Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack |
String decryptor: I8S% |
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack |
String decryptor: usernameField |
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack |
String decryptor: a GX Stable |
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack |
String decryptor: uctName |
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack |
String decryptor: layVersion |
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack |
String decryptor: sktop\ |
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack |
String decryptor: F783D5D3EF8C* |
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack |
String decryptor: T=@?VDX;W:R1J )M$ |
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack |
String decryptor: #5EG P%:{ |
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack |
String decryptor: ystemInfo |
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack |
String decryptor: 304FDQ8L\h$ |
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack |
String decryptor: %hu/%hu |
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack |
String decryptor: ero\wallet.k9ys |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 116.202.180.70 |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06 |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.entrust.net/2048ca.crl0 |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.entrust.net/server1.crl0 |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0 |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0 |
Source: kat2B07.tmp, 00000002.00000003.356734139.0000000000946000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000003.356820905.0000000000948000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000003.356654978.0000000000942000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000003.366603952.0000000000942000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000003.360869270.0000000000944000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.2.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/envx |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0% |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0- |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0/ |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com05 |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.entrust.net03 |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.entrust.net0D |
Source: 82xul16VKj.exe, 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000000.341903981.00000000004B4000.00000002.00000001.01000000.00000004.sdmp, kat2B07.tmp.0.dr |
String found in binary or memory: http://rpi.net.au/~ajohnson/resourcehacker |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://survey-smiles.com/R |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://survey-smiles.com/z |
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.000000000043F000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://tea.arpdabl.org |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://tea.arpdabl.org/) |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://tea.arpdabl.org/v |
Source: kat2B07.tmp, 00000002.00000002.425312567.000000000043F000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://tea.arpdabl.org5432Content-Disposition: |
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://tea.arpdabl.orgHJK |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.digicert.com.my/cps.htm02 |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0 |
Source: kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
String found in binary or memory: http://www.sqlite.org/copyright.html. |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://116.202.180.70/2 |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://116.202.180.70/I |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.00000000005C8000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://116.202.180.70:5432 |
Source: kat2B07.tmp, 00000002.00000003.369794652.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000003.383481823.00000000009C9000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000003.371917226.00000000008ED000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://116.202.180.70:5432/ |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://116.202.180.70:5432/2r |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://116.202.180.70:5432/freebl3.dll |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://116.202.180.70:5432/mozglue.dll |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://116.202.180.70:5432/msvcp140.dll |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://116.202.180.70:5432/nss3.dll |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://116.202.180.70:5432/softokn3.dll% |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://116.202.180.70:5432/softokn3.dllP |
Source: kat2B07.tmp, 00000002.00000003.371917226.00000000008E9000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://116.202.180.70:5432/sqlt.dll |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008F8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://116.202.180.70:5432/vcruntime140.dll |
Source: kat2B07.tmp, 00000002.00000002.425312567.00000000005C8000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://116.202.180.70:5432Content-Disposition: |
Source: BAEBGC.2.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: BAEBGC.2.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: BAEBGC.2.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: BAEBGC.2.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: BAEBGC.2.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: BAEBGC.2.dr |
String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search |
Source: BAEBGC.2.dr |
String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://secure.comodo.com/CPS0 |
Source: 82xul16VKj.exe, 00000000.00000002.342560030.0000000003080000.00000004.00000800.00020000.00000000.sdmp, 82xul16VKj.exe, 00000000.00000002.342253005.00000000002A0000.00000040.00001000.00020000.00000000.sdmp, 82xul16VKj.exe, 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.0000000000425000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199730044335 |
Source: 82xul16VKj.exe, 00000000.00000002.342560030.0000000003080000.00000004.00000800.00020000.00000000.sdmp, 82xul16VKj.exe, 00000000.00000002.342253005.00000000002A0000.00000040.00001000.00020000.00000000.sdmp, 82xul16VKj.exe, 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.0000000000425000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199730044335hellosqlt.dllsqlite3.dll |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/bu77un |
Source: 82xul16VKj.exe, 00000000.00000002.342560030.0000000003080000.00000004.00000800.00020000.00000000.sdmp, 82xul16VKj.exe, 00000000.00000002.342253005.00000000002A0000.00000040.00001000.00020000.00000000.sdmp, 82xul16VKj.exe, 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.0000000000425000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/bu77unguf_hMozilla/5.0 |
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://web.telegram.org |
Source: kat2B07.tmp, 00000002.00000002.425312567.00000000005C8000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: BAEBGC.2.dr |
String found in binary or memory: https://www.google.com/favicon.ico |
Source: BGDGHJ.2.dr |
String found in binary or memory: https://www.google.com/search?q=net |
Source: BGDGHJ.2.dr |
String found in binary or memory: https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&i |
Source: BGDGHJ.2.dr |
String found in binary or memory: https://www.google.com/search?q=wmf |
Source: kat2B07.tmp, 00000002.00000003.383481823.00000000009C9000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425244038.000000000026F000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.00000000005C8000.00000040.00000400.00020000.00000000.sdmp, BGDGHJ.2.dr |
String found in binary or memory: https://www.google.com/sorry/index |
Source: BGDGHJ.2.dr |
String found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26a |
Source: BGDGHJ.2.dr |
String found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmf |
Source: kat2B07.tmp, 00000002.00000003.383481823.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, BGDGHJ.2.dr |
String found in binary or memory: https://www.google.com/sorry/indextest |
Source: C:\Users\user\Desktop\82xul16VKj.exe |
Code function: 0_2_02EEC510 |
0_2_02EEC510 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D744CF0 |
2_2_1D744CF0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D761C50 |
2_2_1D761C50 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D899CC0 |
2_2_1D899CC0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D73292D |
2_2_1D73292D |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7312A8 |
2_2_1D7312A8 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D732AA9 |
2_2_1D732AA9 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7E5940 |
2_2_1D7E5940 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D731C9E |
2_2_1D731C9E |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D859A20 |
2_2_1D859A20 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D732018 |
2_2_1D732018 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D73D4C0 |
2_2_1D73D4C0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D899430 |
2_2_1D899430 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7ED6D0 |
2_2_1D7ED6D0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7D9690 |
2_2_1D7D9690 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D749000 |
2_2_1D749000 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D855040 |
2_2_1D855040 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D733580 |
2_2_1D733580 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7C53B0 |
2_2_1D7C53B0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D90D209 |
2_2_1D90D209 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D758D2A |
2_2_1D758D2A |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D76CE10 |
2_2_1D76CE10 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D73C800 |
2_2_1D73C800 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D731EF1 |
2_2_1D731EF1 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D834A60 |
2_2_1D834A60 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D870480 |
2_2_1D870480 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D758763 |
2_2_1D758763 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D794760 |
2_2_1D794760 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7C8760 |
2_2_1D7C8760 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D758680 |
2_2_1D758680 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7B8120 |
2_2_1D7B8120 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D858030 |
2_2_1D858030 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7B0090 |
2_2_1D7B0090 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D733AB2 |
2_2_1D733AB2 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D73290A |
2_2_1D73290A |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D73251D |
2_2_1D73251D |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D767810 |
2_2_1D767810 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D75BAB0 |
2_2_1D75BAB0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D73F160 |
2_2_1D73F160 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D73174E |
2_2_1D73174E |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D763370 |
2_2_1D763370 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7319DD |
2_2_1D7319DD |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D90AEBE |
2_2_1D90AEBE |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D792EE0 |
2_2_1D792EE0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D776E80 |
2_2_1D776E80 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D8169C0 |
2_2_1D8169C0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D84A900 |
2_2_1D84A900 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D82A940 |
2_2_1D82A940 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D73481D |
2_2_1D73481D |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D86E800 |
2_2_1D86E800 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D733E3B |
2_2_1D733E3B |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D73AA40 |
2_2_1D73AA40 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D73EA80 |
2_2_1D73EA80 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D82A590 |
2_2_1D82A590 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D75A560 |
2_2_1D75A560 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7347AF |
2_2_1D7347AF |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7466C0 |
2_2_1D7466C0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D73209F |
2_2_1D73209F |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7BA0B0 |
2_2_1D7BA0B0 |
Source: C:\Windows\SysWOW64\cmd.exe |
Console Write: ....................T.A..........4Z.............P..............._B.s.....4Z.......4.t...........0.......................X.................A..... |
Jump to behavior |
Source: C:\Windows\SysWOW64\timeout.exe |
Console Write: ..................................W.a.i.t.i.n.g. .f.o.r. .1.0...p........,......................0............................................... |
Jump to behavior |
Source: C:\Windows\SysWOW64\timeout.exe |
Console Write: ................................ .s.e.c.o.n.d.s.,. .p.r.e.s.s. .a. .k.e.y. .t.o. .c.o.n.t.i.n.u.e. .....................J....................... |
Jump to behavior |
Source: C:\Windows\SysWOW64\timeout.exe |
Console Write: .................................... .9.(.P.....................d........-......................e. ........................................s.... |
Jump to behavior |
Source: C:\Windows\SysWOW64\timeout.exe |
Console Write: .................................... .8.(.P.............................q/......................e. ........................................s.... |
Jump to behavior |
Source: C:\Windows\SysWOW64\timeout.exe |
Console Write: .................................... .7.(.P............................../......................e. ........................................s.... |
Jump to behavior |
Source: C:\Windows\SysWOW64\timeout.exe |
Console Write: .................................... .6.(.P..............................0......................e. ........................................s.... |
Jump to behavior |
Source: C:\Windows\SysWOW64\timeout.exe |
Console Write: .................................... .5.(.P..............................0......................e. ........................................s.... |
Jump to behavior |
Source: C:\Windows\SysWOW64\timeout.exe |
Console Write: .................................... .4.(.P..............................1......................e. ........................................s.... |
Jump to behavior |
Source: C:\Windows\SysWOW64\timeout.exe |
Console Write: .................................... .3.(.P..............................2......................e. ........................................s.... |
Jump to behavior |
Source: C:\Windows\SysWOW64\timeout.exe |
Console Write: .................................... .2.(.P.....................,.......-3......................e. ........................................s.... |
Jump to behavior |
Source: C:\Windows\SysWOW64\timeout.exe |
Console Write: .................................... .1.(.P..............................3......................e. ........................................s.... |
Jump to behavior |
Source: C:\Windows\SysWOW64\timeout.exe |
Console Write: .................................... .0.(.P.....................,........3......................e. ........................................s.... |
Jump to behavior |
Source: C:\Windows\SysWOW64\timeout.exe |
Console Write: .................................... .0.(.P..............................5......................e. ........................................s.... |
Jump to behavior |
Source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB); |
Source: kat2B07.tmp, kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB); |
Source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx)); |
Source: kat2B07.tmp, kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check'); |
Source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0; |
Source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q); |
Source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB); |
Source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN); |
Source: kat2B07.tmp, kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode); |
Source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr |
Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN); |
Source: C:\Users\user\Desktop\82xul16VKj.exe |
Section loaded: wow64win.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\82xul16VKj.exe |
Section loaded: wow64cpu.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\82xul16VKj.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\82xul16VKj.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: wow64win.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: wow64cpu.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: bcrypt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: rpcrtremote.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: credssp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: cryptnet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: sensapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: devrtl.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: wbemcomn2.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: ntdsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: cscapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: wow64win.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: wow64cpu.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: winbrand.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\timeout.exe |
Section loaded: wow64win.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\timeout.exe |
Section loaded: wow64cpu.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\timeout.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\82xul16VKj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\82xul16VKj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\82xul16VKj.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: um-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: um-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: um-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: um-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: um-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: um-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: um-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: um-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: um-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: um-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: um-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\Exodus\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\Exodus\backups\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\MultiDoge\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\Binance\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\Ledger Live\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\ |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D745C70 sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset, |
2_2_1D745C70 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7B1FE0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
2_2_1D7B1FE0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7ADFC0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_mprintf,sqlite3_bind_text,sqlite3_step,sqlite3_reset, |
2_2_1D7ADFC0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D85D9E0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log, |
2_2_1D85D9E0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7D5910 sqlite3_mprintf,sqlite3_bind_int64, |
2_2_1D7D5910 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7ADB10 sqlite3_initialize,sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free, |
2_2_1D7ADB10 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7D55B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
2_2_1D7D55B0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D8514D0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log, |
2_2_1D8514D0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D85D4F0 sqlite3_bind_value,sqlite3_log,sqlite3_log,sqlite3_log, |
2_2_1D85D4F0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D80D610 sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
2_2_1D80D610 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7D51D0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
2_2_1D7D51D0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7C9090 sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_errmsg,sqlite3_mprintf, |
2_2_1D7C9090 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7ED3B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
2_2_1D7ED3B0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D814D40 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free, |
2_2_1D814D40 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D768CB0 sqlite3_bind_zeroblob, |
2_2_1D768CB0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D760FB0 sqlite3_result_int64,sqlite3_result_double,sqlite3_result_int,sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset, |
2_2_1D760FB0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D768970 sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob, |
2_2_1D768970 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D744820 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_initialize, |
2_2_1D744820 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D788550 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset, |
2_2_1D788550 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D768430 sqlite3_bind_int64, |
2_2_1D768430 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7806E0 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset, |
2_2_1D7806E0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D758680 sqlite3_mprintf,sqlite3_mprintf,sqlite3_initialize,sqlite3_finalize,sqlite3_free,sqlite3_mprintf,sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_int64, |
2_2_1D758680 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D814140 sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_initialize,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset, |
2_2_1D814140 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7A8200 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset, |
2_2_1D7A8200 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D767810 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset, |
2_2_1D767810 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D75B400 sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,sqlite3_reset,sqlite3_step,sqlite3_reset,sqlite3_column_int64, |
2_2_1D75B400 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7F3770 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
2_2_1D7F3770 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D8137E0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
2_2_1D8137E0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D78EF30 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code, |
2_2_1D78EF30 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7AA6F0 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value, |
2_2_1D7AA6F0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7466C0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_bind_value,sqlite3_free,sqlite3_bind_value,sqlite3_step,sqlite3_reset, |
2_2_1D7466C0 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D7AE170 sqlite3_bind_int64,sqlite3_step,sqlite3_reset, |
2_2_1D7AE170 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D79E090 sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset, |
2_2_1D79E090 |
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp |
Code function: 2_2_1D79E200 sqlite3_initialize,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset, |
2_2_1D79E200 |