Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030EBA2A FindFirstFileExW,FindNextFileW,FindClose, |
0_2_030EBA2A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030EB976 _free,_free,FindFirstFileExW, |
0_2_030EB976 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_004074D6 __EH_prolog3_GS,_memset,_memset,_memset,_memset,lstrcpyW,lstrcatW,lstrcatW,FindFirstFileW,lstrcpyW,lstrcatW,lstrcatW,lstrcpyW,lstrcatW,lstrcatW,lstrcmpW,lstrcmpW,PathMatchSpecW,DeleteFileW,PathMatchSpecW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,lstrcatW,FindNextFileW,FindClose,_memset,_memset,_memset,_memset,_memset,_memset,_memset,_memset,FindClose, |
10_2_004074D6 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_00417856 _sprintf,FindFirstFileA,_sprintf,_memset,_sprintf,GetFileAttributesA,FindNextFileA,FindClose, |
10_2_00417856 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_00407D0D __EH_prolog3_GS,_sprintf,FindFirstFileA,_sprintf,CopyFileA,FindNextFileA,FindClose, |
10_2_00407D0D |
Source: LisectAVT_2403002A_138.exe |
String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: LisectAVT_2403002A_138.exe |
String found in binary or memory: http://s.symcd.com06 |
Source: LisectAVT_2403002A_138.exe |
String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: LisectAVT_2403002A_138.exe |
String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: LisectAVT_2403002A_138.exe |
String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: LisectAVT_2403002A_138.exe |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: LisectAVT_2403002A_138.exe |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: LisectAVT_2403002A_138.exe |
String found in binary or memory: https://d.symcb.com/rpa0. |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013F9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://noc.social |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013F9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://noc.social/ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013F9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://noc.social/5 |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.000000000142F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://noc.social/eQ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013F9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://noc.social; |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.000000000142F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://noc.social~ |
Source: LisectAVT_2403002A_138.exe, 00000000.00000002.1911139518.000000000FF50000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 00000000.00000003.1831985576.0000000011930000.00000040.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013F9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/LI |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.000000000142F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000003.2137596982.0000000001435000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2641641619.00000000012F9000.00000004.00000010.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000003.2176119973.0000000001480000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.0000000001420000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2643040123.0000000002FD0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013F9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/hi20220412 |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013F9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/hi20220412A |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/hi20220412i/ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000003.2137596982.0000000001435000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/hi20220412j |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2643040123.0000000002FD0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.000000000147C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://telegram.org/img/t_logo.png |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000003.2137482736.0000000001435000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2643040123.0000000002FD0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.000000000147C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://web.telegram.org |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 7640, type: MEMORYSTR |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 6128, type: MEMORYSTR |
Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0055A738 |
0_2_0055A738 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0055B0D4 |
0_2_0055B0D4 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0055B096 |
0_2_0055B096 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030A4310 |
0_2_030A4310 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D8310 |
0_2_030D8310 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D4330 |
0_2_030D4330 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DF3B0 |
0_2_030DF3B0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E23C0 |
0_2_030E23C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DB3F0 |
0_2_030DB3F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E33F0 |
0_2_030E33F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E4200 |
0_2_030E4200 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030F023C |
0_2_030F023C |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E0250 |
0_2_030E0250 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DC260 |
0_2_030DC260 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D9140 |
0_2_030D9140 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D51A0 |
0_2_030D51A0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D8000 |
0_2_030D8000 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E1000 |
0_2_030E1000 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E5080 |
0_2_030E5080 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030C2090 |
0_2_030C2090 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DD0A0 |
0_2_030DD0A0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0309E0B0 |
0_2_0309E0B0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D4760 |
0_2_030D4760 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E1770 |
0_2_030E1770 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E5780 |
0_2_030E5780 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DC790 |
0_2_030DC790 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DD7C0 |
0_2_030DD7C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030CE670 |
0_2_030CE670 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D66C0 |
0_2_030D66C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D6500 |
0_2_030D6500 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E2580 |
0_2_030E2580 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DA5F0 |
0_2_030DA5F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DE5F0 |
0_2_030DE5F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030CD410 |
0_2_030CD410 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0308D4E0 |
0_2_0308D4E0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D74F0 |
0_2_030D74F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E3B00 |
0_2_030E3B00 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DFB30 |
0_2_030DFB30 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DEB40 |
0_2_030DEB40 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DBB50 |
0_2_030DBB50 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0308CB90 |
0_2_0308CB90 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D7BC0 |
0_2_030D7BC0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030C1BE0 |
0_2_030C1BE0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D8A20 |
0_2_030D8A20 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D4A80 |
0_2_030D4A80 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E4910 |
0_2_030E4910 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DC940 |
0_2_030DC940 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DF970 |
0_2_030DF970 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DB990 |
0_2_030DB990 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DE9D0 |
0_2_030DE9D0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D9800 |
0_2_030D9800 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D5830 |
0_2_030D5830 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D8860 |
0_2_030D8860 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D48D0 |
0_2_030D48D0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E08E0 |
0_2_030E08E0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D5F70 |
0_2_030D5F70 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D8F80 |
0_2_030D8F80 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D4FE0 |
0_2_030D4FE0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D6E10 |
0_2_030D6E10 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030CEE40 |
0_2_030CEE40 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E1E60 |
0_2_030E1E60 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0308CEC0 |
0_2_0308CEC0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030CDEC0 |
0_2_030CDEC0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030D9EC0 |
0_2_030D9EC0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DDEE0 |
0_2_030DDEE0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E5EE0 |
0_2_030E5EE0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E5D20 |
0_2_030E5D20 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E2CC0 |
0_2_030E2CC0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030DACE0 |
0_2_030DACE0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0308DCF0 |
0_2_0308DCF0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_013A029B |
0_2_013A029B |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_004560FA |
10_2_004560FA |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_0042E147 |
10_2_0042E147 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_00405207 |
10_2_00405207 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_0046B2D8 |
10_2_0046B2D8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_004872D6 |
10_2_004872D6 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_0040F3D6 |
10_2_0040F3D6 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_0047F402 |
10_2_0047F402 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_0041F41C |
10_2_0041F41C |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_00485420 |
10_2_00485420 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_00406439 |
10_2_00406439 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_00420438 |
10_2_00420438 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_004044EB |
10_2_004044EB |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_004494F9 |
10_2_004494F9 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_0046D49B |
10_2_0046D49B |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_0048659E |
10_2_0048659E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_004576C2 |
10_2_004576C2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_0044D6CE |
10_2_0044D6CE |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_004707B0 |
10_2_004707B0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_00485971 |
10_2_00485971 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_0043D9FF |
10_2_0043D9FF |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_00459AAF |
10_2_00459AAF |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_00403CEB |
10_2_00403CEB |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_0046DE6E |
10_2_0046DE6E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_00485EC2 |
10_2_00485EC2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_00404E86 |
10_2_00404E86 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_00440F42 |
10_2_00440F42 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_00432F3F |
10_2_00432F3F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_0041DFEB |
10_2_0041DFEB |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 7640, type: MEMORYSTR |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 6128, type: MEMORYSTR |
Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: LisectAVT_2403002A_138.exe, LisectAVT_2403002A_138.exe, 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence'; |
Source: LisectAVT_2403002A_138.exe, LisectAVT_2403002A_138.exe, 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q); |
Source: LisectAVT_2403002A_138.exe, LisectAVT_2403002A_138.exe, 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0 |
Source: LisectAVT_2403002A_138.exe, LisectAVT_2403002A_138.exe, 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
Source: LisectAVT_2403002A_138.exe, LisectAVT_2403002A_138.exe, 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s; |
Source: LisectAVT_2403002A_138.exe, 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: LisectAVT_2403002A_138.exe, LisectAVT_2403002A_138.exe, 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_0046AD94 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
10_2_0046AD94 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0055A176 push ebp; ret |
0_2_0055A1B0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_00556104 push edx; retf |
0_2_0055610A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0055A1C1 push ebp; ret |
0_2_0055A1B0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_005541BF push edi; iretd |
0_2_005541C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0055955B push 00000059h; iretd |
0_2_00559570 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_00559687 push edx; iretd |
0_2_0055968D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_00557941 push edx; retf |
0_2_00557942 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_00559A57 push esp; ret |
0_2_00559A58 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_00557F5F push FFFFFFE9h; iretd |
0_2_00557F6B |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_00557F2C push ebx; retf |
0_2_00557F31 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0304C303 push ds; ret |
0_2_0304C305 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0304B331 push ecx; iretd |
0_2_0304B333 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_03047387 push ebx; iretd |
0_2_030473CF |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0304A3C6 push FFFFFF8Bh; ret |
0_2_0304A3CF |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0304322E push ebx; iretd |
0_2_03043232 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0304B249 push ecx; iretd |
0_2_0304B24A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0304C25E push edx; iretd |
0_2_0304C264 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030441F4 push ebx; rep ret |
0_2_03044209 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0304A621 push ds; retf |
0_2_0304A622 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0304A446 push edi; ret |
0_2_0304A459 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_03042B4C push FFFFFF8Bh; ret |
0_2_03042B55 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_03043B66 push ecx; iretd |
0_2_03043B68 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_03044B7B push edx; iretd |
0_2_03044B81 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_03042BCC push edi; ret |
0_2_03042BDF |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_03043A7E push ecx; iretd |
0_2_03043A7F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0304AAA8 push ebx; iretd |
0_2_0304AAAC |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_03048ABB push ebp; retf |
0_2_03048ABC |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0304B9BF push ebx; rep ret |
0_2_0304B9D4 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_03042DA7 push ds; retf |
0_2_03042DA8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_03044C20 push ds; ret |
0_2_03044C22 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 9_2_00554C55 push ss; ret |
9_2_00554C5F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_0046AD94 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
10_2_0046AD94 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030EBA2A FindFirstFileExW,FindNextFileW,FindClose, |
0_2_030EBA2A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030EB976 _free,_free,FindFirstFileExW, |
0_2_030EB976 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_004074D6 __EH_prolog3_GS,_memset,_memset,_memset,_memset,lstrcpyW,lstrcatW,lstrcatW,FindFirstFileW,lstrcpyW,lstrcatW,lstrcatW,lstrcpyW,lstrcatW,lstrcatW,lstrcmpW,lstrcmpW,PathMatchSpecW,DeleteFileW,PathMatchSpecW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,lstrcatW,FindNextFileW,FindClose,_memset,_memset,_memset,_memset,_memset,_memset,_memset,_memset,FindClose, |
10_2_004074D6 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_00417856 _sprintf,FindFirstFileA,_sprintf,_memset,_sprintf,GetFileAttributesA,FindNextFileA,FindClose, |
10_2_00417856 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_00407D0D __EH_prolog3_GS,_sprintf,FindFirstFileA,_sprintf,CopyFileA,FindNextFileA,FindClose, |
10_2_00407D0D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_0046AD94 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
10_2_0046AD94 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_0056F2ED SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_0056F2ED |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_00571EC0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00571EC0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030EA299 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_030EA299 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E71CD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_030E71CD |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 0_2_030E6CCC IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_030E6CCC |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_0046F26F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
10_2_0046F26F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: 10_2_004765CD _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
10_2_004765CD |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, |
10_2_0047F0AE |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, |
10_2_0047F16E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, |
10_2_0047F1D5 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s, |
10_2_0047F211 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement, |
10_2_004753F5 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free, |
10_2_0047E5C9 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW, |
10_2_0047D69F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free, |
10_2_0047E8B7 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
10_2_0047D96D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: GetLocaleInfoA, |
10_2_004759F8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea, |
10_2_00483B57 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
10_2_00483C31 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
10_2_0047ECE6 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, |
10_2_0047EDDB |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage, |
10_2_0047EEDD |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe |
Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen, |
10_2_0047EE82 |
Source: Yara match |
File source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 7640, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 6128, type: MEMORYSTR |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Electrum |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: ElectronCash |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: \Electrum\wallets\ |
Source: LisectAVT_2403002A_138.exe, 00000000.00000002.1911139518.000000000FF50000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: JaxxLib |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: window-state.json |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: exodus.conf.json |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: \Exodus\ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: info.seco |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: ElectrumLTC |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: passphrase.json |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: \jaxx\Local Storage\ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: \Ethereum\ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: \Exodus\ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Ethereum" |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: default_wallet |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: file__0.localstorage |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: \Coinomi\Coinomi\wallets\ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: MultiDoge |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: \Exodus\exodus.wallet\ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: seed.seco |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: keystore |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: \Electrum-LTC\wallets\ |
Source: Yara match |
File source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 7640, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 6128, type: MEMORYSTR |
Source: Yara match |
File source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 7640, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 6128, type: MEMORYSTR |