Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: INSERT_KEY_HERE |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetProcAddress |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: LoadLibraryA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: lstrcatA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: OpenEventA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CreateEventA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CloseHandle |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Sleep |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetUserDefaultLangID |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: VirtualAllocExNuma |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: VirtualFree |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetSystemInfo |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: VirtualAlloc |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: HeapAlloc |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetComputerNameA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: lstrcpyA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetProcessHeap |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetCurrentProcess |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: lstrlenA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: ExitProcess |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GlobalMemoryStatusEx |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetSystemTime |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: SystemTimeToFileTime |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: advapi32.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: gdi32.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: user32.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: crypt32.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: ntdll.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetUserNameA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CreateDCA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetDeviceCaps |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: ReleaseDC |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CryptStringToBinaryA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: sscanf |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: VMwareVMware |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: HAL9TH |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: JohnDoe |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: DISPLAY |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: %hu/%hu/%hu |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: https://shaffatta.com |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: /fdca69ae739b4897.php |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: /d32e011d2eaa85a0/ |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Install_2 |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetEnvironmentVariableA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetFileAttributesA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GlobalLock |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: HeapFree |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetFileSize |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GlobalSize |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CreateToolhelp32Snapshot |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: IsWow64Process |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Process32Next |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetLocalTime |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: FreeLibrary |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetTimeZoneInformation |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetSystemPowerStatus |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetVolumeInformationA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetWindowsDirectoryA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Process32First |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetLocaleInfoA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetUserDefaultLocaleName |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetModuleFileNameA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: DeleteFileA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: FindNextFileA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: LocalFree |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: FindClose |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: SetEnvironmentVariableA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: LocalAlloc |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetFileSizeEx |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: ReadFile |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: SetFilePointer |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: WriteFile |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CreateFileA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: FindFirstFileA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CopyFileA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: VirtualProtect |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetLogicalProcessorInformationEx |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetLastError |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: lstrcpynA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: MultiByteToWideChar |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GlobalFree |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: WideCharToMultiByte |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GlobalAlloc |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: OpenProcess |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: TerminateProcess |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetCurrentProcessId |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: gdiplus.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: ole32.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: bcrypt.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: wininet.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: shlwapi.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: shell32.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: psapi.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: rstrtmgr.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CreateCompatibleBitmap |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: SelectObject |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: BitBlt |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: DeleteObject |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CreateCompatibleDC |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GdipGetImageEncodersSize |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GdipGetImageEncoders |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GdipCreateBitmapFromHBITMAP |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GdiplusStartup |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GdiplusShutdown |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GdipSaveImageToStream |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GdipDisposeImage |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GdipFree |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetHGlobalFromStream |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CreateStreamOnHGlobal |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CoUninitialize |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CoInitialize |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CoCreateInstance |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: BCryptGenerateSymmetricKey |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: BCryptCloseAlgorithmProvider |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: BCryptDecrypt |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: BCryptSetProperty |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: BCryptDestroyKey |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: BCryptOpenAlgorithmProvider |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetWindowRect |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetDesktopWindow |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetDC |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CloseWindow |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: wsprintfA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: EnumDisplayDevicesA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetKeyboardLayoutList |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CharToOemW |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: wsprintfW |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: RegQueryValueExA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: RegEnumKeyExA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: RegOpenKeyExA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: RegCloseKey |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: RegEnumValueA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CryptBinaryToStringA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CryptUnprotectData |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: SHGetFolderPathA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: ShellExecuteExA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: InternetOpenUrlA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: InternetConnectA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: InternetCloseHandle |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: InternetOpenA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: HttpSendRequestA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: HttpOpenRequestA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: InternetReadFile |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: InternetCrackUrlA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: StrCmpCA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: StrStrA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: StrCmpCW |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: PathMatchSpecA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: GetModuleFileNameExA |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: RmStartSession |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: RmRegisterResources |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: RmGetList |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: RmEndSession |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: sqlite3_open |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: sqlite3_prepare_v2 |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: sqlite3_step |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: sqlite3_column_text |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: sqlite3_finalize |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: sqlite3_close |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: sqlite3_column_bytes |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: sqlite3_column_blob |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: encrypted_key |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: PATH |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: C:\ProgramData\nss3.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: NSS_Init |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: NSS_Shutdown |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: PK11_GetInternalKeySlot |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: PK11_FreeSlot |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: PK11_Authenticate |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: PK11SDR_Decrypt |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: C:\ProgramData\ |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: SELECT origin_url, username_value, password_value FROM logins |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: browser: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: profile: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: url: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: login: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: password: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Opera |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: OperaGX |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Network |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: cookies |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: .txt |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: TRUE |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: FALSE |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: autofill |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: SELECT name, value FROM autofill |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: history |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: SELECT url FROM urls LIMIT 1000 |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: name: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: month: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: year: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: card: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Cookies |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Login Data |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Web Data |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: History |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: logins.json |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: formSubmitURL |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: usernameField |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: encryptedUsername |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: encryptedPassword |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: guid |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: SELECT fieldname, value FROM moz_formhistory |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: SELECT url FROM moz_places LIMIT 1000 |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: cookies.sqlite |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: formhistory.sqlite |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: places.sqlite |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: plugins |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Local Extension Settings |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Sync Extension Settings |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: IndexedDB |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Opera Stable |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Opera GX Stable |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: CURRENT |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: chrome-extension_ |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: _0.indexeddb.leveldb |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Local State |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: profiles.ini |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: chrome |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: opera |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: firefox |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: wallets |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: %08lX%04lX%lu |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: ProductName |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: %d/%d/%d %d:%d:%d |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0 |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: ProcessorNameString |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: DisplayName |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: DisplayVersion |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Network Info: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - IP: IP? |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - Country: ISO? |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: System Summary: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - HWID: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - OS: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - Architecture: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - UserName: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - Computer Name: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - Local Time: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - UTC: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - Language: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - Keyboards: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - Laptop: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - Running Path: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - CPU: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - Threads: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - Cores: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - RAM: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - Display Resolution: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: - GPU: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: User Agents: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Installed Apps: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: All Users: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Current User: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Process List: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: system_info.txt |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: freebl3.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: mozglue.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: msvcp140.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: nss3.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: softokn3.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: vcruntime140.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: \Temp\ |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: .exe |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: runas |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: open |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: /c start |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: %DESKTOP% |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: %APPDATA% |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: %LOCALAPPDATA% |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: %USERPROFILE% |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: %DOCUMENTS% |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: %PROGRAMFILES% |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: %PROGRAMFILES_86% |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: %RECENT% |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: *.lnk |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: files |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: \discord\ |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: \Local Storage\leveldb\CURRENT |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: \Local Storage\leveldb |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: \Telegram Desktop\ |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: key_datas |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: D877F783D5D3EF8C* |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: map* |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: A7FDF864FBC10B77* |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: A92DAA6EA6F891F2* |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: F8806DD0C461824F* |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Telegram |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: *.tox |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: *.ini |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Password |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\ |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\ |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\ |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\ |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\ |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: 00000001 |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: 00000002 |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: 00000003 |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: 00000004 |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: \Outlook\accounts.txt |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Pidgin |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: \.purple\ |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: accounts.xml |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: dQw4w9WgXcQ |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: token: |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Software\Valve\Steam |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: SteamPath |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: \config\ |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: ssfn* |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: config.vdf |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: DialogConfig.vdf |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: DialogConfigOverlay*.vdf |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: libraryfolders.vdf |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: loginusers.vdf |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: \Steam\ |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: sqlite3.dll |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: browsers |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: done |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: soft |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: \Discord\tokens.txt |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: /c timeout /t 5 & del /f /q " |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: " & del "C:\ProgramData\*.dll"" & exit |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: C:\Windows\system32\cmd.exe |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: https |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Content-Type: multipart/form-data; boundary=---- |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: POST |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: HTTP/1.1 |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: Content-Disposition: form-data; name=" |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: hwid |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: build |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: token |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: file_name |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: file |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: message |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 |
Source: 0.2.Wb9LZ5Sn1l.exe.400000.0.unpack |
String decryptor: screenshot.jpg |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0N |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: Amcache.hve.6.dr |
String found in binary or memory: http://upx.sf.net |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: Wb9LZ5Sn1l.exe, Wb9LZ5Sn1l.exe, 00000000.00000002.3137541385.000000006CCDD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr |
String found in binary or memory: http://www.mozilla.com/en-US/blocklist/ |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125972601.000000001D4D4000.00000004.00000020.00020000.00000000.sdmp, Wb9LZ5Sn1l.exe, 00000000.00000002.3137426070.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.sqlite.org/copyright.html. |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2384835774.000000001D3F0000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2384835774.000000001D3F0000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2384835774.000000001D3F0000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2384835774.000000001D3F0000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2384835774.000000001D3F0000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2384835774.000000001D3F0000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2384835774.000000001D3F0000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: https://mozilla.org0/ |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114054279.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2384626104.0000000002C41000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/ |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/#f |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2375217117.0000000002C44000.00000004.00000020.00020000.00000000.sdmp, Wb9LZ5Sn1l.exe, 00000000.00000003.2363931661.0000000002C44000.00000004.00000020.00020000.00000000.sdmp, Wb9LZ5Sn1l.exe, 00000000.00000003.2384626104.0000000002C41000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com// |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/32e011d2eaa85a0/nss3.dllufE |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/AECFCAAEBFHIEHDGHDHCBA9fy |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/AECFCAAEBFHIEHDGHDHCBAxf6 |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2375217117.0000000002C44000.00000004.00000020.00020000.00000000.sdmp, Wb9LZ5Sn1l.exe, 00000000.00000003.2363931661.0000000002C44000.00000004.00000020.00020000.00000000.sdmp, Wb9LZ5Sn1l.exe, 00000000.00000003.2384626104.0000000002C41000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/D |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/Kf |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp, Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D428000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/freebl3.dll |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/mozglue.dll |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/mozglue.dllb |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/msvcp140.dll |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/msvcp140.dllF |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002BF4000.00000004.00000020.00020000.00000000.sdmp, Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/nss3.dll |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/nss3.dllDg2 |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/softokn3.dll |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/softokn3.dllt |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp, Wb9LZ5Sn1l.exe, 00000000.00000003.2363931661.0000000002C44000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/sqlite3.dll |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/sqlite3.dllf?6 |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C2A000.00000004.00000020.00020000.00000000.sdmp, Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/vcruntime140.dll |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/vcruntime140.dlljd |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fatta.com/ |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fatta.com/32e011d2eaa85a0/nss3.dll |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fatta.com/32e011d2eaa85a0/nss3.dllbfP |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fatta.com/d32e011d2eaa85a0/nss3.dll |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fatta.com/ia |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fatta.com/uments |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2375217117.0000000002C44000.00000004.00000020.00020000.00000000.sdmp, Wb9LZ5Sn1l.exe, 00000000.00000003.2363931661.0000000002C44000.00000004.00000020.00020000.00000000.sdmp, Wb9LZ5Sn1l.exe, 00000000.00000003.2384626104.0000000002C41000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.php |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2375217117.0000000002C44000.00000004.00000020.00020000.00000000.sdmp, Wb9LZ5Sn1l.exe, 00000000.00000003.2363931661.0000000002C44000.00000004.00000020.00020000.00000000.sdmp, Wb9LZ5Sn1l.exe, 00000000.00000003.2384626104.0000000002C41000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.php& |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.php) |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.php4n |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2375217117.0000000002C44000.00000004.00000020.00020000.00000000.sdmp, Wb9LZ5Sn1l.exe, 00000000.00000003.2384626104.0000000002C41000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpV |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2375217117.0000000002C44000.00000004.00000020.00020000.00000000.sdmp, Wb9LZ5Sn1l.exe, 00000000.00000003.2384626104.0000000002C41000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpX |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpdf75cd1f19e4e3ce5d0897b354e44 |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2375217117.0000000002C44000.00000004.00000020.00020000.00000000.sdmp, Wb9LZ5Sn1l.exe, 00000000.00000003.2363931661.0000000002C44000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpe |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C2A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpft |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C2A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpindows |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpl- |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpm |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpu- |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/ia |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/ost: |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/qC |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D49F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/uments |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114054279.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com0 |
Source: DAECAECFCAAEBFHIEHDGHDHCBA.0.dr |
String found in binary or memory: https://support.mozilla.org |
Source: DAECAECFCAAEBFHIEHDGHDHCBA.0.dr |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: DAECAECFCAAEBFHIEHDGHDHCBA.0.dr |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2384835774.000000001D3F0000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2384835774.000000001D3F0000.00000004.00000020.00020000.00000000.sdmp, IDAAFBGD.0.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: DAECAECFCAAEBFHIEHDGHDHCBA.0.dr |
String found in binary or memory: https://www.mozilla.org |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.mozilla.org/about/ |
Source: DAECAECFCAAEBFHIEHDGHDHCBA.0.dr |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/ |
Source: DAECAECFCAAEBFHIEHDGHDHCBA.0.dr |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6 |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2556192247.000000002F975000.00000004.00000020.00020000.00000000.sdmp, DAECAECFCAAEBFHIEHDGHDHCBA.0.dr |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: DAECAECFCAAEBFHIEHDGHDHCBA.0.dr |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2556192247.000000002F975000.00000004.00000020.00020000.00000000.sdmp, DAECAECFCAAEBFHIEHDGHDHCBA.0.dr |
String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/ |
Source: Wb9LZ5Sn1l.exe, 00000000.00000003.2556192247.000000002F975000.00000004.00000020.00020000.00000000.sdmp, DAECAECFCAAEBFHIEHDGHDHCBA.0.dr |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49744 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49743 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49742 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49741 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49740 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49743 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49746 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49720 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49739 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49738 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49717 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49737 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49736 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49735 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49734 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49733 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49732 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49731 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49730 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49732 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49711 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49728 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49749 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49763 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49729 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49752 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49728 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49714 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49727 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49725 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49735 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49724 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49723 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49722 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49721 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49720 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49731 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49712 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49729 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49748 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49760 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49719 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49718 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49751 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49717 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49716 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49714 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49713 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49712 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49711 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49757 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49734 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49709 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49710 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49740 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49723 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49709 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49754 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49737 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49733 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49710 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49727 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49762 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49713 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49736 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49759 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49753 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49724 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49742 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49721 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49718 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49739 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49756 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49758 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49764 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49763 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49762 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49761 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49760 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49725 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49741 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49764 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49719 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49722 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49759 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49758 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49757 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49738 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49755 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49756 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49755 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49754 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49753 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49752 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49730 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49751 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49750 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49761 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49747 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49744 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49716 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49750 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49749 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49748 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49747 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49746 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49745 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC764C0 |
0_2_6CC764C0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC8D4D0 |
0_2_6CC8D4D0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC6D4E0 |
0_2_6CC6D4E0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCA6CF0 |
0_2_6CCA6CF0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC76C80 |
0_2_6CC76C80 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCC34A0 |
0_2_6CCC34A0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCCC4A0 |
0_2_6CCCC4A0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC75440 |
0_2_6CC75440 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCD545C |
0_2_6CCD545C |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCDAC00 |
0_2_6CCDAC00 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCA5C10 |
0_2_6CCA5C10 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCB2C10 |
0_2_6CCB2C10 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCD542B |
0_2_6CCD542B |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCA0DD0 |
0_2_6CCA0DD0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCC85F0 |
0_2_6CCC85F0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC635A0 |
0_2_6CC635A0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC7FD00 |
0_2_6CC7FD00 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC8ED10 |
0_2_6CC8ED10 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC90512 |
0_2_6CC90512 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCD76E3 |
0_2_6CCD76E3 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC6BEF0 |
0_2_6CC6BEF0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC7FEF0 |
0_2_6CC7FEF0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCCE680 |
0_2_6CCCE680 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC85E90 |
0_2_6CC85E90 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCC4EA0 |
0_2_6CCC4EA0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCB2E4E |
0_2_6CCB2E4E |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC84640 |
0_2_6CC84640 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC89E50 |
0_2_6CC89E50 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCA3E50 |
0_2_6CCA3E50 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCD6E63 |
0_2_6CCD6E63 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC6C670 |
0_2_6CC6C670 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCB5600 |
0_2_6CCB5600 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCA7E10 |
0_2_6CCA7E10 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCC9E30 |
0_2_6CCC9E30 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC6DFE0 |
0_2_6CC6DFE0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC96FF0 |
0_2_6CC96FF0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCB77A0 |
0_2_6CCB77A0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC79F00 |
0_2_6CC79F00 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCA7710 |
0_2_6CCA7710 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCD50C7 |
0_2_6CCD50C7 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC8C0E0 |
0_2_6CC8C0E0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCA58E0 |
0_2_6CCA58E0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC960A0 |
0_2_6CC960A0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC88850 |
0_2_6CC88850 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC8D850 |
0_2_6CC8D850 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCAF070 |
0_2_6CCAF070 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC77810 |
0_2_6CC77810 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCAB820 |
0_2_6CCAB820 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCB4820 |
0_2_6CCB4820 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCA5190 |
0_2_6CCA5190 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCC2990 |
0_2_6CCC2990 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC6C9A0 |
0_2_6CC6C9A0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC9D9B0 |
0_2_6CC9D9B0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC8A940 |
0_2_6CC8A940 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC7D960 |
0_2_6CC7D960 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCBB970 |
0_2_6CCBB970 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCDB170 |
0_2_6CCDB170 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCA8AC0 |
0_2_6CCA8AC0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC81AF0 |
0_2_6CC81AF0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCAE2F0 |
0_2_6CCAE2F0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCDBA90 |
0_2_6CCDBA90 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC622A0 |
0_2_6CC622A0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC94AA0 |
0_2_6CC94AA0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC7CAB0 |
0_2_6CC7CAB0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCD2AB0 |
0_2_6CCD2AB0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCA9A60 |
0_2_6CCA9A60 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCD53C8 |
0_2_6CCD53C8 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC6F380 |
0_2_6CC6F380 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC65340 |
0_2_6CC65340 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CC7C370 |
0_2_6CC7C370 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CCAD320 |
0_2_6CCAD320 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD6ECD0 |
0_2_6CD6ECD0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD0ECC0 |
0_2_6CD0ECC0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD1AC60 |
0_2_6CD1AC60 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDD6C00 |
0_2_6CDD6C00 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDEAC30 |
0_2_6CDEAC30 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CE9CDC0 |
0_2_6CE9CDC0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDA6D90 |
0_2_6CDA6D90 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD14DB0 |
0_2_6CD14DB0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDDED70 |
0_2_6CDDED70 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CE3AD50 |
0_2_6CE3AD50 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CE98D20 |
0_2_6CE98D20 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD1AEC0 |
0_2_6CD1AEC0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDB0EC0 |
0_2_6CDB0EC0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD96E90 |
0_2_6CD96E90 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDAEE70 |
0_2_6CDAEE70 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDF0E20 |
0_2_6CDF0E20 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDEEFF0 |
0_2_6CDEEFF0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD10FE0 |
0_2_6CD10FE0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CE58FB0 |
0_2_6CE58FB0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD1EFB0 |
0_2_6CD1EFB0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD7EF40 |
0_2_6CD7EF40 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDD2F70 |
0_2_6CDD2F70 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD16F10 |
0_2_6CD16F10 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CE50F20 |
0_2_6CE50F20 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CE168E0 |
0_2_6CE168E0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDE4840 |
0_2_6CDE4840 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD60820 |
0_2_6CD60820 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD9A820 |
0_2_6CD9A820 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CE2C9E0 |
0_2_6CE2C9E0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD449F0 |
0_2_6CD449F0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDD09B0 |
0_2_6CDD09B0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDA09A0 |
0_2_6CDA09A0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDCA9A0 |
0_2_6CDCA9A0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD48960 |
0_2_6CD48960 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD66900 |
0_2_6CD66900 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD8EA80 |
0_2_6CD8EA80 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD8CA70 |
0_2_6CD8CA70 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDBEA00 |
0_2_6CDBEA00 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDC8A30 |
0_2_6CDC8A30 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CE16BE0 |
0_2_6CE16BE0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDB0BA0 |
0_2_6CDB0BA0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CD564D0 |
0_2_6CD564D0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CDAA4D0 |
0_2_6CDAA4D0 |
Source: C:\Users\user\Desktop\Wb9LZ5Sn1l.exe |
Code function: 0_2_6CE3A480 |
0_2_6CE3A480 |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C2A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: C:\Users\user\AppData\Roaming\\Electrum-LTC\wallets\\*.* |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: |1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: |1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3125781608.000000001D3D0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: C:\Users\user\AppData\Roaming\\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\*.* |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C2A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\\window-state.json* |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: |1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C2A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\\window-state.json* |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: |1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: |1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: |1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: |1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: |1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: desk|%DESKTOP%\|*codes*,*2fa*,*iban*,*cards*,*banks*,*cvv*,*cvc*,*account*,*credentials*,*bitcoin*,*ethereum*,*bank*,*password*,*wallet*,*.txt,*.doc,*secret*,*.rtf, *.docx,*.xlsx,*.xls*,*.txt,*key*,*bitcoin*,*binance*,*exodus*,*coinbase*,*wallet*,*seed*,*pass*,*password*,*ledger*,*trezor*,*meta*,*metamask*,*trust*,*coin*,*crypto*|30|1|0|dock|%DOCUMENTS%\|*codes*,*2fa*,*iban*,*cards*,*banks*,*cvv*,*cvc*,*account*,*credentials*,*bitcoin*,*ethereum*,*bank*,*password*,*wallet*,*.txt,*.doc,*secret*,*.rtf, *.docx,*.xlsx,*.xls*,*.txt,*key*,*bitcoin*,*binance*,*exodus*,*coinbase*,*wallet*,*seed*,*pass*,*password*,*ledger*,*trezor*,*meta*,*metamask*,*trust*,*coin*,*crypto*|30|1|0| |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: desk|%DESKTOP%\|*codes*,*2fa*,*iban*,*cards*,*banks*,*cvv*,*cvc*,*account*,*credentials*,*bitcoin*,*ethereum*,*bank*,*password*,*wallet*,*.txt,*.doc,*secret*,*.rtf, *.docx,*.xlsx,*.xls*,*.txt,*key*,*bitcoin*,*binance*,*exodus*,*coinbase*,*wallet*,*seed*,*pass*,*password*,*ledger*,*trezor*,*meta*,*metamask*,*trust*,*coin*,*crypto*|30|1|0|dock|%DOCUMENTS%\|*codes*,*2fa*,*iban*,*cards*,*banks*,*cvv*,*cvc*,*account*,*credentials*,*bitcoin*,*ethereum*,*bank*,*password*,*wallet*,*.txt,*.doc,*secret*,*.rtf, *.docx,*.xlsx,*.xls*,*.txt,*key*,*bitcoin*,*binance*,*exodus*,*coinbase*,*wallet*,*seed*,*pass*,*password*,*ledger*,*trezor*,*meta*,*metamask*,*trust*,*coin*,*crypto*|30|1|0| |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: |1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: |1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C2A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: shaffatta.comtta.com/fdca69ae739b4897.php\multidoge.wallet |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: |1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: |1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3112781887.0000000000447000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: |1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: Wb9LZ5Sn1l.exe, 00000000.00000002.3114165780.0000000002C2A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: C:\Users\user\AppData\Roaming\\Electrum-LTC\wallets\\*.* |