Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: associationokeo.shop |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: turkeyunlikelyofw.shop |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: pooreveningfuseor.pw |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: edurestunningcrackyow.fun |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: detectordiscusser.shop |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: relevantvoicelesskw.shop |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: colorfulequalugliess.shop |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: wisemassiveharmonious.shop |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: unhappytidydryypwto.shop |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: TeslaBrowser/5.5 |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: - Screen Resoluton: |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: - Physical Installed Memory: |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: Workgroup: - |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp |
String decryptor: GjKsB2-- |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000080h] |
0_2_003D3216 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+00000080h] |
0_2_003D3216 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000080h] |
0_2_003D3216 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000080h] |
0_2_003D12E2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then cmp dword ptr [eax-08h], 5C3924FCh |
0_2_003C541A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov ecx, dword ptr [esp+10h] |
0_2_003B95E0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then lea esi, dword ptr [edx+ecx] |
0_2_003CD860 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
0_2_003C390E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+08h] |
0_2_003E2156 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then movzx eax, byte ptr [esi+ecx] |
0_2_003BD1C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then test esi, esi |
0_2_003E52C9 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then jmp ecx |
0_2_003E3458 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then jmp eax |
0_2_003E4489 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+04h] |
0_2_003C05BD |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
0_2_003DD620 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov eax, dword ptr [esp+28h] |
0_2_003C561D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000080h] |
0_2_003D3216 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+00000080h] |
0_2_003D3216 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000080h] |
0_2_003D3216 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov ecx, dword ptr [esp+000000A8h] |
0_2_003C4810 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then jmp eax |
0_2_003C19E7 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then jmp ecx |
0_2_003BFA7F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then jmp ecx |
0_2_003BFA72 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then add ecx, dword ptr [esp+eax*4+30h] |
0_2_003B7B20 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov eax, dword ptr [003EDC58h] |
0_2_003CCB43 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov edi, dword ptr [esi+0Ch] |
0_2_003CFB8E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov ecx, dword ptr [esp+10h] |
0_2_003CCB80 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov eax, dword ptr [esi+08h] |
0_2_003E2C52 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+00000080h] |
0_2_003D0D8E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+04h] |
0_2_003C0E43 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 4x nop then mov eax, edi |
0_2_003E4FB2 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://x1.c.lencr.org/0 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://x1.i.lencr.org/0 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1389454135.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1389454135.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1360508594.0000000001419000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1462122491.00000000013C5000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1372307247.0000000001469000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1360508594.00000000013E1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1462355021.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000002.1463876472.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1461923804.00000000013D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://unhappytidydryypwto.shop/ |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1418365611.0000000001466000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1405389775.0000000001465000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://unhappytidydryypwto.shop/44 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1410106897.000000000146C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000002.1464141859.0000000001466000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://unhappytidydryypwto.shop/api |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1461606764.0000000001465000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000002.1464141859.0000000001466000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://unhappytidydryypwto.shop/api#: |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1461606764.0000000001465000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1387782522.0000000001468000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000002.1464141859.0000000001466000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://unhappytidydryypwto.shop/apin:L |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1387782522.0000000001468000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://unhappytidydryypwto.shop:443/api |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1389454135.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.HCe2hc5EPKfq |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1389454135.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.oX6J3D7V9Efv |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1389454135.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1389454135.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1389454135.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1389454135.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E6060 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E6060 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C9080 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003C9080 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003D20C1 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003D20C1 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C4280 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003C4280 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C541A NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003C541A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E5440 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E5440 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E24B2 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E24B2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E5640 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E5640 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C46B7 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003C46B7 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C56F7 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003C56F7 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E27AF NtOpenSection, |
0_2_003E27AF |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E27F1 NtMapViewOfSection, |
0_2_003E27F1 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E67D0 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E67D0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E5810 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E5810 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E286A NtClose, |
0_2_003E286A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003CD860 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003CD860 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E5940 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E5940 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E2987 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E2987 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E5BD0 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E5BD0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C4D10 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003C4D10 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E5D40 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E5D40 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C8E50 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003C8E50 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003CCF46 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003CCF46 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E0F80 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E0F80 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003DF1E0 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003DF1E0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E1220 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E1220 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C2277 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003C2277 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C7305 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003C7305 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E6400 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E6400 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E14A0 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E14A0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C6492 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003C6492 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003CC5F0 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003CC5F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C960A NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003C960A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E1600 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E1600 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E1710 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E1710 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C2700 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003C2700 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003CC765 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003CC765 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003CA762 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003CA762 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C6790 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003C6790 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E1840 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E1840 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003CA880 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003CA880 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E1950 NtAllocateVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E1950 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E5AB0 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003E5AB0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C7C59 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003C7C59 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E2C52 NtFreeVirtualMemory, |
0_2_003E2C52 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C9C41 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003C9C41 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003CEDB2 NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003CEDB2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003D0F04 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, |
0_2_003D0F04 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E6060 |
0_2_003E6060 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003D3216 |
0_2_003D3216 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003D12E2 |
0_2_003D12E2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003B4640 |
0_2_003B4640 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003CD860 |
0_2_003CD860 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003CCF46 |
0_2_003CCF46 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003B51F0 |
0_2_003B51F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003B3240 |
0_2_003B3240 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003D2382 |
0_2_003D2382 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003CF3FD |
0_2_003CF3FD |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003E6400 |
0_2_003E6400 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003B64F0 |
0_2_003B64F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003CD622 |
0_2_003CD622 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C960A |
0_2_003C960A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003B1700 |
0_2_003B1700 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003D3216 |
0_2_003D3216 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_0040F87F |
0_2_0040F87F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C3A27 |
0_2_003C3A27 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C7A8C |
0_2_003C7A8C |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003B7B20 |
0_2_003B7B20 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003B3C60 |
0_2_003B3C60 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C9C41 |
0_2_003C9C41 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003BFDB0 |
0_2_003BFDB0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003D6D8E |
0_2_003D6D8E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003B2E70 |
0_2_003B2E70 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003B5F30 |
0_2_003B5F30 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003D0F04 |
0_2_003D0F04 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003C2F77 |
0_2_003C2F77 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Code function: 0_2_003DEF80 |
0_2_003DEF80 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696497155j |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696497155t |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1360508594.0000000001408000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1462122491.0000000001407000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000002.1463953963.0000000001409000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1461923804.0000000001407000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - HKVMware20,11696497155] |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696497155|UE |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696497155o |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000002.1463772710.00000000013AE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW` |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe |
Binary or memory string: 9SDokXWuT7k/o0zmFdI+5yZXyfjdDVtvdBCKQMC7RUN74ZnXXnXfhxjfIuiZlHWLOEZh7yU2OUXaC0KOu1lA7guRD8jUl+YL/jV4e4s8Af3Yf0SL+EH9Nir8/I/6cgr8AuehgFsatiaOZiP5ud66KrfNQakFogGwqi01OGshxNLlXk75qdnYqEmja4bFX50KvIXsUhbKrnbOpHRo5rei0yg1qt3msWkBojOykFtdII2ep8Ti5TC6idfMCnds9Npph6Fq |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696497155x |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696497155h |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696497155n |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.co.inVMware20,11696497155d |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696497155x |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.000000000394B000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: - GDCDYNVMware20,11696497155p |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.comVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe |
Binary or memory string: WtvuF+P406voTx9Wltl3E/5lGVHZO7Qh5ejQhhFihjaCUi6MEor4Vj/NhscRXP5vyZCubEizzJAyXtsIMrKDuopDcRMMFbv6vBv6z++TpP7ZBgP1ako6UXVMcir1+swte3aZvpyZd+T7mVpjZqlgwRH3Ayl5z1nbXp6eqzQwKdul+SvLGL+tLe/jPr5yXn5sujJvEz0PvGAL9aK/teXD3kJlu1LvwMFdtjHsCSYee9T7mpKGgbpYqSMjRK1UvNA3tykU |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1373080900.000000000393D000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696497155} |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696497155^ |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696497155u |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696497155f |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696497155t |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696497155s |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.comVMware20,11696497155} |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696497155~ |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696497155x |
Source: LisectAVT_2403002A_236.exe, 00000000.00000002.1463595133.00000000010F5000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: 4<d4<d4<Wallets/Electrum-LTC53<C:\Users\user\AppData\Roaming\Electrum-LTC\wallets3p2<%appdata%\Electrum-LTC\wallets<* |
Source: LisectAVT_2403002A_236.exe, 00000000.00000002.1463595133.00000000010F5000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: 4<d4<d4<Wallets/ElectronCash53<C:\Users\user\AppData\Roaming\ElectronCash\wallets3p2<%appdata%\ElectronCash\wallets<* |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1461923804.00000000013D4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB |
Source: LisectAVT_2403002A_236.exe, 00000000.00000002.1463595133.00000000010F5000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: 1<window-state.json |
Source: LisectAVT_2403002A_236.exe, 00000000.00000002.1463595133.00000000010F5000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: 4<d4<d4<Wallets/Exodus<C:\Users\user\AppData\Roaming\Exodus\exodus.wallet3p2<%appdata%\Exodus\exodus.wallet<keystoreC |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1462122491.00000000013C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: ExodusWeb3 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000002.1463595133.00000000010F5000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: d4<app-store.json<Wallets/BinanceC:\Users\user\AppData\Roaming\Binancep2<%appdata%\Binance mC |
Source: LisectAVT_2403002A_236.exe, 00000000.00000002.1463595133.00000000010F5000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: d4<Wallets/Ethereum<_lC |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1461923804.00000000013D4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1462122491.00000000013C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: keystore |
Source: LisectAVT_2403002A_236.exe, 00000000.00000002.1463595133.00000000010F5000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: 4<d4<d4<Wallets/Ledger Live53<C:\Users\user\AppData\Roaming\Ledger Live*p2<%appdata%\Ledger Live |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001 |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\Application Data\Mozilla\Firefox |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\logins.json |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\formhistory.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cert9.db |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\key4.db |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ca4gppea.default\key4.db |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\FENIVHOIKN |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\HTAGVDFUIE |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\MNULNCRIYC |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\PSAMNLJHZW |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\QVTVNIBKSD |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\VAMYDFPUND |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\FACWLRWHGG |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\MNULNCRIYC |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\PSAMNLJHZW |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\QVTVNIBKSD |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\VAMYDFPUND |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\YPSIACHYXW |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\ZBEDCJPBEY |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\ZSSZYEFYMU |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\FACWLRWHGG |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\HTAGVDFUIE |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\PSAMNLJHZW |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\QVTVNIBKSD |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\UMMBDNEQBN |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\VAMYDFPUND |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\ZSSZYEFYMU |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\UMMBDNEQBN |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\UMMBDNEQBN |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\VAMYDFPUND |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\FACWLRWHGG |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\FENIVHOIKN |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\HTAGVDFUIE |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\MNULNCRIYC |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\NHPKIZUUSG |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\PSAMNLJHZW |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\QVTVNIBKSD |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\UMMBDNEQBN |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\VAMYDFPUND |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\YPSIACHYXW |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\ZBEDCJPBEY |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\ZSSZYEFYMU |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\FACWLRWHGG |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\HTAGVDFUIE |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\MNULNCRIYC |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\NHPKIZUUSG |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\PSAMNLJHZW |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\UMMBDNEQBN |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\VAMYDFPUND |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\YPSIACHYXW |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\ZBEDCJPBEY |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\ZSSZYEFYMU |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\FACWLRWHGG |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\FENIVHOIKN |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\HTAGVDFUIE |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\MNULNCRIYC |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\PSAMNLJHZW |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\QVTVNIBKSD |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\UMMBDNEQBN |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\VAMYDFPUND |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\YPSIACHYXW |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\ZBEDCJPBEY |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe |
Directory queried: C:\Users\user\Documents\ZSSZYEFYMU |
Jump to behavior |