Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp | String decryptor: associationokeo.shop |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp | String decryptor: turkeyunlikelyofw.shop |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp | String decryptor: pooreveningfuseor.pw |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp | String decryptor: edurestunningcrackyow.fun |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp | String decryptor: detectordiscusser.shop |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp | String decryptor: relevantvoicelesskw.shop |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp | String decryptor: colorfulequalugliess.shop |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp | String decryptor: wisemassiveharmonious.shop |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp | String decryptor: unhappytidydryypwto.shop |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp | String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp | String decryptor: TeslaBrowser/5.5 |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp | String decryptor: - Screen Resoluton: |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp | String decryptor: - Physical Installed Memory: |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp | String decryptor: Workgroup: - |
Source: 00000000.00000002.1462760099.00000000003E7000.00000002.00000001.01000000.00000003.sdmp | String decryptor: GjKsB2-- |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov eax, dword ptr [esi+00000080h] | 0_2_003D3216 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov ecx, dword ptr [esi+00000080h] | 0_2_003D3216 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov eax, dword ptr [esi+00000080h] | 0_2_003D3216 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov eax, dword ptr [esi+00000080h] | 0_2_003D12E2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then cmp dword ptr [eax-08h], 5C3924FCh | 0_2_003C541A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov ecx, dword ptr [esp+10h] | 0_2_003B95E0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then lea esi, dword ptr [edx+ecx] | 0_2_003CD860 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov eax, dword ptr [esi+04h] | 0_2_003C390E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov ecx, dword ptr [esi+08h] | 0_2_003E2156 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then movzx eax, byte ptr [esi+ecx] | 0_2_003BD1C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then test esi, esi | 0_2_003E52C9 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then jmp ecx | 0_2_003E3458 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then jmp eax | 0_2_003E4489 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov ecx, dword ptr [esi+04h] | 0_2_003C05BD |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 0_2_003DD620 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov eax, dword ptr [esp+28h] | 0_2_003C561D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov eax, dword ptr [esi+00000080h] | 0_2_003D3216 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov ecx, dword ptr [esi+00000080h] | 0_2_003D3216 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov eax, dword ptr [esi+00000080h] | 0_2_003D3216 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov ecx, dword ptr [esp+000000A8h] | 0_2_003C4810 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then jmp eax | 0_2_003C19E7 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then jmp ecx | 0_2_003BFA7F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then jmp ecx | 0_2_003BFA72 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then add ecx, dword ptr [esp+eax*4+30h] | 0_2_003B7B20 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov eax, dword ptr [003EDC58h] | 0_2_003CCB43 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov edi, dword ptr [esi+0Ch] | 0_2_003CFB8E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov ecx, dword ptr [esp+10h] | 0_2_003CCB80 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov eax, dword ptr [esi+08h] | 0_2_003E2C52 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov ecx, dword ptr [esi+00000080h] | 0_2_003D0D8E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov ecx, dword ptr [esi+04h] | 0_2_003C0E43 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 4x nop then mov eax, edi | 0_2_003E4FB2 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1388317441.000000000391C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1389454135.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1389454135.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1360508594.0000000001419000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1462122491.00000000013C5000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1372307247.0000000001469000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1360508594.00000000013E1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1462355021.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000002.1463876472.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1461923804.00000000013D9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://unhappytidydryypwto.shop/ |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1418365611.0000000001466000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1405389775.0000000001465000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://unhappytidydryypwto.shop/44 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1410106897.000000000146C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000002.1464141859.0000000001466000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://unhappytidydryypwto.shop/api |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1461606764.0000000001465000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000002.1464141859.0000000001466000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://unhappytidydryypwto.shop/api#: |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1461606764.0000000001465000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1387782522.0000000001468000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000002.1464141859.0000000001466000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://unhappytidydryypwto.shop/apin:L |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1387782522.0000000001468000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://unhappytidydryypwto.shop:443/api |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1361447801.0000000003937000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361401916.000000000393A000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1361519752.0000000003937000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1389454135.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.HCe2hc5EPKfq |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1389454135.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.oX6J3D7V9Efv |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1389454135.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1389454135.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1389454135.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1389454135.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E6060 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E6060 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C9080 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003C9080 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003D20C1 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003D20C1 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C4280 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003C4280 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C541A NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003C541A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E5440 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E5440 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E24B2 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E24B2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E5640 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E5640 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C46B7 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003C46B7 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C56F7 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003C56F7 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E27AF NtOpenSection, | 0_2_003E27AF |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E27F1 NtMapViewOfSection, | 0_2_003E27F1 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E67D0 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E67D0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E5810 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E5810 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E286A NtClose, | 0_2_003E286A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003CD860 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003CD860 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E5940 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E5940 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E2987 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E2987 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E5BD0 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E5BD0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C4D10 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003C4D10 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E5D40 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E5D40 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C8E50 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003C8E50 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003CCF46 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003CCF46 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E0F80 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E0F80 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003DF1E0 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003DF1E0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E1220 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E1220 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C2277 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003C2277 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C7305 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003C7305 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E6400 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E6400 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E14A0 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E14A0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C6492 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003C6492 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003CC5F0 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003CC5F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C960A NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003C960A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E1600 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E1600 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E1710 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E1710 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C2700 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003C2700 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003CC765 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003CC765 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003CA762 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003CA762 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C6790 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003C6790 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E1840 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E1840 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003CA880 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003CA880 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E1950 NtAllocateVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E1950 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E5AB0 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003E5AB0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C7C59 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003C7C59 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E2C52 NtFreeVirtualMemory, | 0_2_003E2C52 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C9C41 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003C9C41 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003CEDB2 NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003CEDB2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003D0F04 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory, | 0_2_003D0F04 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E6060 | 0_2_003E6060 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003D3216 | 0_2_003D3216 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003D12E2 | 0_2_003D12E2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003B4640 | 0_2_003B4640 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003CD860 | 0_2_003CD860 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003CCF46 | 0_2_003CCF46 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003B51F0 | 0_2_003B51F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003B3240 | 0_2_003B3240 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003D2382 | 0_2_003D2382 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003CF3FD | 0_2_003CF3FD |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003E6400 | 0_2_003E6400 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003B64F0 | 0_2_003B64F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003CD622 | 0_2_003CD622 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C960A | 0_2_003C960A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003B1700 | 0_2_003B1700 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003D3216 | 0_2_003D3216 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_0040F87F | 0_2_0040F87F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C3A27 | 0_2_003C3A27 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C7A8C | 0_2_003C7A8C |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003B7B20 | 0_2_003B7B20 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003B3C60 | 0_2_003B3C60 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C9C41 | 0_2_003C9C41 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003BFDB0 | 0_2_003BFDB0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003D6D8E | 0_2_003D6D8E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003B2E70 | 0_2_003B2E70 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003B5F30 | 0_2_003B5F30 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003D0F04 | 0_2_003D0F04 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003C2F77 | 0_2_003C2F77 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Code function: 0_2_003DEF80 | 0_2_003DEF80 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: dev.azure.comVMware20,11696497155j |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: global block list test formVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: turbotax.intuit.comVMware20,11696497155t |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - COM.HKVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1360508594.0000000001408000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1462122491.0000000001407000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000002.1463953963.0000000001409000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_236.exe, 00000000.00000003.1461923804.0000000001407000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - HKVMware20,11696497155] |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: secure.bankofamerica.comVMware20,11696497155|UE |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: tasks.office.comVMware20,11696497155o |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Change Transaction PasswordVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000002.1463772710.00000000013AE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW` |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe | Binary or memory string: 9SDokXWuT7k/o0zmFdI+5yZXyfjdDVtvdBCKQMC7RUN74ZnXXnXfhxjfIuiZlHWLOEZh7yU2OUXaC0KOu1lA7guRD8jUl+YL/jV4e4s8Af3Yf0SL+EH9Nir8/I/6cgr8AuehgFsatiaOZiP5ud66KrfNQakFogGwqi01OGshxNLlXk75qdnYqEmja4bFX50KvIXsUhbKrnbOpHRo5rei0yg1qt3msWkBojOykFtdII2ep8Ti5TC6idfMCnds9Npph6Fq |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: bankofamerica.comVMware20,11696497155x |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: ms.portal.azure.comVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: trackpan.utiitsl.comVMware20,11696497155h |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - EU WestVMware20,11696497155n |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: interactivebrokers.co.inVMware20,11696497155d |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Transaction PasswordVMware20,11696497155x |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Test URL for global passwords blocklistVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.000000000394B000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: - GDCDYNVMware20,11696497155p |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: interactivebrokers.comVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe | Binary or memory string: WtvuF+P406voTx9Wltl3E/5lGVHZO7Qh5ejQhhFihjaCUi6MEor4Vj/NhscRXP5vyZCubEizzJAyXtsIMrKDuopDcRMMFbv6vBv6z++TpP7ZBgP1ako6UXVMcir1+swte3aZvpyZd+T7mVpjZqlgwRH3Ayl5z1nbXp6eqzQwKdul+SvLGL+tLe/jPr5yXn5sujJvEz0PvGAL9aK/teXD3kJlu1LvwMFdtjHsCSYee9T7mpKGgbpYqSMjRK1UvNA3tykU |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1373080900.000000000393D000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: AMC password management pageVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Transaction PasswordVMware20,11696497155} |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Change Transaction PasswordVMware20,11696497155^ |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: account.microsoft.com/profileVMware20,11696497155u |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: discord.comVMware20,11696497155f |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: netportal.hdfcbank.comVMware20,11696497155 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: outlook.office365.comVMware20,11696497155t |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: outlook.office.comVMware20,11696497155s |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: www.interactivebrokers.comVMware20,11696497155} |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: www.interactivebrokers.co.inVMware20,11696497155~ |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1372974037.0000000003945000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: microsoft.visualstudio.comVMware20,11696497155x |
Source: LisectAVT_2403002A_236.exe, 00000000.00000002.1463595133.00000000010F5000.00000004.00000010.00020000.00000000.sdmp | String found in binary or memory: 4<d4<d4<Wallets/Electrum-LTC53<C:\Users\user\AppData\Roaming\Electrum-LTC\wallets3p2<%appdata%\Electrum-LTC\wallets<* |
Source: LisectAVT_2403002A_236.exe, 00000000.00000002.1463595133.00000000010F5000.00000004.00000010.00020000.00000000.sdmp | String found in binary or memory: 4<d4<d4<Wallets/ElectronCash53<C:\Users\user\AppData\Roaming\ElectronCash\wallets3p2<%appdata%\ElectronCash\wallets<* |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1461923804.00000000013D4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB |
Source: LisectAVT_2403002A_236.exe, 00000000.00000002.1463595133.00000000010F5000.00000004.00000010.00020000.00000000.sdmp | String found in binary or memory: 1<window-state.json |
Source: LisectAVT_2403002A_236.exe, 00000000.00000002.1463595133.00000000010F5000.00000004.00000010.00020000.00000000.sdmp | String found in binary or memory: 4<d4<d4<Wallets/Exodus<C:\Users\user\AppData\Roaming\Exodus\exodus.wallet3p2<%appdata%\Exodus\exodus.wallet<keystoreC |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1462122491.00000000013C5000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: ExodusWeb3 |
Source: LisectAVT_2403002A_236.exe, 00000000.00000002.1463595133.00000000010F5000.00000004.00000010.00020000.00000000.sdmp | String found in binary or memory: d4<app-store.json<Wallets/BinanceC:\Users\user\AppData\Roaming\Binancep2<%appdata%\Binance mC |
Source: LisectAVT_2403002A_236.exe, 00000000.00000002.1463595133.00000000010F5000.00000004.00000010.00020000.00000000.sdmp | String found in binary or memory: d4<Wallets/Ethereum<_lC |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1461923804.00000000013D4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets |
Source: LisectAVT_2403002A_236.exe, 00000000.00000003.1462122491.00000000013C5000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: keystore |
Source: LisectAVT_2403002A_236.exe, 00000000.00000002.1463595133.00000000010F5000.00000004.00000010.00020000.00000000.sdmp | String found in binary or memory: 4<d4<d4<Wallets/Ledger Live53<C:\Users\user\AppData\Roaming\Ledger Live*p2<%appdata%\Ledger Live |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001 | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\Application Data\Mozilla\Firefox | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\logins.json | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\formhistory.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cert9.db | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\key4.db | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ca4gppea.default\key4.db | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\FENIVHOIKN | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\HTAGVDFUIE | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\MNULNCRIYC | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\PSAMNLJHZW | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\QVTVNIBKSD | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\VAMYDFPUND | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\FACWLRWHGG | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\MNULNCRIYC | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\PSAMNLJHZW | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\QVTVNIBKSD | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\VAMYDFPUND | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\YPSIACHYXW | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\ZBEDCJPBEY | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\ZSSZYEFYMU | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\FACWLRWHGG | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\HTAGVDFUIE | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\PSAMNLJHZW | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\QVTVNIBKSD | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\UMMBDNEQBN | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\VAMYDFPUND | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\ZSSZYEFYMU | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\UMMBDNEQBN | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\UMMBDNEQBN | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\VAMYDFPUND | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\FACWLRWHGG | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\FENIVHOIKN | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\HTAGVDFUIE | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\MNULNCRIYC | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\NHPKIZUUSG | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\PSAMNLJHZW | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\QVTVNIBKSD | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\UMMBDNEQBN | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\VAMYDFPUND | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\YPSIACHYXW | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\ZBEDCJPBEY | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\ZSSZYEFYMU | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\FACWLRWHGG | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\HTAGVDFUIE | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\MNULNCRIYC | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\NHPKIZUUSG | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\PSAMNLJHZW | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\UMMBDNEQBN | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\VAMYDFPUND | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\YPSIACHYXW | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\ZBEDCJPBEY | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\ZSSZYEFYMU | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\FACWLRWHGG | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\FENIVHOIKN | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\HTAGVDFUIE | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\MNULNCRIYC | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\PSAMNLJHZW | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\QVTVNIBKSD | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\UMMBDNEQBN | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\VAMYDFPUND | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\YPSIACHYXW | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\ZBEDCJPBEY | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_236.exe | Directory queried: C:\Users\user\Documents\ZSSZYEFYMU | Jump to behavior |