Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030EBA2A FindFirstFileExW,FindNextFileW,FindClose, | 0_2_030EBA2A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030EB976 _free,_free,FindFirstFileExW, | 0_2_030EB976 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_004074D6 __EH_prolog3_GS,_memset,_memset,_memset,_memset,lstrcpyW,lstrcatW,lstrcatW,FindFirstFileW,lstrcpyW,lstrcatW,lstrcatW,lstrcpyW,lstrcatW,lstrcatW,lstrcmpW,lstrcmpW,PathMatchSpecW,DeleteFileW,PathMatchSpecW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,lstrcatW,FindNextFileW,FindClose,_memset,_memset,_memset,_memset,_memset,_memset,_memset,_memset,FindClose, | 10_2_004074D6 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_00417856 _sprintf,FindFirstFileA,_sprintf,_memset,_sprintf,GetFileAttributesA,FindNextFileA,FindClose, | 10_2_00417856 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_00407D0D __EH_prolog3_GS,_sprintf,FindFirstFileA,_sprintf,CopyFileA,FindNextFileA,FindClose, | 10_2_00407D0D |
Source: LisectAVT_2403002A_138.exe | String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: LisectAVT_2403002A_138.exe | String found in binary or memory: http://s.symcd.com06 |
Source: LisectAVT_2403002A_138.exe | String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: LisectAVT_2403002A_138.exe | String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: LisectAVT_2403002A_138.exe | String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: LisectAVT_2403002A_138.exe | String found in binary or memory: https://d.symcb.com/cps0% |
Source: LisectAVT_2403002A_138.exe | String found in binary or memory: https://d.symcb.com/rpa0 |
Source: LisectAVT_2403002A_138.exe | String found in binary or memory: https://d.symcb.com/rpa0. |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013F9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://noc.social |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013F9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://noc.social/ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013F9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://noc.social/5 |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.000000000142F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://noc.social/eQ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013F9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://noc.social; |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.000000000142F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://noc.social~ |
Source: LisectAVT_2403002A_138.exe, 00000000.00000002.1911139518.000000000FF50000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 00000000.00000003.1831985576.0000000011930000.00000040.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013F9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/LI |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.000000000142F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000003.2137596982.0000000001435000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2641641619.00000000012F9000.00000004.00000010.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000003.2176119973.0000000001480000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.0000000001420000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2643040123.0000000002FD0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013F9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/hi20220412 |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013F9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/hi20220412A |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/hi20220412i/ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000003.2137596982.0000000001435000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/hi20220412j |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2643040123.0000000002FD0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.000000000147C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://telegram.org/img/t_logo.png |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000003.2137482736.0000000001435000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2643040123.0000000002FD0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.000000000147C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://web.telegram.org |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE | Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE | Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen |
Source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Vidar / ArkeiStealer Author: ditekSHen |
Source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 7640, type: MEMORYSTR | Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 6128, type: MEMORYSTR | Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0055A738 | 0_2_0055A738 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0055B0D4 | 0_2_0055B0D4 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0055B096 | 0_2_0055B096 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030A4310 | 0_2_030A4310 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D8310 | 0_2_030D8310 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D4330 | 0_2_030D4330 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DF3B0 | 0_2_030DF3B0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E23C0 | 0_2_030E23C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DB3F0 | 0_2_030DB3F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E33F0 | 0_2_030E33F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E4200 | 0_2_030E4200 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030F023C | 0_2_030F023C |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E0250 | 0_2_030E0250 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DC260 | 0_2_030DC260 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D9140 | 0_2_030D9140 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D51A0 | 0_2_030D51A0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D8000 | 0_2_030D8000 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E1000 | 0_2_030E1000 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E5080 | 0_2_030E5080 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030C2090 | 0_2_030C2090 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DD0A0 | 0_2_030DD0A0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0309E0B0 | 0_2_0309E0B0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D4760 | 0_2_030D4760 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E1770 | 0_2_030E1770 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E5780 | 0_2_030E5780 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DC790 | 0_2_030DC790 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DD7C0 | 0_2_030DD7C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030CE670 | 0_2_030CE670 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D66C0 | 0_2_030D66C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D6500 | 0_2_030D6500 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E2580 | 0_2_030E2580 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DA5F0 | 0_2_030DA5F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DE5F0 | 0_2_030DE5F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030CD410 | 0_2_030CD410 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0308D4E0 | 0_2_0308D4E0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D74F0 | 0_2_030D74F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E3B00 | 0_2_030E3B00 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DFB30 | 0_2_030DFB30 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DEB40 | 0_2_030DEB40 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DBB50 | 0_2_030DBB50 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0308CB90 | 0_2_0308CB90 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D7BC0 | 0_2_030D7BC0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030C1BE0 | 0_2_030C1BE0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D8A20 | 0_2_030D8A20 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D4A80 | 0_2_030D4A80 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E4910 | 0_2_030E4910 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DC940 | 0_2_030DC940 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DF970 | 0_2_030DF970 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DB990 | 0_2_030DB990 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DE9D0 | 0_2_030DE9D0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D9800 | 0_2_030D9800 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D5830 | 0_2_030D5830 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D8860 | 0_2_030D8860 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D48D0 | 0_2_030D48D0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E08E0 | 0_2_030E08E0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D5F70 | 0_2_030D5F70 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D8F80 | 0_2_030D8F80 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D4FE0 | 0_2_030D4FE0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D6E10 | 0_2_030D6E10 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030CEE40 | 0_2_030CEE40 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E1E60 | 0_2_030E1E60 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0308CEC0 | 0_2_0308CEC0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030CDEC0 | 0_2_030CDEC0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030D9EC0 | 0_2_030D9EC0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DDEE0 | 0_2_030DDEE0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E5EE0 | 0_2_030E5EE0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E5D20 | 0_2_030E5D20 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E2CC0 | 0_2_030E2CC0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030DACE0 | 0_2_030DACE0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0308DCF0 | 0_2_0308DCF0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_013A029B | 0_2_013A029B |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_004560FA | 10_2_004560FA |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_0042E147 | 10_2_0042E147 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_00405207 | 10_2_00405207 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_0046B2D8 | 10_2_0046B2D8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_004872D6 | 10_2_004872D6 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_0040F3D6 | 10_2_0040F3D6 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_0047F402 | 10_2_0047F402 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_0041F41C | 10_2_0041F41C |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_00485420 | 10_2_00485420 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_00406439 | 10_2_00406439 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_00420438 | 10_2_00420438 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_004044EB | 10_2_004044EB |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_004494F9 | 10_2_004494F9 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_0046D49B | 10_2_0046D49B |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_0048659E | 10_2_0048659E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_004576C2 | 10_2_004576C2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_0044D6CE | 10_2_0044D6CE |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_004707B0 | 10_2_004707B0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_00485971 | 10_2_00485971 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_0043D9FF | 10_2_0043D9FF |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_00459AAF | 10_2_00459AAF |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_00403CEB | 10_2_00403CEB |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_0046DE6E | 10_2_0046DE6E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_00485EC2 | 10_2_00485EC2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_00404E86 | 10_2_00404E86 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_00440F42 | 10_2_00440F42 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_00432F3F | 10_2_00432F3F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_0041DFEB | 10_2_0041DFEB |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks |
Source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Vidar author = ditekSHen, description = Detects Vidar / ArkeiStealer |
Source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 7640, type: MEMORYSTR | Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 6128, type: MEMORYSTR | Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23 |
Source: LisectAVT_2403002A_138.exe, LisectAVT_2403002A_138.exe, 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp | Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence'; |
Source: LisectAVT_2403002A_138.exe, LisectAVT_2403002A_138.exe, 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp | Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q); |
Source: LisectAVT_2403002A_138.exe, LisectAVT_2403002A_138.exe, 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp | Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0 |
Source: LisectAVT_2403002A_138.exe, LisectAVT_2403002A_138.exe, 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp | Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
Source: LisectAVT_2403002A_138.exe, LisectAVT_2403002A_138.exe, 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp | Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s; |
Source: LisectAVT_2403002A_138.exe, 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_138.exe, 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp | Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: LisectAVT_2403002A_138.exe, LisectAVT_2403002A_138.exe, 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp | Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_0046AD94 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, | 10_2_0046AD94 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0055A176 push ebp; ret | 0_2_0055A1B0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_00556104 push edx; retf | 0_2_0055610A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0055A1C1 push ebp; ret | 0_2_0055A1B0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_005541BF push edi; iretd | 0_2_005541C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0055955B push 00000059h; iretd | 0_2_00559570 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_00559687 push edx; iretd | 0_2_0055968D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_00557941 push edx; retf | 0_2_00557942 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_00559A57 push esp; ret | 0_2_00559A58 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_00557F5F push FFFFFFE9h; iretd | 0_2_00557F6B |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_00557F2C push ebx; retf | 0_2_00557F31 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0304C303 push ds; ret | 0_2_0304C305 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0304B331 push ecx; iretd | 0_2_0304B333 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_03047387 push ebx; iretd | 0_2_030473CF |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0304A3C6 push FFFFFF8Bh; ret | 0_2_0304A3CF |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0304322E push ebx; iretd | 0_2_03043232 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0304B249 push ecx; iretd | 0_2_0304B24A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0304C25E push edx; iretd | 0_2_0304C264 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030441F4 push ebx; rep ret | 0_2_03044209 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0304A621 push ds; retf | 0_2_0304A622 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0304A446 push edi; ret | 0_2_0304A459 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_03042B4C push FFFFFF8Bh; ret | 0_2_03042B55 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_03043B66 push ecx; iretd | 0_2_03043B68 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_03044B7B push edx; iretd | 0_2_03044B81 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_03042BCC push edi; ret | 0_2_03042BDF |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_03043A7E push ecx; iretd | 0_2_03043A7F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0304AAA8 push ebx; iretd | 0_2_0304AAAC |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_03048ABB push ebp; retf | 0_2_03048ABC |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0304B9BF push ebx; rep ret | 0_2_0304B9D4 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_03042DA7 push ds; retf | 0_2_03042DA8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_03044C20 push ds; ret | 0_2_03044C22 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 9_2_00554C55 push ss; ret | 9_2_00554C5F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_0046AD94 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, | 10_2_0046AD94 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030EBA2A FindFirstFileExW,FindNextFileW,FindClose, | 0_2_030EBA2A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030EB976 _free,_free,FindFirstFileExW, | 0_2_030EB976 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_004074D6 __EH_prolog3_GS,_memset,_memset,_memset,_memset,lstrcpyW,lstrcatW,lstrcatW,FindFirstFileW,lstrcpyW,lstrcatW,lstrcatW,lstrcpyW,lstrcatW,lstrcatW,lstrcmpW,lstrcmpW,PathMatchSpecW,DeleteFileW,PathMatchSpecW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,lstrcatW,FindNextFileW,FindClose,_memset,_memset,_memset,_memset,_memset,_memset,_memset,_memset,FindClose, | 10_2_004074D6 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_00417856 _sprintf,FindFirstFileA,_sprintf,_memset,_sprintf,GetFileAttributesA,FindNextFileA,FindClose, | 10_2_00417856 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_00407D0D __EH_prolog3_GS,_sprintf,FindFirstFileA,_sprintf,CopyFileA,FindNextFileA,FindClose, | 10_2_00407D0D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_0046AD94 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, | 10_2_0046AD94 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_0056F2ED SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 0_2_0056F2ED |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_00571EC0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_00571EC0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030EA299 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_030EA299 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E71CD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 0_2_030E71CD |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 0_2_030E6CCC IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_030E6CCC |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_0046F26F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 10_2_0046F26F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: 10_2_004765CD _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 10_2_004765CD |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, | 10_2_0047F0AE |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, | 10_2_0047F16E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, | 10_2_0047F1D5 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s, | 10_2_0047F211 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement, | 10_2_004753F5 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free, | 10_2_0047E5C9 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW, | 10_2_0047D69F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free, | 10_2_0047E8B7 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, | 10_2_0047D96D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: GetLocaleInfoA, | 10_2_004759F8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea, | 10_2_00483B57 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, | 10_2_00483C31 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 10_2_0047ECE6 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, | 10_2_0047EDDB |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage, | 10_2_0047EEDD |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_138.exe | Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen, | 10_2_0047EE82 |
Source: Yara match | File source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 7640, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 6128, type: MEMORYSTR |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: Electrum |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: ElectronCash |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: \Electrum\wallets\ |
Source: LisectAVT_2403002A_138.exe, 00000000.00000002.1911139518.000000000FF50000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: JaxxLib |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: window-state.json |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: exodus.conf.json |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: \Exodus\ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: info.seco |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: ElectrumLTC |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: passphrase.json |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: \jaxx\Local Storage\ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: \Ethereum\ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: \Exodus\ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: Ethereum" |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: default_wallet |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: file__0.localstorage |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: \Coinomi\Coinomi\wallets\ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: MultiDoge |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: \Exodus\exodus.wallet\ |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: seed.seco |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: keystore |
Source: LisectAVT_2403002A_138.exe, 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: \Electrum-LTC\wallets\ |
Source: Yara match | File source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0000000A.00000002.2641697890.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 7640, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 6128, type: MEMORYSTR |
Source: Yara match | File source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.LisectAVT_2403002A_138.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.LisectAVT_2403002A_138.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.LisectAVT_2403002A_138.exe.11b40000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.3.LisectAVT_2403002A_138.exe.11930000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0000000A.00000002.2640894838.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.1904476430.0000000011B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000003.1904629214.0000000011930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 7640, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: LisectAVT_2403002A_138.exe PID: 6128, type: MEMORYSTR |