Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_0040D1C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
0_2_0040D1C0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_004015C0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
0_2_004015C0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_00411650 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose, |
0_2_00411650 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_0040B610 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose, |
0_2_0040B610 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_0040DB60 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA, |
0_2_0040DB60 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_0040D540 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
0_2_0040D540 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_00412570 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
0_2_00412570 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_004121F0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen, |
0_2_004121F0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_00411B80 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
0_2_00411B80 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0N |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: pYJeC4VJbw.exe, pYJeC4VJbw.exe, 00000000.00000002.2903578339.000000006D00D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr |
String found in binary or memory: http://www.mozilla.com/en-US/blocklist/ |
Source: pYJeC4VJbw.exe, 00000000.00000002.2903413122.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2895334222.000000001D511000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.sqlite.org/copyright.html. |
Source: GIJKKKFC.0.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: GIJKKKFC.0.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ep |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.epnacl |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp, GIJKKKFC.0.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp, GIJKKKFC.0.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: GIJKKKFC.0.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: GIJKKKFC.0.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: GIJKKKFC.0.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: https://mozilla.org0/ |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884824643.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/ |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E26000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/) |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/1 |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/32e011d2eaa85a0/nss3.dll |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/32e011d2eaa85a0/nss3.dllc |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E26000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/3r: |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/5 |
Source: pYJeC4VJbw.exe, 00000000.00000003.2526693387.0000000002E3E000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000003.2526535738.0000000002E3E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/8s/ |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/D |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/GHCGHCBFHJJKKJEHJEHJEH |
Source: pYJeC4VJbw.exe, 00000000.00000003.2526693387.0000000002E3E000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000003.2526535738.0000000002E3E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/Hs |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/JKEHDBGHIDHIEHDBAAFHJK |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/amData |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E09000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/c |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E09000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/freebl3.dll |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E09000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/mozglue.dll |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D4F0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/mozglue.dll) |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E09000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/mozglue.dll8 |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D4FF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/msvcp140.dll |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E09000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/msvcp140.dlll |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/nss3.dlln |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/nss3.dllp |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D4FF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/softokn3.dllF |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D4FF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/softokn3.dllx |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E09000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/sqlite3.dll |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E09000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/sqlite3.dllH |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D4FF000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E26000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/d32e011d2eaa85a0/vcruntime140.dll |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/es |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fatta.com/ |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fatta.com/32e011d2eaa85a0/nss3.dllY |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fatta.com/d32e011d2eaa85a0/nss3.dll |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fatta.com/d32e011d2eaa85a0/nss3.dll/ |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002DD5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.php |
Source: pYJeC4VJbw.exe, 00000000.00000003.2526693387.0000000002E3E000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000003.2526535738.0000000002E3E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.php& |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E09000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.php- |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E26000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.php4r# |
Source: pYJeC4VJbw.exe, 00000000.00000003.2526693387.0000000002E3E000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000003.2526535738.0000000002E3E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.php7s& |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E26000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.php8s/ |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E26000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpCoinomi |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E26000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpGs |
Source: pYJeC4VJbw.exe, 00000000.00000003.2526693387.0000000002E3E000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000003.2526535738.0000000002E3E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpUs |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E26000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpa |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E09000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpi |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.000000000044B000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpiYW4qLCpjYXJkcyosKmJhbmtzKiwqY3Z2KiwqY3ZjKiwqYWNjb3VudCosK |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E26000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpmple-storage.jsoncoOaY |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.000000000044B000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phption: |
Source: pYJeC4VJbw.exe, 00000000.00000003.2526693387.0000000002E3E000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000003.2526535738.0000000002E3E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/fdca69ae739b4897.phpys |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/ost: |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.com/ozglue.dll |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884824643.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shaffatta.comC |
Source: IDAKJKEHDBGHIDHIEHDBAAFHJK.0.dr |
String found in binary or memory: https://support.mozilla.org |
Source: IDAKJKEHDBGHIDHIEHDBAAFHJK.0.dr |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: IDAKJKEHDBGHIDHIEHDBAAFHJK.0.dr |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF |
Source: pYJeC4VJbw.exe, 00000000.00000003.2585700635.000000002349D000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2882938021.000000000044B000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.000000000044B000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe |
Source: pYJeC4VJbw.exe, 00000000.00000003.2585700635.000000002349D000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2882938021.000000000044B000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.000000000044B000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe |
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D410000.00000004.00000020.00020000.00000000.sdmp, GIJKKKFC.0.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: GIJKKKFC.0.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: IDAKJKEHDBGHIDHIEHDBAAFHJK.0.dr |
String found in binary or memory: https://www.mozilla.org |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.000000000044B000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.mozilla.org/about/ |
Source: IDAKJKEHDBGHIDHIEHDBAAFHJK.0.dr |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2 |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.000000000044B000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/ |
Source: IDAKJKEHDBGHIDHIEHDBAAFHJK.0.dr |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.000000000044B000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ |
Source: pYJeC4VJbw.exe, 00000000.00000003.2715320097.00000000298F4000.00000004.00000020.00020000.00000000.sdmp, IDAKJKEHDBGHIDHIEHDBAAFHJK.0.dr |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: IDAKJKEHDBGHIDHIEHDBAAFHJK.0.dr |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.000000000044B000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/ |
Source: pYJeC4VJbw.exe, 00000000.00000003.2715320097.00000000298F4000.00000004.00000020.00020000.00000000.sdmp, IDAKJKEHDBGHIDHIEHDBAAFHJK.0.dr |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.000000000044B000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49744 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49743 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49742 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49741 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49740 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49766 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49743 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49762 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49746 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49739 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49738 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49737 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49759 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49753 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49742 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49767 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49749 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49763 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49752 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49739 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49756 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49767 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49766 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49758 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49765 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49764 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49763 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49762 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49761 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49760 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49741 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49748 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49760 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49764 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49751 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49759 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49758 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49757 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49738 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49755 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49756 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49755 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49757 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49754 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49753 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49752 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49751 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49750 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49740 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49761 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49765 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49747 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49744 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49750 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49749 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49748 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49754 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49747 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49737 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49746 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49745 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFD6CF0 |
0_2_6CFD6CF0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CF9D4E0 |
0_2_6CF9D4E0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFBD4D0 |
0_2_6CFBD4D0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFA64C0 |
0_2_6CFA64C0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFF34A0 |
0_2_6CFF34A0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFFC4A0 |
0_2_6CFFC4A0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFA6C80 |
0_2_6CFA6C80 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFA5440 |
0_2_6CFA5440 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFD5C10 |
0_2_6CFD5C10 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFE2C10 |
0_2_6CFE2C10 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D00AC00 |
0_2_6D00AC00 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFF85F0 |
0_2_6CFF85F0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D00542B |
0_2_6D00542B |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFD0DD0 |
0_2_6CFD0DD0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CF935A0 |
0_2_6CF935A0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D00545C |
0_2_6D00545C |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFBED10 |
0_2_6CFBED10 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFC0512 |
0_2_6CFC0512 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFAFD00 |
0_2_6CFAFD00 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CF9BEF0 |
0_2_6CF9BEF0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFAFEF0 |
0_2_6CFAFEF0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFF4EA0 |
0_2_6CFF4EA0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFB5E90 |
0_2_6CFB5E90 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFFE680 |
0_2_6CFFE680 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CF9C670 |
0_2_6CF9C670 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFB9E50 |
0_2_6CFB9E50 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFD3E50 |
0_2_6CFD3E50 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFE2E4E |
0_2_6CFE2E4E |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFB4640 |
0_2_6CFB4640 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFF9E30 |
0_2_6CFF9E30 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFD7E10 |
0_2_6CFD7E10 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFE5600 |
0_2_6CFE5600 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFC6FF0 |
0_2_6CFC6FF0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CF9DFE0 |
0_2_6CF9DFE0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFE77A0 |
0_2_6CFE77A0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D006E63 |
0_2_6D006E63 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0076E3 |
0_2_6D0076E3 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFD7710 |
0_2_6CFD7710 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFA9F00 |
0_2_6CFA9F00 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFBC0E0 |
0_2_6CFBC0E0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFD58E0 |
0_2_6CFD58E0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFC60A0 |
0_2_6CFC60A0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D00B170 |
0_2_6D00B170 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFDF070 |
0_2_6CFDF070 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFB8850 |
0_2_6CFB8850 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFBD850 |
0_2_6CFBD850 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFDB820 |
0_2_6CFDB820 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFE4820 |
0_2_6CFE4820 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFA7810 |
0_2_6CFA7810 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFCD9B0 |
0_2_6CFCD9B0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CF9C9A0 |
0_2_6CF9C9A0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFD5190 |
0_2_6CFD5190 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFF2990 |
0_2_6CFF2990 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFEB970 |
0_2_6CFEB970 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFAD960 |
0_2_6CFAD960 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFBA940 |
0_2_6CFBA940 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0050C7 |
0_2_6D0050C7 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFB1AF0 |
0_2_6CFB1AF0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFDE2F0 |
0_2_6CFDE2F0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFD8AC0 |
0_2_6CFD8AC0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFACAB0 |
0_2_6CFACAB0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CF922A0 |
0_2_6CF922A0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFC4AA0 |
0_2_6CFC4AA0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFD9A60 |
0_2_6CFD9A60 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0053C8 |
0_2_6D0053C8 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CF9F380 |
0_2_6CF9F380 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFAC370 |
0_2_6CFAC370 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D00BA90 |
0_2_6D00BA90 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D002AB0 |
0_2_6D002AB0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CF95340 |
0_2_6CF95340 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6CFDD320 |
0_2_6CFDD320 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D1C8D20 |
0_2_6D1C8D20 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D16AD50 |
0_2_6D16AD50 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D10ED70 |
0_2_6D10ED70 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0D6D90 |
0_2_6D0D6D90 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D044DB0 |
0_2_6D044DB0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D1CCDC0 |
0_2_6D1CCDC0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D106C00 |
0_2_6D106C00 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D11AC30 |
0_2_6D11AC30 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D04AC60 |
0_2_6D04AC60 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D03ECC0 |
0_2_6D03ECC0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D09ECD0 |
0_2_6D09ECD0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D046F10 |
0_2_6D046F10 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D180F20 |
0_2_6D180F20 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0AEF40 |
0_2_6D0AEF40 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D102F70 |
0_2_6D102F70 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D188FB0 |
0_2_6D188FB0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D04EFB0 |
0_2_6D04EFB0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D11EFF0 |
0_2_6D11EFF0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D040FE0 |
0_2_6D040FE0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D120E20 |
0_2_6D120E20 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0DEE70 |
0_2_6D0DEE70 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0C6E90 |
0_2_6D0C6E90 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D04AEC0 |
0_2_6D04AEC0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0E0EC0 |
0_2_6D0E0EC0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D096900 |
0_2_6D096900 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D078960 |
0_2_6D078960 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D1009B0 |
0_2_6D1009B0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0D09A0 |
0_2_6D0D09A0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0FA9A0 |
0_2_6D0FA9A0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D15C9E0 |
0_2_6D15C9E0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0749F0 |
0_2_6D0749F0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D090820 |
0_2_6D090820 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0CA820 |
0_2_6D0CA820 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D114840 |
0_2_6D114840 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D1468E0 |
0_2_6D1468E0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0E0BA0 |
0_2_6D0E0BA0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D146BE0 |
0_2_6D146BE0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0EEA00 |
0_2_6D0EEA00 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0F8A30 |
0_2_6D0F8A30 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0BCA70 |
0_2_6D0BCA70 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_6D0BEA80 |
0_2_6D0BEA80 |
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr |
Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2); |
Source: pYJeC4VJbw.exe, 00000000.00000002.2903802204.000000006D1CF000.00000002.00000001.01000000.00000007.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2895334222.000000001D511000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2903359635.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr |
Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr |
Binary or memory string: SELECT ALL * FROM %s LIMIT 0; |
Source: pYJeC4VJbw.exe, 00000000.00000002.2903802204.000000006D1CF000.00000002.00000001.01000000.00000007.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2895334222.000000001D511000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2903359635.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr |
Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB); |
Source: pYJeC4VJbw.exe, 00000000.00000002.2903802204.000000006D1CF000.00000002.00000001.01000000.00000007.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2895334222.000000001D511000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2903359635.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr |
Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB); |
Source: pYJeC4VJbw.exe, 00000000.00000002.2903802204.000000006D1CF000.00000002.00000001.01000000.00000007.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2895334222.000000001D511000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2903359635.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx)); |
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr |
Binary or memory string: UPDATE %s SET %s WHERE id=$ID; |
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr |
Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID; |
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr |
Binary or memory string: SELECT ALL id FROM %s WHERE %s; |
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr |
Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1); |
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr |
Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s); |
Source: pYJeC4VJbw.exe, pYJeC4VJbw.exe, 00000000.00000002.2903802204.000000006D1CF000.00000002.00000001.01000000.00000007.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2895334222.000000001D511000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2903359635.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr |
Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q); |
Source: pYJeC4VJbw.exe, 00000000.00000002.2903802204.000000006D1CF000.00000002.00000001.01000000.00000007.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2895334222.000000001D511000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2903359635.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr |
Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB); |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895334222.000000001D511000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2903359635.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN); |
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr |
Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2); |
Source: pYJeC4VJbw.exe, 00000000.00000003.2585700635.0000000023494000.00000004.00000020.00020000.00000000.sdmp, JDBFIIEBGCAKKEBFBAAF.0.dr |
Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key)); |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895334222.000000001D511000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2903359635.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode); |
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr |
Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895334222.000000001D511000.00000004.00000020.00020000.00000000.sdmp, pYJeC4VJbw.exe, 00000000.00000002.2903359635.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN); |
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr |
Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1; |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: msvcr100.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: mozglue.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_0040D1C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
0_2_0040D1C0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_004015C0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
0_2_004015C0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_00411650 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose, |
0_2_00411650 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_0040B610 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose, |
0_2_0040B610 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_0040DB60 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA, |
0_2_0040DB60 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_0040D540 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
0_2_0040D540 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_00412570 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
0_2_00412570 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_004121F0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen, |
0_2_004121F0 |
Source: C:\Users\user\Desktop\pYJeC4VJbw.exe |
Code function: 0_2_00411B80 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose, |
0_2_00411B80 |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2884861560.0000000002E26000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\.finger-print.fp |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2882938021.0000000000549000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: ite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0| |
Source: pYJeC4VJbw.exe, 00000000.00000002.2895207403.000000001D4F0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\*.* |