Source: 00000000.00000002.2208741125.000000C0001BA000.00000004.00001000.00020000.00000000.sdmp | String decryptor: benchillppwo.shop |
Source: 00000000.00000002.2208741125.000000C0001BA000.00000004.00001000.00020000.00000000.sdmp | String decryptor: publicitttyps.shop |
Source: 00000000.00000002.2208741125.000000C0001BA000.00000004.00001000.00020000.00000000.sdmp | String decryptor: answerrsdo.shop |
Source: 00000000.00000002.2208741125.000000C0001BA000.00000004.00001000.00020000.00000000.sdmp | String decryptor: radiationnopp.shop |
Source: 00000000.00000002.2208741125.000000C0001BA000.00000004.00001000.00020000.00000000.sdmp | String decryptor: affecthorsedpo.shop |
Source: 00000000.00000002.2208741125.000000C0001BA000.00000004.00001000.00020000.00000000.sdmp | String decryptor: bargainnykwo.shop |
Source: 00000000.00000002.2208741125.000000C0001BA000.00000004.00001000.00020000.00000000.sdmp | String decryptor: bannngwko.shop |
Source: 00000000.00000002.2208741125.000000C0001BA000.00000004.00001000.00020000.00000000.sdmp | String decryptor: bouncedgowp.shop |
Source: 00000000.00000002.2208741125.000000C0001BA000.00000004.00001000.00020000.00000000.sdmp | String decryptor: citizencenturygoodwk.shop |
Source: 00000000.00000002.2208741125.000000C0001BA000.00000004.00001000.00020000.00000000.sdmp | String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000000.00000002.2208741125.000000C0001BA000.00000004.00001000.00020000.00000000.sdmp | String decryptor: TeslaBrowser/5.5 |
Source: 00000000.00000002.2208741125.000000C0001BA000.00000004.00001000.00020000.00000000.sdmp | String decryptor: - Screen Resoluton: |
Source: 00000000.00000002.2208741125.000000C0001BA000.00000004.00001000.00020000.00000000.sdmp | String decryptor: - Physical Installed Memory: |
Source: 00000000.00000002.2208741125.000000C0001BA000.00000004.00001000.00020000.00000000.sdmp | String decryptor: Workgroup: - |
Source: 00000000.00000002.2208741125.000000C0001BA000.00000004.00001000.00020000.00000000.sdmp | String decryptor: LPnhqo--@SEFYALUV |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 3_2_0024E880 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov word ptr [eax], cx | 3_2_00248088 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ecx, dword ptr [esp+68h] | 3_2_0024709B |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov edi, ecx | 3_2_0024709B |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 3_2_00250BD0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov dword ptr [esp+24h], 0000005Ch | 3_2_00263425 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ecx, dword ptr [esp+04h] | 3_2_00239C30 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov byte ptr [edi], al | 3_2_00258C4B |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+28h] | 3_2_0023F490 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then jmp ecx | 3_2_00265512 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 3_2_0024662A |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp word ptr [ebx+eax+02h], 0000h | 3_2_0024AF90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 3_2_00246790 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then jmp dword ptr [00273570h] | 3_2_0025302C |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, ebp | 3_2_00231072 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov dword ptr [esi+00000124h], ecx | 3_2_00258087 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ecx, dword ptr [esp] | 3_2_002400F1 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ebx, dword ptr [edi+04h] | 3_2_00255920 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov word ptr [edi+eax*4], dx | 3_2_00238130 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then add ecx, dword ptr [esp+eax*4+30h] | 3_2_00238130 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then push edi | 3_2_0023C113 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov byte ptr [ecx], al | 3_2_00253142 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then jmp ecx | 3_2_002699C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi+10h] | 3_2_00256A83 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then push esi | 3_2_0024F283 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then inc ebx | 3_2_00245A90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then movsx eax, byte ptr [esi+ecx] | 3_2_0023E2D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ebx, eax | 3_2_00233350 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+04h] | 3_2_0024ABB0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 3_2_00260B80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then jmp edx | 3_2_0024DBEE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then jmp eax | 3_2_0024DBEE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ecx, dword ptr [esp+24h] | 3_2_002403C8 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then jmp eax | 3_2_00267442 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [edi+0Ch] | 3_2_00232CA0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+0Ch] | 3_2_00252C9D |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then jmp ecx | 3_2_00269CE0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ecx, dword ptr [esi+08h] | 3_2_002504D6 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov edx, dword ptr [esp+08h] | 3_2_00239510 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov edx, dword ptr [esp+04h] | 3_2_00239510 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then movzx edi, byte ptr [ecx+esi] | 3_2_00233510 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, ecx | 3_2_00254E6B |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, edx | 3_2_00254E6B |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi+10h] | 3_2_002586C4 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi+10h] | 3_2_002586C7 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov byte ptr [edx], al | 3_2_002397D0 |
Source: Malware configuration extractor | URLs: benchillppwo.shop |
Source: Malware configuration extractor | URLs: publicitttyps.shop |
Source: Malware configuration extractor | URLs: answerrsdo.shop |
Source: Malware configuration extractor | URLs: radiationnopp.shop |
Source: Malware configuration extractor | URLs: affecthorsedpo.shop |
Source: Malware configuration extractor | URLs: bargainnykwo.shop |
Source: Malware configuration extractor | URLs: bannngwko.shop |
Source: Malware configuration extractor | URLs: bouncedgowp.shop |
Source: Malware configuration extractor | URLs: citizencenturygoodwk.shop |
Source: global traffic | HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: citizencenturygoodwk.shop |
Source: global traffic | HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 51Host: citizencenturygoodwk.shop |
Source: global traffic | HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12863Host: citizencenturygoodwk.shop |
Source: global traffic | HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15109Host: citizencenturygoodwk.shop |
Source: global traffic | HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19967Host: citizencenturygoodwk.shop |
Source: global traffic | HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7100Host: citizencenturygoodwk.shop |
Source: global traffic | HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1264Host: citizencenturygoodwk.shop |
Source: global traffic | HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 584888Host: citizencenturygoodwk.shop |
Source: BitLockerToGo.exe, 00000003.00000003.2250701299.0000000004B0D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
Source: BitLockerToGo.exe, 00000003.00000003.2250701299.0000000004B0D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
Source: BitLockerToGo.exe, 00000003.00000003.2250701299.0000000004B0D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
Source: BitLockerToGo.exe, 00000003.00000003.2250701299.0000000004B0D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: BitLockerToGo.exe, 00000003.00000003.2250701299.0000000004B0D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: BitLockerToGo.exe, 00000003.00000003.2250701299.0000000004B0D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
Source: BitLockerToGo.exe, 00000003.00000003.2250701299.0000000004B0D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
Source: BitLockerToGo.exe, 00000003.00000003.2250701299.0000000004B0D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0 |
Source: BitLockerToGo.exe, 00000003.00000003.2250701299.0000000004B0D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
Source: BitLockerToGo.exe, 00000003.00000003.2250701299.0000000004B0D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
Source: BitLockerToGo.exe, 00000003.00000003.2250701299.0000000004B0D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
Source: BitLockerToGo.exe, 00000003.00000003.2238156888.0000000002885000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2279134881.0000000002831000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://citizencenturygoodwk.shop/ |
Source: BitLockerToGo.exe, 00000003.00000003.2279134881.0000000002884000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2279475230.0000000002886000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://citizencenturygoodwk.shop/. |
Source: BitLockerToGo.exe, 00000003.00000003.2265630337.0000000002885000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2250362177.0000000002885000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://citizencenturygoodwk.shop/4Y |
Source: BitLockerToGo.exe, 00000003.00000003.2238156888.0000000002885000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2279134881.0000000002831000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2279500194.0000000002896000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://citizencenturygoodwk.shop/api |
Source: BitLockerToGo.exe, 00000003.00000002.2328165604.000000000288C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://citizencenturygoodwk.shop/api9( |
Source: BitLockerToGo.exe, 00000003.00000002.2328165604.000000000288C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2300807361.000000000288C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://citizencenturygoodwk.shop/api=/ |
Source: BitLockerToGo.exe, 00000003.00000003.2238156888.0000000002831000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://citizencenturygoodwk.shop/apiP |
Source: BitLockerToGo.exe, 00000003.00000003.2265630337.0000000002885000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2250362177.0000000002885000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://citizencenturygoodwk.shop/apiU6 |
Source: BitLockerToGo.exe, 00000003.00000003.2238156888.0000000002871000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2227392089.0000000002871000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://citizencenturygoodwk.shop/apiX |
Source: BitLockerToGo.exe, 00000003.00000002.2328165604.000000000288C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2300807361.000000000288C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://citizencenturygoodwk.shop/apie6- |
Source: BitLockerToGo.exe, 00000003.00000003.2265630337.0000000002885000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://citizencenturygoodwk.shop/ez |
Source: BitLockerToGo.exe, 00000003.00000003.2279134881.0000000002884000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2328165604.000000000288C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2279475230.0000000002886000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2265630337.0000000002885000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://citizencenturygoodwk.shop/z |
Source: BitLockerToGo.exe, 00000003.00000003.2279134881.0000000002823000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://citizencenturygoodwk.shop:443/api |
Source: BitLockerToGo.exe, 00000003.00000002.2328165604.00000000027E8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://citizencenturygoodwk.shop:443/apiK |
Source: BitLockerToGo.exe, 00000003.00000003.2252075967.0000000004A99000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg |
Source: BitLockerToGo.exe, 00000003.00000003.2228157227.0000000004A49000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: BitLockerToGo.exe, 00000003.00000003.2228157227.0000000004A49000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: BitLockerToGo.exe, 00000003.00000003.2228157227.0000000004A49000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: BitLockerToGo.exe, 00000003.00000003.2252075967.0000000004A99000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi |
Source: 6xmBUtHylU.exe | String found in binary or memory: https://login.chinacloudapi.cn/http2: |
Source: 6xmBUtHylU.exe | String found in binary or memory: https://login.microsoftonline.com/stream |
Source: 6xmBUtHylU.exe | String found in binary or memory: https://management.azure.cominvalid |
Source: 6xmBUtHylU.exe | String found in binary or memory: https://management.chinacloudapi.cnCONTINUATION |
Source: 6xmBUtHylU.exe | String found in binary or memory: https://management.core.chinacloudapi.cnFrame |
Source: 6xmBUtHylU.exe | String found in binary or memory: https://management.core.usgovcloudapi.nethttp2: |
Source: 6xmBUtHylU.exe | String found in binary or memory: https://management.usgovcloudapi.nethttps://management.core.windows.net/ |
Source: BitLockerToGo.exe, 00000003.00000003.2251568251.0000000004D2C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: BitLockerToGo.exe, 00000003.00000003.2251568251.0000000004D2C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all |
Source: BitLockerToGo.exe, 00000003.00000003.2251991909.0000000004AA7000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.or |
Source: BitLockerToGo.exe, 00000003.00000003.2251991909.0000000004AA7000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org |
Source: BitLockerToGo.exe, 00000003.00000003.2251568251.0000000004D2C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle |
Source: BitLockerToGo.exe, 00000003.00000003.2251568251.0000000004D2C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ |
Source: BitLockerToGo.exe, 00000003.00000003.2251568251.0000000004D2C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49711 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49722 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49720 |
Source: unknown | Network traffic detected: HTTP traffic on port 49712 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49711 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49720 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49722 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49723 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49713 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49717 |
Source: unknown | Network traffic detected: HTTP traffic on port 49714 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown | Network traffic detected: HTTP traffic on port 49717 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49714 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49713 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49712 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49723 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_0024E880 | 3_2_0024E880 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00251910 | 3_2_00251910 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00245C00 | 3_2_00245C00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00234C50 | 3_2_00234C50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_0024662A | 3_2_0024662A |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00250FBC | 3_2_00250FBC |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00231072 | 3_2_00231072 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00233850 | 3_2_00233850 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00252052 | 3_2_00252052 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00238130 | 3_2_00238130 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00253142 | 3_2_00253142 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_002699C0 | 3_2_002699C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_0026B270 | 3_2_0026B270 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00234240 | 3_2_00234240 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00236A40 | 3_2_00236A40 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_0026FACD | 3_2_0026FACD |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_0023F300 | 3_2_0023F300 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_0024DBEE | 3_2_0024DBEE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00259BC7 | 3_2_00259BC7 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00255BD0 | 3_2_00255BD0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00236470 | 3_2_00236470 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00252C9D | 3_2_00252C9D |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00269CE0 | 3_2_00269CE0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00262CC0 | 3_2_00262CC0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_0025AD4D | 3_2_0025AD4D |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_0026B5C0 | 3_2_0026B5C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00231E20 | 3_2_00231E20 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00254E6B | 3_2_00254E6B |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_0024FFB0 | 3_2_0024FFB0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_00265F90 | 3_2_00265F90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 3_2_002537FE | 3_2_002537FE |
Source: 6xmBUtHylU.exe, 00000000.00000003.2193938229.00000245F7550000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs 6xmBUtHylU.exe |
Source: 6xmBUtHylU.exe, 00000000.00000003.2195259181.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs 6xmBUtHylU.exe |
Source: 6xmBUtHylU.exe, 00000000.00000000.2101657583.00007FF67F84F000.00000008.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameBlancco File.exeDVarFileInfo$ vs 6xmBUtHylU.exe |
Source: 6xmBUtHylU.exe, 00000000.00000003.2193969767.00000245F7510000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs 6xmBUtHylU.exe |
Source: 6xmBUtHylU.exe | Binary or memory string: OriginalFilenameBlancco File.exeDVarFileInfo$ vs 6xmBUtHylU.exe |
Source: 6xmBUtHylU.exe | String found in binary or memory: etlfstack node allocated from the heap) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntim |
Source: 6xmBUtHylU.exe | String found in binary or memory: etlfstack node allocated from the heap) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntim |
Source: 6xmBUtHylU.exe | String found in binary or memory: sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stoppin |
Source: 6xmBUtHylU.exe | String found in binary or memory: sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stoppin |
Source: 6xmBUtHylU.exe | String found in binary or memory: failed to construct HKDF label: %sinvalid nested repetition operatorinvalid or unsupported Perl syntaxcrypto/rc4: invalid buffer overlapGODEBUG sys/cpu: can not disable "chacha20: wrong HChaCha20 key sizereflect.MakeSlice of non-slice typecrypto/md5: invalid hash state size2006-01-02T15:04:05.999999999Z07:00SubscribeServiceChangeNotificationsCOFF symbols count is absurdly highnot a PE file, smaller than tiny PE` SizeOfRawData is larger than filenetwork dropped connection on resettransport endpoint is not connected1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9persistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlinefindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=file type does not support deadlinex509: malformed extension OID fieldx509: wrong Ed25519 public key sizex509: invalid authority info accesssuperfluous leading zeros in lengthexecutable file not found in %PATH%ber2der: BER tag length is negativehttps://management.chinacloudapi.cnCONTINUATION frame with stream ID 0too many Questions to pack (>65535)transform: short destination buffer'_' must separate successive digitsbigmod: modulus is smaller than natunsupported signature algorithm: %vtls: too many non-advancing recordstls: server selected an invalid PSKmime: bogus characters after %%: %qhpack: invalid Huffman-encoded datadynamic table size update too largeflate: corrupt input before offset P224 point is the point at infinityP256 point is the point at infinityP384 point is the point at infinityP521 point is the point at infinitychacha20: output smaller than inputcrypto/cipher: input not full blocksmethod ABI and value ABI don't alignTime.UnmarshalBinary: invalid lengthstrings.Builder.Grow: negative countstrings: Join output length overflowThunk Address Of Data too spread outPower PC with floating point supportaccessing a corrupted shared library444089209850062616169452667236328125ryuFtoaFixed64 called with prec > 180123456789abcdefghijklmnopqrstuvwxyzbytes.Reader.ReadAt: negative offsetlfstack node allocated from the heap) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching s |