Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.137.202.152 |
Source: phantomtoolsv2.exe, 00000001.00000003.1895778572.00000210210C0000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1895814243.00000210210C4000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1725699673.00000210210B1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ns.microsoft.t/Regi |
Source: phantomtoolsv2.exe, 00000001.00000003.1896383235.000002101E9B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org/ |
Source: phantomtoolsv2.exe, 00000001.00000003.1743029885.0000021021440000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1743029885.0000021021351000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1743933809.0000021021352000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1743619937.0000021021441000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417. |
Source: phantomtoolsv2.exe, 00000001.00000003.1743619937.0000021021441000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta |
Source: phantomtoolsv2.exe, 00000001.00000003.1743029885.0000021021440000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1743029885.0000021021351000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1743933809.0000021021352000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1743619937.0000021021441000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg |
Source: phantomtoolsv2.exe, 00000001.00000003.1743619937.0000021021441000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
Source: phantomtoolsv2.exe |
String found in binary or memory: https://gcc.gnu.org/bugs/): |
Source: phantomtoolsv2.exe, 00000001.00000003.1743619937.0000021021441000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi |
Source: phantomtoolsv2.exe, 00000001.00000003.1742408396.0000021021295000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1738488858.00000210215FE000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.00000210207DB000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.0000021020708000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1742843881.0000021021461000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.00000210207D3000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.000002102075C000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.0000021020754000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1742843881.0000021021469000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.0000021020700000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1742408396.0000021021209000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1742408396.0000021021211000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org |
Source: phantomtoolsv2.exe, 00000001.00000003.1737482716.0000021020764000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: phantomtoolsv2.exe, 00000001.00000003.1737482716.0000021020764000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF |
Source: phantomtoolsv2.exe, 00000001.00000003.1730304595.0000021021348000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: phantomtoolsv2.exe, 00000001.00000003.1730304595.00000210212D4000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1732301721.0000021021293000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1730304595.00000210212FE000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1730304595.0000021021453000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1732566332.0000021021440000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1730304595.0000021021324000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1730304595.00000210212E5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
Source: phantomtoolsv2.exe, 00000001.00000003.1730304595.0000021021348000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
Source: phantomtoolsv2.exe, 00000001.00000003.1730304595.00000210212D4000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1732301721.0000021021293000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1730304595.00000210212FE000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1730304595.0000021021453000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1732566332.0000021021440000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1730304595.0000021021324000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1730304595.00000210212E5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
Source: phantomtoolsv2.exe, 00000001.00000003.1743619937.0000021021441000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94 |
Source: phantomtoolsv2.exe, 00000001.00000003.1743619937.0000021021441000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219 |
Source: phantomtoolsv2.exe, 00000001.00000003.1742408396.0000021021295000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1738488858.00000210215FE000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.00000210207DB000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.0000021020708000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1742843881.0000021021461000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.00000210207D3000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.000002102075C000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.0000021020754000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1742843881.0000021021469000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.0000021020700000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1742408396.0000021021209000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1742408396.0000021021211000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org |
Source: phantomtoolsv2.exe, 00000001.00000003.1737482716.0000021020764000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2 |
Source: phantomtoolsv2.exe, 00000001.00000003.1737482716.0000021020764000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR |
Source: phantomtoolsv2.exe, 00000001.00000003.1738112892.00000210214D5000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.00000210207E3000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.000002102070F000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1742408396.0000021021219000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.0000021020764000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: phantomtoolsv2.exe, 00000001.00000003.1737482716.0000021020764000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: phantomtoolsv2.exe, 00000001.00000003.1738112892.00000210214D5000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.00000210207E3000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.000002102070F000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1742408396.0000021021219000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1737482716.0000021020764000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 0_2_00007FF7B88046A4 CreateToolhelp32Snapshot,Process32First,Process32Next,NtClose, |
0_2_00007FF7B88046A4 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 0_2_00007FF7B8803060 GetCurrentProcess,NtQueryInformationProcess,GetTempPathA,strlen,strlen,memcpy, |
0_2_00007FF7B8803060 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 0_2_00007FF7B8803C70 GetCurrentProcess,NtQueryInformationProcess,GetTempPathW,wcslen,wcslen,strlen,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wcslen,LdrLoadDll,GetProcAddress,VirtualProtect,LdrUnloadDll, |
0_2_00007FF7B8803C70 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140082030 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize, |
1_2_0000000140082030 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00000001400D06E8 NtAllocateVirtualMemory, |
1_2_00000001400D06E8 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00000001400818F0 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,NtDuplicateObject,GetCurrentProcess,NtDuplicateObject,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle, |
1_2_00000001400818F0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 0_2_00007FF7B88034D0 |
0_2_00007FF7B88034D0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 0_2_00007FF7B8803C70 |
0_2_00007FF7B8803C70 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 0_2_00007FF7B88FC950 |
0_2_00007FF7B88FC950 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 0_2_00007FF7B8825140 |
0_2_00007FF7B8825140 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 0_2_00007FF7B88E7220 |
0_2_00007FF7B88E7220 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 0_2_00007FF7B8806A40 |
0_2_00007FF7B8806A40 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 0_2_00007FF7B88034D0 |
0_2_00007FF7B88034D0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 0_2_00007FF7B8807290 |
0_2_00007FF7B8807290 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 0_2_00007FF7B881DA84 |
0_2_00007FF7B881DA84 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 0_2_00007FF7B8815B20 |
0_2_00007FF7B8815B20 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 0_2_00007FF7B881D367 |
0_2_00007FF7B881D367 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 0_2_00007FF7B881C4A0 |
0_2_00007FF7B881C4A0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 0_2_00007FF7B88264F0 |
0_2_00007FF7B88264F0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014005F140 |
1_2_000000014005F140 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00000001400421C0 |
1_2_00000001400421C0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014007F210 |
1_2_000000014007F210 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014008426B |
1_2_000000014008426B |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00000001400743A0 |
1_2_00000001400743A0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014007E3D0 |
1_2_000000014007E3D0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014002F650 |
1_2_000000014002F650 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140086680 |
1_2_0000000140086680 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014007D6E0 |
1_2_000000014007D6E0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014003B740 |
1_2_000000014003B740 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014003C7E0 |
1_2_000000014003C7E0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00000001400B67F0 |
1_2_00000001400B67F0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140076BA0 |
1_2_0000000140076BA0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014007FBA0 |
1_2_000000014007FBA0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014003ABE0 |
1_2_000000014003ABE0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014009ACF0 |
1_2_000000014009ACF0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140084CF0 |
1_2_0000000140084CF0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014007CDF0 |
1_2_000000014007CDF0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014003CE80 |
1_2_000000014003CE80 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014002EF60 |
1_2_000000014002EF60 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014009DFA0 |
1_2_000000014009DFA0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014006E000 |
1_2_000000014006E000 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014004E000 |
1_2_000000014004E000 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140082030 |
1_2_0000000140082030 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140036050 |
1_2_0000000140036050 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014006B0A0 |
1_2_000000014006B0A0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140092094 |
1_2_0000000140092094 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014007E0B0 |
1_2_000000014007E0B0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00000001400300C6 |
1_2_00000001400300C6 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014006A100 |
1_2_000000014006A100 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014003A110 |
1_2_000000014003A110 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140006180 |
1_2_0000000140006180 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140028200 |
1_2_0000000140028200 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014009E21C |
1_2_000000014009E21C |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014009227C |
1_2_000000014009227C |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00000001400B92E0 |
1_2_00000001400B92E0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00000001400532E0 |
1_2_00000001400532E0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140096300 |
1_2_0000000140096300 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140056340 |
1_2_0000000140056340 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140026340 |
1_2_0000000140026340 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140093344 |
1_2_0000000140093344 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140025350 |
1_2_0000000140025350 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140055360 |
1_2_0000000140055360 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140082380 |
1_2_0000000140082380 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014006A400 |
1_2_000000014006A400 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00000001400A5464 |
1_2_00000001400A5464 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140092464 |
1_2_0000000140092464 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014009C498 |
1_2_000000014009C498 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014006E49A |
1_2_000000014006E49A |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014004C500 |
1_2_000000014004C500 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140062510 |
1_2_0000000140062510 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00000001400705A0 |
1_2_00000001400705A0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140006610 |
1_2_0000000140006610 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00000001400596B0 |
1_2_00000001400596B0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014006A730 |
1_2_000000014006A730 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140066750 |
1_2_0000000140066750 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00000001400907A0 |
1_2_00000001400907A0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014009E7A4 |
1_2_000000014009E7A4 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014009B968 |
1_2_000000014009B968 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00000001400269E0 |
1_2_00000001400269E0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140078A40 |
1_2_0000000140078A40 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014006AA50 |
1_2_000000014006AA50 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140092AAC |
1_2_0000000140092AAC |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140037AAD |
1_2_0000000140037AAD |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00000001400A6ACC |
1_2_00000001400A6ACC |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00000001400BBB80 |
1_2_00000001400BBB80 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014006DBC0 |
1_2_000000014006DBC0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014002FC80 |
1_2_000000014002FC80 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140006D20 |
1_2_0000000140006D20 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014004AD30 |
1_2_000000014004AD30 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014006AD70 |
1_2_000000014006AD70 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140005DB0 |
1_2_0000000140005DB0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014009BE18 |
1_2_000000014009BE18 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014006CE40 |
1_2_000000014006CE40 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140075E70 |
1_2_0000000140075E70 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140072EC0 |
1_2_0000000140072EC0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_000000014009CF18 |
1_2_000000014009CF18 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_0000000140038FB0 |
1_2_0000000140038FB0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00007FF7B88FC950 |
1_2_00007FF7B88FC950 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00007FF7B8806A40 |
1_2_00007FF7B8806A40 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00007FF7B881DA84 |
1_2_00007FF7B881DA84 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00007FF7B8815B20 |
1_2_00007FF7B8815B20 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00007FF7B8803C70 |
1_2_00007FF7B8803C70 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00007FF7B8825140 |
1_2_00007FF7B8825140 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00007FF7B88E7220 |
1_2_00007FF7B88E7220 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00007FF7B8807290 |
1_2_00007FF7B8807290 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00007FF7B881D367 |
1_2_00007FF7B881D367 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00007FF7B881C4A0 |
1_2_00007FF7B881C4A0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00007FF7B88034D0 |
1_2_00007FF7B88034D0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: 1_2_00007FF7B88264F0 |
1_2_00007FF7B88264F0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\PING.EXE |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\PING.EXE |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\System32\PING.EXE |
Section loaded: mswsock.dll |
Jump to behavior |
Source: phantomtoolsv2.exe, 00000001.00000003.1882946764.0000021021351000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: phantomtoolsv2.exe, 00000001.00000003.1726312341.000002101EA10000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000002.1897542352.000002101E9FA000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1896285771.000002101E9FA000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWcP;0 |
Source: phantomtoolsv2.exe, 00000001.00000002.1897542352.000002101E9C0000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1896285771.000002101E9BE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWP |
Source: phantomtoolsv2.exe, 00000001.00000003.1726312341.000002101EA10000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000002.1897542352.000002101E9FA000.00000004.00000020.00020000.00000000.sdmp, phantomtoolsv2.exe, 00000001.00000003.1896285771.000002101E9FA000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: EnumSystemLocalesW, |
1_2_00000001400A409C |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: EnumSystemLocalesW, |
1_2_00000001400A416C |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: EnumSystemLocalesW, |
1_2_0000000140099354 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: GetLocaleInfoW, |
1_2_00000001400D0390 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: GetLocaleInfoEx,FormatMessageA, |
1_2_00000001400B63B0 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
1_2_00000001400A45A8 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
1_2_00000001400A4784 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: GetLocaleInfoW, |
1_2_0000000140099898 |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW, |
1_2_00000001400A3D50 |
Source: phantomtoolsv2.exe, 00000001.00000002.1897429096.000002101E999000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Electrum-LTC\config |
Source: phantomtoolsv2.exe, 00000001.00000002.1897429096.000002101E999000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: ElectronCash\wallets |
Source: phantomtoolsv2.exe, 00000001.00000003.1758154668.0000021023AF4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: "software": "Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzMl0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNDddCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K", |
Source: phantomtoolsv2.exe, 00000001.00000002.1897429096.000002101E999000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Exodus\exodus.wallet |
Source: phantomtoolsv2.exe, 00000001.00000002.1897429096.000002101E999000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Ethereum\keystore |
Source: phantomtoolsv2.exe, 00000001.00000002.1897429096.000002101E999000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Ethereum\keystore |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001 |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\phantomtoolsv2.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data |
Jump to behavior |