| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx esi, byte ptr [edx] | 0_2_02214208 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+edx+05CAF138h] | 0_2_0221D2F1 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then push dword ptr [esp+28h] | 0_2_022382C8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then jmp eax | 0_2_0223A2CC |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+eax+32DBB3B0h] | 0_2_02239318 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 0_2_0224A3B8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx edx, byte ptr [esp+eax+2564CAB9h] | 0_2_022503C8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov ecx, eax | 0_2_022323D8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov esi, edx | 0_2_0221A008 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov byte ptr [edi], al | 0_2_02241060 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then cmp dword ptr [ebp+edi*8+00h], 0EF2A4EDh | 0_2_022540A8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov byte ptr [edi], al | 0_2_022400B3 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx ecx, byte ptr [ebx+eax] | 0_2_0222908A |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], 53585096h | 0_2_022270CE |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov ecx, eax | 0_2_0223C0D8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then jmp eax | 0_2_0223A134 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx eax, byte ptr [esp+edx+0Eh] | 0_2_0221C1D8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov word ptr [edi], cx | 0_2_02238638 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx eax, byte ptr [esp+edi+06h] | 0_2_0223666A |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then cmp dword ptr [edi+esi*8], 01FCE602h | 0_2_022506D8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], 53585096h | 0_2_0221F73A |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov word ptr [ebx], cx | 0_2_0222C71E |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov word ptr [esi], cx | 0_2_0222C71E |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov byte ptr [edi], al | 0_2_0221A778 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movsx eax, byte ptr [esi+ecx] | 0_2_0222F778 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then push 00000000h | 0_2_0221E40C |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], 53585096h | 0_2_022274ED |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx ebx, byte ptr [eax+edx] | 0_2_0222F508 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then add ebp, edi | 0_2_0221A598 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov byte ptr [edx], cl | 0_2_0223F5F8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx ebx, byte ptr [esp+esi+63115D0Dh] | 0_2_02236A94 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then lea eax, dword ptr [eax+eax*4] | 0_2_02219B68 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then push eax | 0_2_02251BD8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov word ptr [eax], cx | 0_2_02235866 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov byte ptr [edi], al | 0_2_0223F877 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], 13884179h | 0_2_0221F8B2 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov byte ptr [ebx], cl | 0_2_0223F8CA |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov byte ptr [ebx], cl | 0_2_0223F8CA |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov edx, ecx | 0_2_0221AE68 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx ebx, byte ptr [edi+edx+03D49333h] | 0_2_02239E83 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx ecx, byte ptr [edi+eax] | 0_2_0223FE8A |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov dword ptr [esi+04h], eax | 0_2_02227EC5 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx edx, byte ptr [esp+ecx+1Ch] | 0_2_02238EC8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx ecx, byte ptr [edx+eax] | 0_2_02226F11 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then cmp word ptr [eax+ebx+02h], 0000h | 0_2_0223AFE8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+eax+48h] | 0_2_02230FD8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx edi, byte ptr [esp+eax-000000DEh] | 0_2_02230FD8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov byte ptr [edi], al | 0_2_0223ECE8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then mov ebx, dword ptr [edi+04h] | 0_2_0223CCF8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h] | 0_2_02218CC8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then movzx ecx, word ptr [edi+esi*4] | 0_2_02218CC8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then lea eax, dword ptr [esp+50h] | 0_2_02238C74 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7E3E42A0h | 0_2_0224DCD8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then push esi | 0_2_0224DCD8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 53585096h | 0_2_02225CF8 |
| Source: XhlpAnBmIk.exe | String found in binary or memory: http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w |
| Source: XhlpAnBmIk.exe | String found in binary or memory: http://cevcsca2021.ocsp-certum.com07 |
| Source: XhlpAnBmIk.exe | String found in binary or memory: http://crl.certum.pl/ctnca.crl0k |
| Source: XhlpAnBmIk.exe | String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l |
| Source: XhlpAnBmIk.exe | String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o |
| Source: XhlpAnBmIk.exe | String found in binary or memory: http://repository.certum.pl/cevcsca2021.cer0 |
| Source: XhlpAnBmIk.exe | String found in binary or memory: http://repository.certum.pl/ctnca.cer09 |
| Source: XhlpAnBmIk.exe | String found in binary or memory: http://repository.certum.pl/ctnca2.cer09 |
| Source: XhlpAnBmIk.exe | String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0A |
| Source: XhlpAnBmIk.exe, XhlpAnBmIk.exe, 00000000.00000003.2337249348.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000002.2340621909.0000000000614000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000002.2340642872.0000000000627000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000002.2340351298.0000000000592000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337424519.0000000000613000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337379417.00000000005DE000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.000000000059C000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000002.2340642872.0000000000627000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000616000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.000000000059C000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000002.2340642872.0000000000627000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000616000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
| Source: XhlpAnBmIk.exe | String found in binary or memory: http://subca.ocsp-certum.com01 |
| Source: XhlpAnBmIk.exe | String found in binary or memory: http://subca.ocsp-certum.com02 |
| Source: XhlpAnBmIk.exe | String found in binary or memory: http://subca.ocsp-certum.com05 |
| Source: XhlpAnBmIk.exe | String found in binary or memory: http://www.certum.pl/CPS0 |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.valvesoftware.com/legal.htm |
| Source: XhlpAnBmIk.exe, XhlpAnBmIk.exe, 00000000.00000003.2337249348.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000002.2340533160.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339902073.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000002.2340351298.000000000056E000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337249348.00000000005B7000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337379417.00000000005DE000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339725599.00000000005CD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://aleksandr-block.com/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2339725599.00000000005CD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://aleksandr-block.com/api |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337379417.00000000005DE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://aleksandr-block.com/eF |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000002.2340587360.00000000005E0000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337379417.00000000005DE000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339836062.00000000005DE000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339725599.00000000005CD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://aleksandr-block.com/pi |
| Source: XhlpAnBmIk.exe, 00000000.00000002.2340351298.000000000056E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://aleksandr-block.com/t |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000002.2340621909.0000000000614000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337424519.0000000000613000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337379417.00000000005DE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.f |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337424519.0000000000613000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337379417.00000000005DE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.co |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.000000000059C000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000616000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=SCXpgixTDzt4&a |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap& |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.000000000059C000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000616000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.000000000059C000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000002.2340642872.0000000000627000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000616000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.000000000059C000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000616000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.000000000059C000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000616000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=M_FULq_A |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.000000000059C000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000616000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=BFN_ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=iUcMsAN_acD6&l=e |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english& |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=en |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe& |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S& |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://help.steampowered.com/en/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/discussions/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.000000000059C000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000002.2340642872.0000000000627000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000616000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900 |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/market/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.000000000059C000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000616000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.000000000059C000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000002.2340642872.0000000000627000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000616000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/workshop/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/about/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/explore/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.000000000059C000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000002.2340642872.0000000000627000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000616000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/legal/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/mobile |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/news/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/points/shop/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/stats/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337249348.00000000005A3000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://truculengisau.biz/ |
| Source: XhlpAnBmIk.exe | String found in binary or memory: https://www.certum.pl/CPS0 |
| Source: XhlpAnBmIk.exe, 00000000.00000003.2337155988.0000000000619000.00000004.00000020.00020000.00000000.sdmp, XhlpAnBmIk.exe, 00000000.00000003.2339674809.000000000061F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_00404DA8 | 0_2_00404DA8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0040584C | 0_2_0040584C |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_00405858 | 0_2_00405858 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0040582C | 0_2_0040582C |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0040515C | 0_2_0040515C |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_004083E4 | 0_2_004083E4 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0040538C | 0_2_0040538C |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_00404C5C | 0_2_00404C5C |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_00404C08 | 0_2_00404C08 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_00404CDC | 0_2_00404CDC |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_00405CBC | 0_2_00405CBC |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0040457C | 0_2_0040457C |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_00405D06 | 0_2_00405D06 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_00405674 | 0_2_00405674 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0221044B | 0_2_0221044B |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02265D00 | 0_2_02265D00 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02262200 | 0_2_02262200 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_022522D5 | 0_2_022522D5 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0226130C | 0_2_0226130C |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02239318 | 0_2_02239318 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0222E368 | 0_2_0222E368 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02243350 | 0_2_02243350 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02254358 | 0_2_02254358 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0222D398 | 0_2_0222D398 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02245398 | 0_2_02245398 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_022143E8 | 0_2_022143E8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_022233E8 | 0_2_022233E8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_022323D8 | 0_2_022323D8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02210000 | 0_2_02210000 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0221A008 | 0_2_0221A008 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0224B012 | 0_2_0224B012 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0224D078 | 0_2_0224D078 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_022540A8 | 0_2_022540A8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0222E098 | 0_2_0222E098 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_022450D8 | 0_2_022450D8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02226178 | 0_2_02226178 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0223F15B | 0_2_0223F15B |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_022171A8 | 0_2_022171A8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_022151E8 | 0_2_022151E8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0221C1D8 | 0_2_0221C1D8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02238638 | 0_2_02238638 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02253648 | 0_2_02253648 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_022546A8 | 0_2_022546A8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02217688 | 0_2_02217688 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0222C71E | 0_2_0222C71E |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0224C768 | 0_2_0224C768 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02250748 | 0_2_02250748 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0223F7AD | 0_2_0223F7AD |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_022634A8 | 0_2_022634A8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_022164C8 | 0_2_022164C8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0224C508 | 0_2_0224C508 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0223E568 | 0_2_0223E568 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0224B5A0 | 0_2_0224B5A0 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_022525A0 | 0_2_022525A0 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02240598 | 0_2_02240598 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_022625D0 | 0_2_022625D0 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_022345DF | 0_2_022345DF |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02247A08 | 0_2_02247A08 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02262A08 | 0_2_02262A08 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02253A78 | 0_2_02253A78 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02243A50 | 0_2_02243A50 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02217A58 | 0_2_02217A58 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02240A5D | 0_2_02240A5D |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02227AA7 | 0_2_02227AA7 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02242AAE | 0_2_02242AAE |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0221AA88 | 0_2_0221AA88 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0222CAC8 | 0_2_0222CAC8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0222FB18 | 0_2_0222FB18 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02219B68 | 0_2_02219B68 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02252B79 | 0_2_02252B79 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02215B98 | 0_2_02215B98 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02241918 | 0_2_02241918 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02222940 | 0_2_02222940 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0224A9F4 | 0_2_0224A9F4 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0222BE3C | 0_2_0222BE3C |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0221AE68 | 0_2_0221AE68 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02217EE8 | 0_2_02217EE8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02227EC5 | 0_2_02227EC5 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0221EF58 | 0_2_0221EF58 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02229F58 | 0_2_02229F58 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0222AFD8 | 0_2_0222AFD8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02230FD8 | 0_2_02230FD8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0222DC38 | 0_2_0222DC38 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02218CC8 | 0_2_02218CC8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0224DCD8 | 0_2_0224DCD8 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02253D28 | 0_2_02253D28 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0222AD38 | 0_2_0222AD38 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02231D08 | 0_2_02231D08 |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_02221D0E | 0_2_02221D0E |
| Source: C:\Users\user\Desktop\XhlpAnBmIk.exe | Code function: 0_2_0221FD78 | 0_2_0221FD78 |
Edit tour
XhlpAnBmIk.exe (PID: 2508 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node