64, |
1_2_1FC88430 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCC8200 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset, |
1_2_1FCC8200 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD34140 sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_initialize,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset, |
1_2_1FD34140 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC87810 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset, |
1_2_1FC87810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD337E0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
1_2_1FD337E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FD13770 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
1_2_1FD13770 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC7B400 sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,sqlite3_reset,sqlite3_step,sqlite3_reset,sqlite3_column_int64, |
1_2_1FC7B400 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCAEF30 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code, |
1_2_1FCAEF30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FC666C0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_bind_value,sqlite3_free,sqlite3_bind_value,sqlite3_step,sqlite3_reset, |
1_2_1FC666C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCCA6F0 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value, |
1_2_1FCCA6F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCBE200 sqlite3_initialize,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset, |
1_2_1FCBE200 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCCE170 sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
1_2_1FCCE170 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 1_2_1FCBE090 sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset, |
1_2_1FCBE090 |