Source: file.exe |
String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01 |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: file.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, file.exe, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: file.exe, 00000000.00000002.2060446715.0000000003FE5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293044181.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://cowod.hopto.org_DEBUG.zip/c |
Source: file.exe |
String found in binary or memory: http://crl.entrust.net/2048ca.crl0 |
Source: file.exe |
String found in binary or memory: http://crl.entrust.net/ts1ca.crl0 |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: file.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, file.exe, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: file.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, file.exe, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, file.exe, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://ocsp.digicert.com0N |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: file.exe |
String found in binary or memory: http://ocsp.entrust.net02 |
Source: file.exe |
String found in binary or memory: http://ocsp.entrust.net03 |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, file.exe, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: file.exe |
String found in binary or memory: http://www.entrust.net/rpa03 |
Source: RegAsm.exe, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3325754871.000000006C10D000.00000002.00000001.01000000.00000009.sdmp, mozglue.dll.2.dr |
String found in binary or memory: http://www.mozilla.com/en-US/blocklist/ |
Source: RegAsm.exe, 00000002.00000002.3299208500.000000001C9E7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304083321.000000002298D000.00000002.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.sqlite.org/copyright.html. |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://5.75.211.162 |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://5.75.211.162/ |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://5.75.211.162/freebl3.dll |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://5.75.211.162/mozglue.dll |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://5.75.211.162/msvcp140.dll |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://5.75.211.162/nss3.dll |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://5.75.211.162/softokn3.dll |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://5.75.211.162/softokn3.dll6V#~ |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000055D000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://5.75.211.162/sqlp.dll |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://5.75.211.162/vcruntime140.dll |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://5.75.211.162/xmx~3 |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://5.75.211.162AAAFC |
Source: RegAsm.exe, 00000002.00000002.3293044181.00000000005A1000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://5.75.211.162AKKJD |
Source: RegAsm.exe, 00000002.00000002.3293044181.0000000000563000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://5.75.211.162EBFBA |
Source: RegAsm.exe, 00000002.00000002.3293044181.0000000000563000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://5.75.211.162rt/form-data; |
Source: AAAAKJ.2.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg |
Source: RegAsm.exe, 00000002.00000002.3293998119.00000000014BE000.00000004.00000020.00020000.00000000.sdmp, CFHDBF.2.dr |
String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743. |
Source: RegAsm.exe, 00000002.00000002.3293998119.00000000014BE000.00000004.00000020.00020000.00000000.sdmp, CFHDBF.2.dr |
String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta |
Source: AAAAKJ.2.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: AAAAKJ.2.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: AAAAKJ.2.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=nSnUuYf7g6U1&a |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG& |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1 |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=PzKBszTg |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=WnGP |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=B0lGn8MokmdT&l=e |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english |
Source: 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6& |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0 |
Source: RegAsm.exe, 00000002.00000002.3293998119.00000000014BE000.00000004.00000020.00020000.00000000.sdmp, CFHDBF.2.dr |
String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
Source: RegAsm.exe, 00000002.00000002.3293998119.00000000014BE000.00000004.00000020.00020000.00000000.sdmp, CFHDBF.2.dr |
String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dbsmena.com/ |
Source: RegAsm.exe, 00000002.00000002.3293044181.0000000000563000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://dbsmena.com/ljhgfsd.exe |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dbsmena.com/ljhgfsd.exe) |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://dbsmena.com/ljhgfsd.exe1kkkk1218740https://dbsmena.com/vdshfd.exe1kkkk783966f7e54258 |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dbsmena.com/ljhgfsd.exe? |
Source: RegAsm.exe, 00000002.00000002.3293044181.0000000000563000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://dbsmena.com/ljhgfsd.exea; |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293044181.000000000055D000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://dbsmena.com/ljhgfsd.exeent-Disposition: |
Source: RegAsm.exe, 00000002.00000002.3293044181.0000000000563000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://dbsmena.com/ljhgfsd.exefCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0b |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dbsmena.com/vdshfd.exe |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://dbsmena.com/vdshfd.exetent-Disposition: |
Source: AAAAKJ.2.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: AAAAKJ.2.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: AAAAKJ.2.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://help.steampowered.com/en/ |
Source: CFHDBF.2.dr |
String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: https://mozilla.org0/ |
Source: 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/ |
Source: RegAsm.exe, 00000002.00000002.3293998119.0000000001331000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/6 |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199780418869 |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/market/ |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: file.exe, 00000000.00000002.2060446715.0000000003FE5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.3293044181.0000000000400000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.0000000001331000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869 |
Source: RegAsm.exe, 00000002.00000002.3293998119.0000000001331000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869$ |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869/badges |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869/inventory/ |
Source: RegAsm.exe, 00000002.00000002.3293998119.0000000001331000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/765611997804188695 |
Source: file.exe, 00000000.00000002.2060446715.0000000003FE5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293044181.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0 |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/ |
Source: 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/about/ |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/explore/ |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/legal/ |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/mobile |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/news/ |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/privac |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/stats/ |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: EBKKKE.2.dr |
String found in binary or memory: https://support.mozilla.org |
Source: EBKKKE.2.dr |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: EBKKKE.2.dr |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL |
Source: file.exe, 00000000.00000002.2060446715.0000000003FE5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.3293044181.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/ae5ed |
Source: RegAsm.exe, 00000002.00000002.3293998119.00000000014BE000.00000004.00000020.00020000.00000000.sdmp, CFHDBF.2.dr |
String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477 |
Source: RegAsm.exe, 00000002.00000002.3293998119.00000000014BE000.00000004.00000020.00020000.00000000.sdmp, CFHDBF.2.dr |
String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3307228055.0000000028FBA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3304395342.0000000023050000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.2.dr, softokn3.dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: AAAAKJ.2.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: file.exe |
String found in binary or memory: https://www.entrust.net/rpa0 |
Source: AAAAKJ.2.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: EBKKKE.2.dr |
String found in binary or memory: https://www.mozilla.org |
Source: RegAsm.exe, 00000002.00000002.3298728930.000000001C3EC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293044181.00000000005A1000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/about/ |
Source: EBKKKE.2.dr |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc |
Source: RegAsm.exe, 00000002.00000002.3293044181.00000000005A1000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/about/ost.exe |
Source: RegAsm.exe, 00000002.00000002.3298728930.000000001C3EC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293044181.00000000005A1000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/ |
Source: EBKKKE.2.dr |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6 |
Source: RegAsm.exe, 00000002.00000002.3298728930.000000001C3EC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ |
Source: EBKKKE.2.dr |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: EBKKKE.2.dr |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: EBKKKE.2.dr |
String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
Source: RegAsm.exe, 00000002.00000002.3298728930.000000001C3EC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/ |
Source: EBKKKE.2.dr |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.2.dr |
String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_01240C40 |
0_2_01240C40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0042D933 |
2_2_0042D933 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0042D1C3 |
2_2_0042D1C3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0041C472 |
2_2_0041C472 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0042D561 |
2_2_0042D561 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0041950A |
2_2_0041950A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0042DD1B |
2_2_0042DD1B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0042CD2E |
2_2_0042CD2E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_0041B712 |
2_2_0041B712 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0935A0 |
2_2_6C0935A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C10AC00 |
2_2_6C10AC00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0D5C10 |
2_2_6C0D5C10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0E2C10 |
2_2_6C0E2C10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C10542B |
2_2_6C10542B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0A5440 |
2_2_6C0A5440 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C10545C |
2_2_6C10545C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0A6C80 |
2_2_6C0A6C80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0F34A0 |
2_2_6C0F34A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0FC4A0 |
2_2_6C0FC4A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0A64C0 |
2_2_6C0A64C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0BD4D0 |
2_2_6C0BD4D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C09D4E0 |
2_2_6C09D4E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0D6CF0 |
2_2_6C0D6CF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0AFD00 |
2_2_6C0AFD00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0BED10 |
2_2_6C0BED10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0C0512 |
2_2_6C0C0512 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0D0DD0 |
2_2_6C0D0DD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0F85F0 |
2_2_6C0F85F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0E5600 |
2_2_6C0E5600 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0D7E10 |
2_2_6C0D7E10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0F9E30 |
2_2_6C0F9E30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0E2E4E |
2_2_6C0E2E4E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0B4640 |
2_2_6C0B4640 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0B9E50 |
2_2_6C0B9E50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0D3E50 |
2_2_6C0D3E50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C106E63 |
2_2_6C106E63 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C09C670 |
2_2_6C09C670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0FE680 |
2_2_6C0FE680 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0B5E90 |
2_2_6C0B5E90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0F4EA0 |
2_2_6C0F4EA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C1076E3 |
2_2_6C1076E3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C09BEF0 |
2_2_6C09BEF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0AFEF0 |
2_2_6C0AFEF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0A9F00 |
2_2_6C0A9F00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0D7710 |
2_2_6C0D7710 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0E77A0 |
2_2_6C0E77A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C09DFE0 |
2_2_6C09DFE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0C6FF0 |
2_2_6C0C6FF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0A7810 |
2_2_6C0A7810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0DB820 |
2_2_6C0DB820 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0E4820 |
2_2_6C0E4820 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0B8850 |
2_2_6C0B8850 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0BD850 |
2_2_6C0BD850 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0DF070 |
2_2_6C0DF070 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0C60A0 |
2_2_6C0C60A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C1050C7 |
2_2_6C1050C7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0BC0E0 |
2_2_6C0BC0E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0D58E0 |
2_2_6C0D58E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0BA940 |
2_2_6C0BA940 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C10B170 |
2_2_6C10B170 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0AD960 |
2_2_6C0AD960 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0EB970 |
2_2_6C0EB970 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0D5190 |
2_2_6C0D5190 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0F2990 |
2_2_6C0F2990 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C09C9A0 |
2_2_6C09C9A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0CD9B0 |
2_2_6C0CD9B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0D9A60 |
2_2_6C0D9A60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C10BA90 |
2_2_6C10BA90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C102AB0 |
2_2_6C102AB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0922A0 |
2_2_6C0922A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0C4AA0 |
2_2_6C0C4AA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0ACAB0 |
2_2_6C0ACAB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0D8AC0 |
2_2_6C0D8AC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0B1AF0 |
2_2_6C0B1AF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0DE2F0 |
2_2_6C0DE2F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0DD320 |
2_2_6C0DD320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C095340 |
2_2_6C095340 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C0AC370 |
2_2_6C0AC370 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C09F380 |
2_2_6C09F380 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C1053C8 |
2_2_6C1053C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C21AC30 |
2_2_6C21AC30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C206C00 |
2_2_6C206C00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C14AC60 |
2_2_6C14AC60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C19ECD0 |
2_2_6C19ECD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C13ECC0 |
2_2_6C13ECC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C2C8D20 |
2_2_6C2C8D20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C20ED70 |
2_2_6C20ED70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C26AD50 |
2_2_6C26AD50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C1D6D90 |
2_2_6C1D6D90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C144DB0 |
2_2_6C144DB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C2CCDC0 |
2_2_6C2CCDC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C220E20 |
2_2_6C220E20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C1DEE70 |
2_2_6C1DEE70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C1C6E90 |
2_2_6C1C6E90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C14AEC0 |
2_2_6C14AEC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C1E0EC0 |
2_2_6C1E0EC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C146F10 |
2_2_6C146F10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C280F20 |
2_2_6C280F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C202F70 |
2_2_6C202F70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C1AEF40 |
2_2_6C1AEF40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C288FB0 |
2_2_6C288FB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C14EFB0 |
2_2_6C14EFB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C21EFF0 |
2_2_6C21EFF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C140FE0 |
2_2_6C140FE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C190820 |
2_2_6C190820 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C1CA820 |
2_2_6C1CA820 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C214840 |
2_2_6C214840 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C2468E0 |
2_2_6C2468E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 2_2_6C196900 |
2_2_6C196900 |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr |
Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2); |
Source: RegAsm.exe, 00000002.00000002.3299208500.000000001C9E7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3326846154.000000006C2CF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3303889118.0000000022958000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.2.dr |
Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr |
Binary or memory string: SELECT ALL * FROM %s LIMIT 0; |
Source: RegAsm.exe, 00000002.00000002.3299208500.000000001C9E7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3326846154.000000006C2CF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3303889118.0000000022958000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.2.dr |
Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB); |
Source: RegAsm.exe, 00000002.00000002.3299208500.000000001C9E7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3326846154.000000006C2CF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3303889118.0000000022958000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.2.dr |
Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB); |
Source: RegAsm.exe, 00000002.00000002.3299208500.000000001C9E7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3326846154.000000006C2CF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3303889118.0000000022958000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.2.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx)); |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr |
Binary or memory string: UPDATE %s SET %s WHERE id=$ID; |
Source: RegAsm.exe, 00000002.00000002.3299208500.000000001C9E7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3303889118.0000000022958000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check'); |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr |
Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID; |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr |
Binary or memory string: SELECT ALL id FROM %s WHERE %s; |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr |
Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1); |
Source: RegAsm.exe, 00000002.00000002.3299208500.000000001C9E7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3303889118.0000000022958000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0; |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr |
Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s); |
Source: RegAsm.exe, RegAsm.exe, 00000002.00000002.3299208500.000000001C9E7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3326846154.000000006C2CF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3303889118.0000000022958000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.2.dr |
Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q); |
Source: RegAsm.exe, 00000002.00000002.3299208500.000000001C9E7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3326846154.000000006C2CF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000002.00000002.3318468661.0000000040D70000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3303889118.0000000022958000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.2.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB); |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr |
Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2); |
Source: RegAsm.exe, 00000002.00000002.3299208500.000000001C9E7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3303889118.0000000022958000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN); |
Source: JDGHII.2.dr, DAEBKK.2.dr |
Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key)); |
Source: RegAsm.exe, 00000002.00000002.3299208500.000000001C9E7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3303889118.0000000022958000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode); |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr |
Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD |
Source: RegAsm.exe, 00000002.00000002.3299208500.000000001C9E7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3303889118.0000000022958000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN); |
Source: RegAsm.exe, 00000002.00000002.3312936893.0000000034E93000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.2.dr |
Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1; |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mozglue.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dui70.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: duser.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windows.ui.immersive.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: bcp47mrm.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: uianimation.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dcomp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree, |
2_2_00410DDB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
2_2_0042B0CC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, |
2_2_0042B1C1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free, |
2_2_00429A50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen, |
2_2_0042B268 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage, |
2_2_0042B2C3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement, |
2_2_0042AB40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW, |
2_2_004253E3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, |
2_2_0042B494 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,__freea, |
2_2_0042749C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: EnumSystemLocalesA, |
2_2_0042B556 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free, |
2_2_00429D6E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l, |
2_2_0042E56F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
2_2_00427576 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
2_2_00428DC4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, |
2_2_0042B5E7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, |
2_2_0042B580 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s, |
2_2_0042B623 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: GetLocaleInfoA, |
2_2_0042E6A4 |
Source: RegAsm.exe, 00000002.00000002.3293044181.0000000000582000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: *,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|DESKTOP|%DESKTOP%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3| |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: Exodus Web3 Wallet |
Source: RegAsm.exe, 00000002.00000002.3293044181.0000000000582000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: *,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|DESKTOP|%DESKTOP%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3| |
Source: RegAsm.exe, 00000002.00000002.3293044181.000000000046B000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: \Coinomi\Coinomi\wallets\ |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: RegAsm.exe, 00000002.00000002.3293998119.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |