Windows Analysis Report
LisectAVT_2403002A_476.exe

AV Detection

Source: LisectAVT_2403002A_476.exe

Avira: detected

Source: https://lighterepisodeheighte.fun/api	Avira URL Cloud: Label: malware
Source: https://associationokeo.shop/	Avira URL Cloud: Label: malware
Source: https://detectordiscusser.shop/api	Avira URL Cloud: Label: malware
Source: https://pooreveningfuseor.pw/api/api	Avira URL Cloud: Label: malware
Source: technologyenterdo.shop	Avira URL Cloud: Label: malware
Source: https://associationokeo.shop/apisf	Avira URL Cloud: Label: malware
Source: https://associationokeo.shop//	Avira URL Cloud: Label: malware
Source: https://pooreveningfuseor.pw/api	Avira URL Cloud: Label: malware
Source: associationokeo.shop	Avira URL Cloud: Label: malware

Source: 3.2.BitLockerToGo.exe.600000.0.raw.unpack

Malware Configuration Extractor: LummaC {"C2 url": ["associationokeo.shop", "turkeyunlikelyofw.shop", "pooreveningfuseor.pw", "edurestunningcrackyow.fun", "detectordiscusser.shop", "problemregardybuiwo.fun", "lighterepisodeheighte.fun", "technologyenterdo.shop", "lighterepisodeheighte.fun"], "Build id": "VcS1Q5--newfile"}

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.8% probability

Source: 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: associationokeo.shop
Source: 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: turkeyunlikelyofw.shop
Source: 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: pooreveningfuseor.pw
Source: 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: edurestunningcrackyow.fun
Source: 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: detectordiscusser.shop
Source: 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: problemregardybuiwo.fun
Source: 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lighterepisodeheighte.fun
Source: 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: technologyenterdo.shop
Source: 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lighterepisodeheighte.fun
Source: 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: VcS1Q5--newfile

Compliance

Source: LisectAVT_2403002A_476.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: BitLockerToGo.pdb source: LisectAVT_2403002A_476.exe, 00000001.00000002.2349220183.000000C0007F2000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_476.exe, 00000001.00000003.2345604969.000002A25EA40000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_476.exe, 00000001.00000002.2350737713.000000C00082E000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_476.exe, 00000001.00000003.2345642713.000002A25EA00000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2346300993.00000000007C0000.00000004.00000020.00020000.00000000.sdmp

Source:

Binary string: BitLockerToGo.pdbGCTL source: LisectAVT_2403002A_476.exe, 00000001.00000002.2349220183.000000C0007F2000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_476.exe, 00000001.00000003.2345604969.000002A25EA40000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_476.exe, 00000001.00000002.2350737713.000000C00082E000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_476.exe, 00000001.00000003.2345642713.000002A25EA00000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2346300993.00000000007C0000.00000004.00000020.00020000.00000000.sdmp

Software Vulnerabilities

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov word ptr [ebp+00h], 0000h		3_2_0060A560
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [ecx-08h], CCC8066Ah		3_2_006317F2
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esi+00000128h]		3_2_0061504F
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [eax-08h], 5C3924FCh		3_2_00617031
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [eax-08h], 0AB35B01h		3_2_0061418B
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov word ptr [eax], dx		3_2_00616266
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov word ptr [ebx], ax		3_2_0061F212
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]		3_2_0061F212
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx		3_2_006332E1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+10h]		3_2_00619350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [ecx+edx+02h], 0000h		3_2_006343C0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [edx+ebp], al		3_2_00603390
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then inc edi		3_2_006125E9
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [eax], cl		3_2_0062466A
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [eax], cl		3_2_0062466A
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [esi], 00000000h		3_2_0061B6E2
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [eax-08h], A352EDFDh		3_2_0061B6E2
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx eax, byte ptr [ebx]		3_2_0063276D
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [eax], 0000h		3_2_006137F3
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov dword ptr [esi+000001B0h], 00000000h		3_2_006147AF
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx ebx, byte ptr [edx+esi]		3_2_006088C0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+10h]		3_2_0061E960
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esi+40h]		3_2_0062095B
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov dword ptr [esi], ebp		3_2_006019D4
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [edx+ebp], bl		3_2_006089A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [eax], cl		3_2_00624A1C
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+0Ch]		3_2_00618AF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esi]		3_2_00621B6B
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esi]		3_2_00621B6B
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+10h]		3_2_00609C20
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [ecx], al		3_2_00622C0D
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [ecx], al		3_2_00622C0D
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [ecx], al		3_2_00622C0D
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [ecx], al		3_2_00622C0D
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi]		3_2_00622C0D
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [ecx], al		3_2_00622C0D
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [ecx], dl		3_2_00622C0D
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [ecx], al		3_2_00622C15
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [ecx], al		3_2_00622C15
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [ecx], al		3_2_00622C15
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [ecx], al		3_2_00622C15
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi]		3_2_00622C15
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [ecx], al		3_2_00622C15
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [ecx], dl		3_2_00622C15
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [ecx+eax+01h], 00000000h		3_2_00611CFA
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax		3_2_00632C90
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [eax], cl		3_2_00623DC0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov byte ptr [eax], cl		3_2_00623DC0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+60h]		3_2_00617E5F
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp]		3_2_00617E5F
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [eax-08h], 5C3924FCh		3_2_00616EA2
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+000000BCh]		3_2_0061BF40

Networking

Source: Malware configuration extractor	URLs: associationokeo.shop
Source: Malware configuration extractor	URLs: turkeyunlikelyofw.shop
Source: Malware configuration extractor	URLs: pooreveningfuseor.pw
Source: Malware configuration extractor	URLs: edurestunningcrackyow.fun
Source: Malware configuration extractor	URLs: detectordiscusser.shop
Source: Malware configuration extractor	URLs: problemregardybuiwo.fun
Source: Malware configuration extractor	URLs: lighterepisodeheighte.fun
Source: Malware configuration extractor	URLs: technologyenterdo.shop
Source: Malware configuration extractor	URLs: lighterepisodeheighte.fun

Source: unknown	DNS traffic detected: query: problemregardybuiwo.fun replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: turkeyunlikelyofw.shop replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: associationokeo.shop replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: detectordiscusser.shop replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lighterepisodeheighte.fun replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: edurestunningcrackyow.fun replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: technologyenterdo.shop replaycode: Name error (3)

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: lighterepisodeheighte.fun
Source: global traffic	DNS traffic detected: DNS query: technologyenterdo.shop
Source: global traffic	DNS traffic detected: DNS query: problemregardybuiwo.fun
Source: global traffic	DNS traffic detected: DNS query: detectordiscusser.shop
Source: global traffic	DNS traffic detected: DNS query: edurestunningcrackyow.fun
Source: global traffic	DNS traffic detected: DNS query: pooreveningfuseor.pw
Source: global traffic	DNS traffic detected: DNS query: turkeyunlikelyofw.shop
Source: global traffic	DNS traffic detected: DNS query: associationokeo.shop

Source: LisectAVT_2403002A_476.exe	String found in binary or memory: http://beego.me/docs/advantage/monitor.md
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: http://beego.me/docs/module/toolbox.md
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: http://man7.org/linux/man-pages/man5/machine-id.5.htmlSpec
Source: BitLockerToGo.exe, 00000003.00000002.2348578653.00000000007CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://associationokeo.shop/
Source: BitLockerToGo.exe, 00000003.00000002.2348578653.00000000007CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://associationokeo.shop//
Source: BitLockerToGo.exe, 00000003.00000003.2348128184.00000000007E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://associationokeo.shop/api
Source: BitLockerToGo.exe, 00000003.00000003.2347756071.00000000007CD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348578653.00000000007CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://associationokeo.shop/apisf
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://database.usgovcloudapi.net/Items
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://datalake.azure.net/https://api.loganalytics.iohttps://graph.microsoft.us/https://api.loganal
Source: BitLockerToGo.exe, 00000003.00000003.2347977340.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348695846.00000000007E3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2348128184.00000000007E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://detectordiscusser.shop/api
Source: BitLockerToGo.exe, 00000003.00000003.2347977340.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348695846.00000000007E3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2348128184.00000000007E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://edurestunningcrackyow.fun/
Source: BitLockerToGo.exe, 00000003.00000003.2347977340.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348695846.00000000007E3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2348128184.00000000007E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://edurestunningcrackyow.fun/S
Source: BitLockerToGo.exe, 00000003.00000003.2347756071.00000000007CD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348578653.00000000007CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://edurestunningcrackyow.fun/api
Source: BitLockerToGo.exe, 00000003.00000003.2347756071.00000000007CD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348578653.00000000007CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://edurestunningcrackyow.fun/api:
Source: BitLockerToGo.exe, 00000003.00000003.2347756071.00000000007CD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348578653.00000000007CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://edurestunningcrackyow.fun/apidl
Source: BitLockerToGo.exe, 00000003.00000003.2347977340.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348695846.00000000007E3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2348128184.00000000007E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://edurestunningcrackyow.fun/~
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/mysql-cinder-pd/README.mdAPIVersions
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/mysql-cinder-pd/README.mdContainer
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/mysql-cinder-pd/README.mdList
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/mysql-cinder-pd/README.mdPersistentVolume
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/mysql-cinder-pd/README.mdResourceClaimName
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-itOptional:
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-itgroup
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-ituser
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-podA
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-podIngress
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-podWhether
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-podpodIPs
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/glusterfs/README.mdIf
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/glusterfs/README.mdRegisting
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-itA
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-itForce
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-itGo
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-itName
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-itThe
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://examples.k8s.io/volumes/rbd/README.md(?
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-cont
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotencyContr
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataAPIVersi
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataFlexPers
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataIndicate
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataName
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataStatus
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadatalimit
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadatareadOnly
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resourcesStatefu
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusG
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusH
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusI
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusK
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusL
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusM
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusN
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusR
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusS
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusT
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusW
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusa
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusp
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statust
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindsThe
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindscurre
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindsresou
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindsvolum
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.mdSecretReference
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-classNamespace
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.mdEntrypoint
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://github.com/go-sql-driver/mysql/wiki/old_passwordsreadOnly
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://github.com/go-sql-driver/mysql/wiki/strict-mode
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://github.com/kubernetes-sigs/windows-gmsa)
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://github.com/otan/gopgkrb5cannot
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://github.com/pygments/pygments/blob/15f222adefd2bf7835bfd74a12d720028ae68d29/pygments/lexers/d
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://gohugo.io/methods/page/path/readOnly
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://golang.org/doc/faq#nil_errorcannot
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://golang.org/pkg/unicode/#IsPrint.
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/(.
Source: LisectAVT_2403002A_476.exe, 00000001.00000002.2346989260.000000C000036000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iamcredentialsembedded/angular2.xmlproto:
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://issues.k8s.io/61966Path
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/architecture/nodes/#capacity
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/The
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/If
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/Represents
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/The
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/nodeAffinity
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/configuration/secret/#secret-typesValue
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/configuration/secretID
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/configuration/secretIPFamilyPolicy
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooksHostProcess
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/containers/images
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/containers/images.PodSecurityContext
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-podSchedulin
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/containers/imagesOS
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/nodes/node/#addresses
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/nodes/node/#conditionKind
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/nodes/node/#infomust
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/nodes/node/#phase
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations(?
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectorsImmutable
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectorsThe
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectorslocalhostPr
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/overview/working-with-objects/labelsThe
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#namesRepresents
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#namesVerbs
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uidsReceived
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uidsSpecifies
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names0?
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesstoragePolicyID
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uidsSpecifies
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/Deprecated:
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/DeprecatedServiceAccoun
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespacesmode
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/policy/resource-quotas/List
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/policy/resource-quotas/secretRef
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/policy/resource-quotas/volumeName
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-serviceMaxSkew
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-typesco
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeportUse
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies(?:(
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxiesClus
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxiesSpec
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxiesdata
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/services-networking/service/An
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1Status
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modesemptyDir
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacityHost
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacityThe
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1Please
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumesOwnerReference
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumesTTY
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaimsA
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaimsName
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaimsPeriodic
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaimsServiceAccount
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaimsThe
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-optionsDeprecated.
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumesItems
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/persistent-volumesfsType
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstoreBounded-sized
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstoremountOptions
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstoreordinals
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#emptydirglusterfs
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#emptydirmatchLabels
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#emptydirpersistentVolumeReclaimPolicy
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdiskStatus
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdiskWhenScaled
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdiskpersistentVolumeClaimVolumeSour
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#hostpathA
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#hostpathName
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#hostpathThe
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#iscsi(?=
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#nfs
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#nfsDeprecated.
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#nfsResources
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#nfsverbs
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#rbdEstimated
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#secret
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumes#secretmonitors
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/storage/volumesSpecifies
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/Represents
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/glusterfs
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/spec
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-ow
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/EndpointSubset
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/If
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/Route
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-templateTolerati
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-templatekind
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicatio
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicati
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontrollerHostAlias
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probesCount
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probesMemory
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probesSpecifies
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probesstatus
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-statusLimits
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditionsA
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditionsIf
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditionsMinimum
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phaseThe
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policySupports
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classesversion
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/Pod
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/secretFile
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/GroupVersion
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/Estimated
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-
Source: BitLockerToGo.exe, 00000003.00000003.2347977340.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348695846.00000000007E3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2348128184.00000000007E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lighterepisodeheighte.fun/
Source: BitLockerToGo.exe, 00000003.00000002.2348525768.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lighterepisodeheighte.fun/api
Source: BitLockerToGo.exe, 00000003.00000002.2348525768.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lighterepisodeheighte.fun/apiZ
Source: BitLockerToGo.exe, 00000003.00000003.2347756071.00000000007C3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348578653.00000000007C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lighterepisodeheighte.fun/j
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://login.microsoftonline.com/https://gallery.usgovcloudapi.net/mariadb.database.usgovcloudapi.n
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://management.azure.com/https://managedhsm.azure.net/https://servicebus.azure.net/https://datab
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://management.azure.comproto.HydratedTemplateButtongob:
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://management.core.usgovcloudapi.net/https://dev.azuresynapse.usgovcloudapi.netk8s.io.api.apps.
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://management.core.windows.net/https://management.chinacloudapi.cn/https://servicebus.chinaclou
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://microsoftgraph.chinacloudapi.cnk8s.io.api.apps.v1.StatefulSetConditionsucceeded
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://ossrdbms-aad.database.windows.nethttps://management.core.chinacloudapi.cn/https://ossrdbms-a
Source: BitLockerToGo.exe, 00000003.00000003.2347756071.00000000007CD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348578653.00000000007CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pooreveningfuseor.pw/api
Source: BitLockerToGo.exe, 00000003.00000003.2347977340.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348695846.00000000007E3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2348128184.00000000007E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pooreveningfuseor.pw/api/
Source: BitLockerToGo.exe, 00000003.00000003.2347756071.00000000007CD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348578653.00000000007CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pooreveningfuseor.pw/api/api
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://pr.k8s.io/79391
Source: BitLockerToGo.exe, 00000003.00000003.2347756071.00000000007CD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348578653.00000000007CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://technologyenterdo.shop/
Source: BitLockerToGo.exe, 00000003.00000003.2347756071.00000000007C3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348578653.00000000007C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://technologyenterdo.shop/api48
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://tools.ietf.org/html/rfc4648#section-4Expanded
Source: BitLockerToGo.exe, 00000003.00000003.2347756071.00000000007CD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348578653.00000000007CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://turkeyunlikelyofw.shop/
Source: BitLockerToGo.exe, 00000003.00000003.2347756071.00000000007CD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348578653.00000000007CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://turkeyunlikelyofw.shop/R
Source: BitLockerToGo.exe, 00000003.00000003.2347977340.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2347756071.00000000007CD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348578653.00000000007CD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348695846.00000000007E3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2348128184.00000000007E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://turkeyunlikelyofw.shop/api
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://vault.azure.net/mysql.database.azure.comhttps://cosmos.azure.com&ControllerRevisionList
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://vault.azure.netusgovtrafficmanager.netvault.usgovcloudapi.nethttps://vault.azure.cn/vault.mi
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://web.whatsapp.comserver
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://www.iana.org/assignments/service-names).
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://www.rfc-editor.org/rfc/rfc6455
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: https://www.rfc-editor.org/rfc/rfc7540

Key, Mouse, Clipboard, Microphone and Screen Capturing

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 3_2_00628090 GetDC,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateCompatibleBitmap,SelectObject,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

3_2_00628090

System Summary

Source: 00000001.00000002.2353353315.000000C001082000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00616010 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_00616010
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00634090 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_00634090
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_006341A0 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_006341A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_006314BF NtOpenSection,		3_2_006314BF
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_006316EC NtMapViewOfSection,		3_2_006316EC
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_006317F2 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_006317F2
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_006319B2 NtClose,		3_2_006319B2
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00633EB0 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_00633EB0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00630E9D NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_00630E9D
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0061B06E NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0061B06E
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_006190C1 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_006190C1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_006300A0 NtAllocateVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,RtlAllocateHeap,NtFreeVirtualMemory,		3_2_006300A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0062513A NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0062513A
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_006171B9 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_006171B9
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0061418B NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0061418B
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0061F212 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0061F212
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_006342B0 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_006342B0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_006343C0 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_006343C0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0061E3B0 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0061E3B0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0061C3B8 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0061C3B8
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_006163BC NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_006163BC
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0061E4F2 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0061E4F2
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0061C4BB NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0061C4BB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00634530 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_00634530
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_006215A3 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_006215A3
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0061B6E2 LoadLibraryW,GetProcAddress,GetProcAddress,NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0061B6E2
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00634820 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_00634820
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0061A8E0 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0061A8E0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0062F880 NtAllocateVirtualMemory,NtFreeVirtualMemory,RtlAllocateHeap,NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0062F880
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0061F930 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0061F930
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0061AAF0 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0061AAF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0062FB40 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0062FB40
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00613B44 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_00613B44
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00617B38 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_00617B38
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00619B1C NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_00619B1C
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00634B90 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_00634B90
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0062DC00 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0062DC00
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0062FCA0 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0062FCA0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0062FD90 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0062FD90
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00624EE6 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_00624EE6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00616EA2 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_00616EA2
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00624FDC NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_00624FDC
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0062FF90 NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_0062FF90
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00634F90 NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,		3_2_00634F90

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0060A7C0		3_2_0060A7C0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00601000		3_2_00601000
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0062513A		3_2_0062513A
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00606200		3_2_00606200
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0062520B		3_2_0062520B
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0061F212		3_2_0061F212
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_006252A9		3_2_006252A9
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00603390		3_2_00603390
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00605450		3_2_00605450
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00611600		3_2_00611600
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0061B6E2		3_2_0061B6E2
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_006067F0		3_2_006067F0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00604820		3_2_00604820
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00612823		3_2_00612823
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0061F930		3_2_0061F930
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0062D9A0		3_2_0062D9A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00608B60		3_2_00608B60
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00634B90		3_2_00634B90
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00622C15		3_2_00622C15
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00623DC0		3_2_00623DC0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00617E5F		3_2_00617E5F
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00603E20		3_2_00603E20
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00607E10		3_2_00607E10
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00602FB0		3_2_00602FB0

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: String function: 006091B0 appears 146 times
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: String function: 006088A0 appears 44 times

Source: LisectAVT_2403002A_476.exe

Static PE information: Number of sections : 12 > 10

Source: LisectAVT_2403002A_476.exe, 00000001.00000003.2345604969.000002A25EA40000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs LisectAVT_2403002A_476.exe
Source: LisectAVT_2403002A_476.exe, 00000001.00000002.2364530910.00007FF629DEE000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilename2024archivefrapendiente.exe`> vs LisectAVT_2403002A_476.exe
Source: LisectAVT_2403002A_476.exe, 00000001.00000002.2350737713.000000C00082E000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs LisectAVT_2403002A_476.exe
Source: LisectAVT_2403002A_476.exe, 00000001.00000003.2345642713.000002A25EA00000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs LisectAVT_2403002A_476.exe
Source: LisectAVT_2403002A_476.exe, 00000001.00000002.2350737713.000000C000800000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs LisectAVT_2403002A_476.exe

Source: 00000001.00000002.2353353315.000000C001082000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research

Source: LisectAVT_2403002A_476.exe

Binary string: flate: maxBits too largeGetProcessImageFileNameWinvalid tracestate value\Device\NamedPipe\cygwinstreamSafe was not resetREFUND_FAILED_PROCESSINGVERIFIED_INITIAL_UNKNOWNGROUP_CHANGE_INVITE_LINKGROUP_CHANGE_DESCRIPTIONGROUP_PARTICIPANT_REMOVEGROUP_PARTICIPANT_DEMOTEGROUP_PARTICIPANT_INVITEINDIVIDUAL_CHANGE_NUMBERBIZ_MOVE_TO_CONSUMER_APPGROUP_V4_ADD_INVITE_SENTCHANGE_EPHEMERAL_SETTINGproto.HydratedCallButtonproto.SendPaymentMessageproto.GroupInviteMessagenon-empty decoder bufferencodeArray: nil elementno multiplexing ID foundUnknown address type: %sNested channel(id:%d) %sMalformed method name %qBad 'interval' param: %sTotal number of mallocs.key %q is not lower caseinvalid argument type %Tinvalid field number: %dcould not resolve %q: %vItems is a list of Roles&ClusterRoleBindingList{^[A-Za-z_][A-Za-z0-9_]*$gorm:skip_query_callbacktimestamp with time zoneprimary key can't be nilgorm:started_transactionexpected a slice, got %TValue kind is %s, not %sGODEBUG sys/cpu: value "", required CPU feature

Source: LisectAVT_2403002A_476.exe, 00000001.00000002.2349220183.000000C000491000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: *.wsdlfilenameOOoo*.wsffilename<<<*.svgfilenameOOoo*.csprojfilename09afXXxx*.vcxproj
Source: LisectAVT_2403002A_476.exe	Binary or memory string: <filename>*.csproj</filename>
Source: LisectAVT_2403002A_476.exe, 00000001.00000002.2349220183.000000C000491000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: *.csprojfilename0

Source: classification engine

Classification label: mal100.troj.evad.winEXE@3/0@8/0

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 3_2_00627386 CoCreateInstance,

3_2_00627386

Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe

File created: C:\Users\Public\Libraries\mglma.gif

Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe

File opened: C:\Windows\system32\7b7600f42b90b75a1133e4fc8162cb697a76f3cc4919801519df0856f7084897AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Jump to behavior

Source: LisectAVT_2403002A_476.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: LisectAVT_2403002A_476.exe	String found in binary or memory: baseProfiletter-spacinglyph-orientation-verticalignment-baseline-shiftext-anchorx1buffered-renderingclip-patheightext-decorationclip-rulenable-backgroundisplay1contentScriptTypecontentStyleTypecursory2fill-ruleflood-color-interpolation-filterscriptext-renderingflood-opacitypefont-familyfont-size-adjustop-colorfont-stretchrefeImagefont-stylefont-variantfont-weightforeignObjectimage-renderingmarker-endominant-baselinemarker-midmarker-startmaskerningmetadatamissing-glyph-orientation-horizontalighting-color-profilepatternpointer-eventshape-renderingpointsolid-color-renderingpolygonpolylinepreserveAspectRatioverflowhite-spacestop-opacitystroke-dasharraystroke-dashoffsetstroke-linecapaint-orderstroke-linejoinstroke-miterlimitstroke-opacitystroke-widthsvgswitchsymbolunicode-bidirectionusevector-effectversionviewBox2viewport-fill-opacityvisibilityword-spacingwriting-modefsolid-opacityxml:space
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: -ms-filteradial-gradientext-emphasis-colorgbackground-attachmentext-indentext-justify-contentext-kashida-spacelevationavajowhitext-decoration-line-heightext-overflow-xx-largerichnessaddlebrowno-repeat-yanimation-namespacenteruby-overhangainsborosybrownanimation-play-statext-align-lastresscrollbar-arrow-coloruby-positionanimation-timing-functionazimuthoneydeword-breakbackground-originclude-sourcebackground-position-xbackground-position-ybackground-repeat-xbackground-sizebehaviorblackblanchedalmondarkblueboldarkcyanimation-delayer-background-colorborder-bottom-colorborder-bottom-stylemonchiffont-faceborder-bottom-widthslavenderblushborder-box-shadoword-spacinghostwhitext-decoration-colorborder-collapseashellawngreenborder-colorborder-left-colorborder-left-styleborder-left-widthborder-right-colorborder-right-styleborder-right-widthborder-spacingrid-areanimation-durationormalphacceleratorphansandybrownonempty-cellsans-serifantasyborder-styleborder-top-colorborder-top-styleborder-top-widthborder-widthburlywoodarkgoldenrodarkgraycaption-sideepskybluecaret-colorchartreusechocolatext-autospaceclampadding-boxclearcolumn-counter-resetransition-propertycolumn-rule-colorcolumn-rule-stylecolumn-rule-widthcolumn-widthcornflowerbluecornsilkcue-aftercue-beforestgreenvisibilitycurrentcolorcursivecursordarkvioletdocumentdodgerbluedpcmargin-topadding-rightdpitch-rangedppxflex-growflex-shrinkflex-wrapadding-topage-break-afterfloattransition-delayer-background-imagefloralwhitesmokeyframescrollbar-dark-shadow-colorfont-familyfont-size-adjustify-itemscrollbar-face-colorfont-stretcharsetfont-stylefont-variantiquewhite-spacefont-weightfuchsianimation-fill-modeeppinkhz-indexx-smalleroyalbluegrid-column-gapage-break-beforegrid-column-startgrid-row-endarkolivegreengrid-row-gapage-break-insidegrid-row-startgrid-template-areascrollbar-track-colorgrid-template-columnsolidarkorangeredarkgreenyellowgreengrid-template-rowspeak-headerimportantinheritinitialicebluevioletter-spacingrid-auto-columnscrollbar-highlight-colorinvertical-align-itemspeak-numeralayout-grid-char-spacingrid-auto-flowjustify-selfirebricklayout-grid-line-breaklayout-grid-modegrid-auto-rowscrollbar-shadow-colorlayout-grid-typeachpufflex-basiscrollbar-base-colorlightbluelightcoralign-selflex-directionlightcyanimation-directionlightgoldenrodyellowlightgraylightgreenlightpinklightsalmonlightseagreenlightskybluelightslatebluelightsteelbluelightyellowlimegreenlinear-gradientlist-style-imagelist-style-positionlist-style-typelocalcadetbluemaskmax-heightmax-widthmediumaquamarinemediumbluemediumorchidarkorchidarkkhakime-modefaultransition-timing-functionmediumpurplemediumseagreenmediumslatebluemediumspringgreenmediumturquoisemediumvioletredarksalmonospacemidnightbluemin-heightmin-widthmintcreamarker-offset-anchormistyrosemmarkspeak-punctuationmoccasindianredarkseagreenoffset-distanceoffset-pathoffset-positionoffset-rotatext-decoration-styleolivedrabackground-clipadding-bottomargin-rightransition-durationoutline-coloroutl
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: ipconfigfc00::/7ff00::/8100::/64yamux:%sbalancerchannelz%s -> %scode: %smax_idleerrs<10serrs<10merrs<10hall timedistTmplseveritymemstatsGODEBUG=tdewolffMin %s%sMax %s%scalendardemotypeRSS homelayouts/keywordsTopRightGaussianBlackmanBartlettmodifiedassoc-ifbit-nandbit-orc1bit-orc2char-intclass-ofcomplexpcopy-seqcount-ifdescribefceilingimagpartintegerpkeywordpldb-testlogandc1logandc2logcountmap-intomismatchnbutlastnoteverynreversepackageppathnamepositionproclaimrationalrealpartstring<=string>=string/=subst-ifsubtypeptruenameunexportuninterny-or-n-pmacroletdefclassdefmacrotypecaseoptimizesequencecl-blockcl-callfcl-defuncl-ecasecl-flet*cl-letf*cl-progvcl-psetfcl-psetqdefgroupdefsubstdefthemenoreturndefconstautoloadcar-safecdr-safecharsetpcommandpcopysigndowncasefile-aclfont-getfont-putgap-sizeget-bytemapatomsmax-charoverlaypprocessppurecopyrecentersetplisttime-addtty-typeuser-uiddefaliasfeaturephtml+kid*.sveltepackage \{(?=\s)\s+#.*\n/[^\s#]*variable[^#$\s]+0b[01_]+abstract\.[0-9]+(?:if)\b(?:do)\b(?:in)\bdo-whilecase-sepcall-sep[^\\\s]+wheneverCallablecompilerCompUnitCX::WarnCX::TakeCX::RedoCX::NextCX::LastCX::EmitCX::DoneEncodingIO::PathIO::PipeIO::SpecIterableIteratorJunctionlonglongRationalSequenceSupplierSystemicVariableWhateverabsoluteaccessedadd_roleaddendumallocateantipairarchnameassumingbail-outbasenameBIND-KEYBIND-POSbind-udpcallsamecallwithclassifycodenamecomposercontainscontentscurupdirdaycountDEFINITEdefiniteEVALFILEexitcodeexpectedFALLBACKhardwarehh-mm-ssinfinitecicumfixinvocantis-primeiteratorlastcalllives-okmaxpairsminpairsnew_typenextsamenextwithon-closeos-errorpackagespath-sepprematchprint-nlprint-topull-onepush-allrelativeRUN-MAINsamecasesamemarksamewithset_nameset_authshort-idsink-allskip-onesplitdirsubparsetertiarythrottletimezoneto-posixtrailingtypenameundefineunimatchuninamesuniparseunipropswordcasewrite-to#[^\n]*$(:)(\w+)\$[/!
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine ChorasmianDevanagariGlagoliticKharoshthiManichaeanOld_ItalicOld_PermicOld_TurkicOld_UyghurPhoenicianSaurashtraDeprecatedOther_MathRIPEMD-160.localhostwsarecvmsgwsasendmsgIP addressunixpacket netGo = SHA256-RSASHA384-RSASHA512-RSADSA-SHA256ECDSA-SHA1POSTALCODEexecerrdotSYSTEMROOTtable nameone_outputUSERDOMAINres binderres masterresumptionexp masterConnectionlocal-addrimage/webpaudio/wavevideo/webmfont/woff2RST_STREAMEND_STREAMSet-Cookie; HttpOnlybytes */%d stream=%dset-cookieuser-agentkeep-alive:authorityconnectionequivalentHost: %s
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: bad kind: %sunknown nameavx5124fmapsavx512bitalgempty objectraw-protobufplugin.protologrus_errorPdhOpenQuerynotificationmessage_infomatched-textannouncementfirst_usable192.0.2.0/242001:10::/2864:ff9b::/96192.0.0.0/29192.0.0.0/24plugin.EmptyListenSocketNormalSocketgrpc-messagegrpc-timeoutGrpc-Messagesitemapindextaxonomytermadjust-arrayalpha-char-papropos-listassoc-if-notbit-vector-pchange-classclear-outputcompile-filecount-if-notdecode-floatdigit-char-pfill-pointerfind-packagefind-restartfloat-digitsforce-outputhash-table-pintersectionlower-case-pmachine-typemake-packagepackage-nameprint-objectrestart-nameslot-missingslot-unboundstring-equalstring-lesspsubst-if-notsymbol-plistsymbol-valueupper-case-pwrite-stringdefparameterhandler-bindhandler-caserestart-bindrestart-case&environmentsingle-floatdouble-floatsimple-arrayreader-errorstream-errorunbound-slotrandom-statecl-defstructcl-etypecasecl-eval-whendefvar-localdont-compilelexical-let*oref-defaultoset-defaultpcase-dolistwith-timeoutsetq-defaultassoc-stringcall-processcase-table-pchar-charsetchar-table-pclear-stringcolor-gray-pcurrent-timedelete-fielddelete-framedo-auto-saveerase-bufferfield-stringfont-match-pfontset-fontfontset-infofontset-listforward-charforward-lineforward-wordframe-live-pgap-positionimage-mask-pkill-processload-averagelookup-imagemake-overlaymemory-limitmove-overlaymsdos-memgetmsdos-memputother-bufferplist-memberpoint-markerprocess-listprocess-markprocess-nameprocess-typequit-processread-commandredraw-frameregexp-quotescroll-rightselect-frameset-file-aclstop-processstring-bytesstring-matchstring-widthsyntax-tablesystem-userswidget-applywindow-edgeswindow-framewindow-pointwindow-startwrite-regionx-list-fontsx-popup-menutext/x-gosrctext/x-perl6subdirectivenested_block[^\s#{}$\]]+^\s*(\{)\s*$attr-dstringattr-sstring(?:import)\bimport-identpreproc-exprtypedef-bodybracket-openclass-memberclass-method(function)\bprop-get-set(?:switch)\b(?:return)\barray-access^(#[^#].+\n)(?<!['\w:-])(?<=^|\b|\s)CancellationDistributionIO::ArgFilesPod::HeadingWhateverCodeexperimentalaccepts_typeadd_fallbackapp_lifetimeatomic-fetchcombinationscomposalizercompose_typedid-you-meandone-testingeval-dies-okexcludes-maxexcludes-minfull-barrierhas_accessorpostcirumfixis-leap-yearload-repo-idmethod_tablenativesizeofpackage-kindpermutationspush-exactlyread-uint128redispatcherreplace-withroutine-typeset_is_mixinsubst-mutatetotal-memorytrim-leadingtruncated-towhole-secondwrite-int128write-uint16write-uint32write-uint64metaoperatorsubstitutionsingle-quote[<>,:=.*%+|][{}()\[\]\\][\w"\-!/&;]+LITE_RUNTIMESTRING_PIECE%v: %v => %v(database)s$macroman_binarmscii8_binserverPubKeywriteTimeoutError %d: %sUNSIGNED INTSERIALIZABLEtx is closedserializableAWS StandardAWS ISO (US)ca-central-1eu-central-1eu-central-2il-central-1me-central-1auditmanagercodeartifactcodecatalystcodepipelinecognito-synccontact-lenscontroltowerdata-ats.iotdataexchangedatapipelinefinspace-apiimportexportiotanalyticsiotfleetwiseiottwinmakerkafkaconnect
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: ULwesithathuDownArrowBarDownTeeArrowExponentialEGreaterEqualGreaterTildeHilbertSpaceHumpDownHumpIntersectionLeftArrowBarLeftTeeArrowLeftTriangleLeftUpVectorNotCongruentNotLessEqualNotLessTildeProportionalRightCeilingRoundImpliesShortUpArrowSquareSubsetUnderBracketVerticalLineblacklozengeexponentialerisingdotseqtriangledowntriangleleft<![endif]-->fill-opacityfont-stretchfont-variantmarker-startstop-opacitystroke-widthunicode-bidiword-spacingwriting-modeminify-out-*bad Tc valuebad Th valuebad Tq valuebad Pq valuebad Td valuebad Ta value#ansidarkred#ansifuchsia%02x%02x%02xusingbygroupExposureTimeMeteringModeExposureModeWhiteBalanceGPSVersionIDGPSLongitudeGPSTimeStampGPSSatelitesGPSDateStampsigned shortserver errorBindComplete<(%s,%s),%s>_timestamptzCoInitializeRoInitializemonokailightparaiso-darkrainbow_dashalgol_nu.xmlcolorful.xmldoom-one.xmlfriendly.xmllovelace.xmlpygments.xmlinvalid JSONVariableDeclArgumentDeclStmt(switch ...Binding((new.target)if statement%sRawText: "^[ ]{0,3}<\?NotHumpEqualvarsubsetneqvarsupsetneqECMABoundary, unindex = Windows 1250Windows 1251Windows 1252Windows 1253Windows 1254Windows 1255Windows 1256Windows 1257Windows 1258FootnoteLinkFootnoteListTaskCheckBoxTOO_MANY_FOOlevel 3 resetsrmount errortimer expiredexchange fullRegEnumKeyExWRegOpenKeyExWCertOpenStoreFindNextFileWMapViewOfFileVirtualUnlockWriteConsoleWFreeAddrInfoWgethostbynamegetservbynameparsing time out of range in duration is too largeDeleteServiceStartServiceWFindResourceWGetDriveTypeWModule32NextWThread32FirstRtlGetVersionRtlInitStringCoTaskMemFreeEnumProcessesShellExecuteWExitWindowsExGetClassNameWtimeEndPeriodWTSFreeMemoryFindFirstFileWSACloseEventgethostbyaddrgetservbyportWSAResetEventWSAIsBlockingSysFreeStringSafeArrayLockSafeArrayCopyVarI2FromDateVarI2FromDispVarI2FromBoolVarI4FromDateVarI4FromDispVarI4FromBoolVarR4FromDateVarR4FromDispVarR4FromBoolVarR8FromDateVarR8FromDispVarR8FromBoolVarDateFromI2VarDateFromI4VarDateFromR4VarDateFromR8VarDateFromCyVarCyFromDateVarCyFromDispVarCyFromBoolVarBstrFromI2VarBstrFromI4VarBstrFromR4VarBstrFromR8VarBstrFromCyVarBoolFromI2VarBoolFromI4VarBoolFromR4VarBoolFromR8VarBoolFromCyVarUI1FromStrCreateTypeLibClearCustDataLoadTypeLibExVarDecFromUI1VarDecFromStrVarDateFromI1VarBstrFromI1VarBoolFromI1VarUI1FromUI2VarUI1FromUI4VarUI1FromDecVarDecFromUI2VarDecFromUI4VarI1FromDateVarI1FromDispVarI1FromBoolVarUI2FromUI1VarUI2FromStrVarUI2FromUI4VarUI2FromDecVarUI4FromUI1VarUI4FromStrVarUI4FromUI2VarUI4FromDecBSTR_UserSizeBSTR_UserFreeVarI8FromDateVarI8FromDispVarI8FromBoolVarDateFromI8VarBstrFromI8VarBoolFromI8VarUI1FromUI8VarDecFromUI8VarUI2FromUI8VarUI4FromUI8VarUI8FromUI1VarUI8FromStrVarUI8FromUI2VarUI8FromUI4VarUI8FromDecOMAP From SrcInterfaceImplStandAloneSigAssemblyRefOSEFI byte codeMIPS with FPUDebugStrippedHighEntropyVAEFI ROM imageRISC-V Low12sMIPS JMP AddrRISC-V Low 12Albanian (sq)Armenian (hy)Assamese (as)Corsican (co)Croatian (hr)Estonian (et)Galician (gl)Georgian (ka)Gujarati (gu)Japanese (ja)Kashmiri (ks)Konkani
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: /debug/events=... setting.unpublishdateinput was nilalphanumericpbyte-positionchar-downcasechar-greaterpdelete-if-notdeposit-fielddocumentationfile-positionfinish-outputmacroexpand-1make-instancemake-pathnamemake-sequencemember-if-notnext-method-pnintersectionnsubst-if-notopen-stream-pparse-integerpathname-hostpathname-namepathname-typepprint-indentpprint-linearrassoc-if-notread-sequenceremove-if-notremove-methodslot-exists-psoftware-typestring-upcasesubstitute-ifunuse-packageignore-errorsextended-charsimple-vectorstandard-charunsigned-bytecontrol-errorpackage-errorprogram-errorstyle-warningstring-streamcl-do-symbolsdefine-advicebackward-charbitmap-spec-pbool-vector-pbuffer-live-pbuffer-stringccl-program-pcharset-aftercharset-plistcopy-sequencedefault-valuedelete-regiondiscard-inputdowncase-wordend-kbd-macrofile-exists-pfile-locked-pget-file-chargnutls-deinitgnutls-errorpiconify-framekeymap-parentkeymap-promptlax-plist-getlax-plist-putmarker-buffermsdos-mouse-poverlay-listsoverlay-startposn-at-pointprocess-plistquery-fontsetread-functionread-variablerename-bufferreplace-matchselect-windowset-quit-charsort-charsetsstart-processsuspend-emacssystem-groupsterminal-listterminal-nametime-subtracttty-top-frameundo-boundaryunify-charsetunlock-bufferupcase-regionuse-local-mapuser-real-uidwindow-bufferwindow-list-1window-live-pwindow-parentwindow-systemx-file-dialogx-focus-framex-select-fontx-synchronizeforward-pointdefine-widgetcl-check-typetext/x-genshi@[^\s]+(?=\s)matcher_token[0-9]+[km]?\b^(\s*)(##.*)$py:[\w-]+\s*=(`)([^`]*)(`)(?:package)\b(?:typedef)\bstring-singlestring-doublepreproc-errorabstract-bodymeta-call-sepbracket-closeoptional-expr(?:\+\+|\-\-)bracket-checkhaxe-pre-proc^(#{2,6}.+\n)dynamic-scopeHyperWhateverIO::CatHandleIO::Path::QNXIO::Spec::QNXMONKEY-TYPINGadd_attributeatomic-assignclassify-listdays-in-montheval-lives-okpush-at-leastskip-at-leaststore-repo-idsub_signaturetrim-trailingtype_captureswrite-uint128double-quotesC?X::['\w:-]+escape-c-name(?<=<)[|!?.]+pod-paragraphpod-formatter-bottom-stack:lang\W+(\w+)[^\\\n\[*`:]+BoxResamplingnot reachablestrings.Join(^(ax|test)is$(octop|vir)i$(x|ch|ss|sh)$utf8_czech_ciutf8_roman_cisavepoint sp_amazonaws.comAWS ISOB (US)sc2s.sgov.govapi.detectivedkr-us-east-1dkr-us-east-2dkr-us-west-1dkr-us-west-2api.sagemakerappconfigdatabackupstoragedata.jobs.iotdirectconnectforecastqueryfrauddetectorgroundstationidentitystoreioteventsdataiotroborunnerapi-eu-west-1api-us-east-1api-us-west-2lakeformationlookoutvisionmodels-v2-lexrds.ca-west-1rds.us-east-1rds.us-east-2rds.us-west-1rds.us-west-2resiliencehubrolesanywheres3-external-1servicequotasssm-incidentsaws-cn-globalus-gov-east-1us-gov-west-1us-iso-east-1us-iso-west-1IsPlaceholderReservedNamesassertIntegerreadFieldHashskipFourBytestrySkipStringdecode base64invalid inputstruct Decodeunknown field_grpc_config.LOGGER_CLIENTLOGGER_SERVERvoor ChristusGreenwich-tydMaleisi
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: stopm spinning nmidlelocked= needspinning=randinit twicestore64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine RegSetValueExWOther_ID_StartPattern_SyntaxQuotation_Markinternal error.in-addr.arpa.unknown mode: unreachable: /log/filter.go/log/helper.godata truncated
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: stop log entryconfig_helpers:\w+(\[.+?\])?(line %d:%d): protobuf error[]ClusterRole{ResourceNames:[]RoleBinding{Required valueInternal error%v NOT IN (%v)gorm:row_queryAUTO_INCREMENTVARCHAR(65532)DEFAULT VALUES(%v.%v %s (?))RequestTimeoutRequestExpired_light_yellow_not a data URIinvalid kind: no digits readGetSystemTimesEnumPageFilesWhttp.client_ipnot a PNG file192.168.0.0/16192.88.99.0/24169.254.0.0/162001:0000::/322001:0000::/232001:0200::/48203.0.113.0/24unknown ID: %vhealth_servicegrpc-trace-binshow_sensitivewebappmanifestHannResamplingresampleFilterchar-not-equalchar-not-lesspcopy-readtablecopy-structuredelete-packageget-propertiesgraphic-char-pinput-stream-pinteger-lengthinvoke-restartlong-site-namemacro-functionmake-conditionmake-load-formmuffle-warningno-next-methodnstring-upcasensubstitute-ifpprint-newlinepprint-tabularrandom-state-preadtable-caserename-packagerow-major-arefset-differencesymbol-packagewrite-sequenceunwind-protectdo-all-symbolswith-accessorswith-open-filedynamic-extentsimple-warningbuilt-in-classstandard-classsynonym-streamtwo-way-streamcl-return-frompcase-defmacrowhile-no-inputwith-temp-filecondition-casesave-excursionbacktrace-evalbyte-to-stringcategory-tablechar-to-stringcolor-distancecompute-motioncurrent-buffercurrent-columndbus--init-busdefault-boundpdelete-overlaydelete-processdump-glyph-rowfetch-bytecodefile-regular-pfile-symlink-pfollowing-charfont-drive-otffont-xlfd-nameframe-terminalfunction-equalgfile-rm-watchgpm-mouse-stopgroup-real-gidimage-metadatamake-byte-codemake-temp-namemap-char-tablematching-parenmessage-or-boxmouse-positionmove-to-columnoverlay-bufferposition-bytespreceding-charprevious-frameprocess-bufferprocess-filterprocess-statusrecent-doskeysrecursive-editredraw-displaysearch-forwardselected-frameset-case-tableset-file-modesset-file-timesset-frame-sizeset-input-modeset-match-datasignal-processstring-to-charsyntax-table-ptry-completionunibyte-stringuse-global-mapuser-full-namew32-frame-rectwindow-fringeswindow-hscrollwindow-marginswindow-valid-pwindow-vscrollx-create-framex-display-listx-family-fontsx-get-resourcex-popup-dialog`[a-zA-Z_]\w*`embedded/*.xmlcomments_pop_1comments_pop_2comments_pop_3\{[\w+.\$-]+\}expr-statement(?:abstract)\b[0-9]+\.[0-9]+0x[0-9a-fA-F]+function-paramfunction-local(?:function)\barray-decl-septype-full-nametype-param-sepIO::Path::UnixIO::Spec::Unixprecompilationadd_enum_valuebase-repeatingchild-typenamecompose_valuesGENERATE-USAGEgenerate_mixinnew-from-pairsprecomp-targetqualifier-typesource-packageverbose-config(>>)(\S+?)(<<)(
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: text/javascripttext/typescriptpageSort.ByDate.File.Extension.Page.File.LangDependencyScopeaggregationRulenonResourceURLsAggregationRuleDuplicate value^[-A-Za-z0-9]+$(?i)^count(.+)$bigint unsignedRETURNING %v.%vEMBEDDED_PREFIX(%v.%v IS NULL)DROP TABLE %v%sResponseTimeoutMissingEndpoint\[[a-z0-9_-]+\]_light_magenta_avx512vpopcntdqinvalid inf.DecPluginPrivilegenet.sock.familybad IHDR lengthbad PLTE lengthbad tRNS lengthbad filter typebad IEND lengthIPv6 wrong size198.51.100.0/24plugin.ConnInfoAuthInfo is nilSERVICE_UNKNOWNunexpected flagunhandled state15:04:05.000000/debug/requestsgoogleanalyticsdisqusshortnamegoldmark.parsermenuSort.ByNameAMP single pageWelchResamplingNearestNeighborarray-dimensioncell-error-namedescribe-objectfile-namestringfile-write-datefloat-precisionhash-table-sizehash-table-testhost-namestringinvoke-debuggermachine-versionmake-hash-tablemerge-pathnamesnset-differenceoutput-stream-ppathname-deviceposition-if-notpprint-dispatchprin1-to-stringprinc-to-stringshort-site-namesimple-string-psimple-vector-pslot-makunboundstandard-char-pstring-downcasestring-greaterpsymbol-functionwild-pathname-pwrite-to-stringload-time-valuesymbol-macroletstandard-methodstandard-objectstructure-classdef-edebug-specdefine-skeletonsave-match-datawith-case-tablewith-file-modeswith-local-quitall-completionsbacktrace-debugbacktrace-framebool-vector-notcapitalize-wordcoding-system-pcompare-stringscompleting-readcopy-hash-tablecurrent-messagedefine-categorydelete-terminaldescribe-vectordirectory-filesdowncase-regionfield-beginningfile-attributesfile-readable-pfile-writable-pfont-get-glyphsforward-commentframe-parameterframe-text-colsframe-visible-pgarbage-collectget-file-buffergetenv-internalgfile-add-watchgpm-mouse-startinput-pending-pinvocation-namekey-descriptionmake-char-tablemarker-positionmatch-beginningopen-termscriptprevious-windowprocess-commandprocess-contactrecursion-depthsearch-backwardselected-windowset-cursor-sizeset-frame-widthstart-kbd-macroterminal-live-ptest-completiontool-bar-heighttrace-redisplaytrace-to-stderrupcase-initialsuser-login-namevertical-motionw32-has-winsockwindow-top-linewindow-use-timex-get-atom-namex-server-vendorxw-color-valuestext/x-markdown\[\<matcher\>\]\d+[Ee][-+]\d+iabstract-opaquetype-struct-septype-param-typeident-or-string^(\s*>\s)(.+\n)IO::Path::PartsIO::Path::Win32IO::Spec::Win32ARGS-TO-CAPTUREcalling-packagecategorize-listenum_from_valueenum_value_listexport_callbackmixin_attributeoffset-in-hourspush-until-lazyset-instruments(?<!(?<!\\)\\)"\^\^|\^|\$\$|\$(?<!(?<!\\)\\)<(?<!(?<!\\)\\)>pod-declaration(?<!(?<!\\)\\)'(?<!(?<!\\)\\){@(debug|html)\b:(catch|then)\bembedded/al.xmlembedded/c#.xmlembedded/hy.xmlembedded/io.xml^-?\d+\.?\d*$%$CubicResamplingRIFF????WEBPVP8NO_SIDE_EFFECTSLEGACY_REQUIREDLENGTH_PREFIXED%d elided lines(alias|status)$(x|ch|ss|sh)es$(vert|ind)ices$big5_chinese_cilatin2_czech_csdec8_swedish_ciswe7_swedish_cieuckr_korean_ciutf8_general_cicp1250_czech_csutf8_tolower_ciutf8_unicode_ciutf8_latvian_ci
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: text/javascripttext/typescriptpageSort.ByDate.File.Extension.Page.File.LangDependencyScopeaggregationRulenonResourceURLsAggregationRuleDuplicate value^[-A-Za-z0-9]+$(?i)^count(.+)$bigint unsignedRETURNING %v.%vEMBEDDED_PREFIX(%v.%v IS NULL)DROP TABLE %v%sResponseTimeoutMissingEndpoint\[[a-z0-9_-]+\]_light_magenta_avx512vpopcntdqinvalid inf.DecPluginPrivilegenet.sock.familybad IHDR lengthbad PLTE lengthbad tRNS lengthbad filter typebad IEND lengthIPv6 wrong size198.51.100.0/24plugin.ConnInfoAuthInfo is nilSERVICE_UNKNOWNunexpected flagunhandled state15:04:05.000000/debug/requestsgoogleanalyticsdisqusshortnamegoldmark.parsermenuSort.ByNameAMP single pageWelchResamplingNearestNeighborarray-dimensioncell-error-namedescribe-objectfile-namestringfile-write-datefloat-precisionhash-table-sizehash-table-testhost-namestringinvoke-debuggermachine-versionmake-hash-tablemerge-pathnamesnset-differenceoutput-stream-ppathname-deviceposition-if-notpprint-dispatchprin1-to-stringprinc-to-stringshort-site-namesimple-string-psimple-vector-pslot-makunboundstandard-char-pstring-downcasestring-greaterpsymbol-functionwild-pathname-pwrite-to-stringload-time-valuesymbol-macroletstandard-methodstandard-objectstructure-classdef-edebug-specdefine-skeletonsave-match-datawith-case-tablewith-file-modeswith-local-quitall-completionsbacktrace-debugbacktrace-framebool-vector-notcapitalize-wordcoding-system-pcompare-stringscompleting-readcopy-hash-tablecurrent-messagedefine-categorydelete-terminaldescribe-vectordirectory-filesdowncase-regionfield-beginningfile-attributesfile-readable-pfile-writable-pfont-get-glyphsforward-commentframe-parameterframe-text-colsframe-visible-pgarbage-collectget-file-buffergetenv-internalgfile-add-watchgpm-mouse-startinput-pending-pinvocation-namekey-descriptionmake-char-tablemarker-positionmatch-beginningopen-termscriptprevious-windowprocess-commandprocess-contactrecursion-depthsearch-backwardselected-windowset-cursor-sizeset-frame-widthstart-kbd-macroterminal-live-ptest-completiontool-bar-heighttrace-redisplaytrace-to-stderrupcase-initialsuser-login-namevertical-motionw32-has-winsockwindow-top-linewindow-use-timex-get-atom-namex-server-vendorxw-color-valuestext/x-markdown\[\<matcher\>\]\d+[Ee][-+]\d+iabstract-opaquetype-struct-septype-param-typeident-or-string^(\s*>\s)(.+\n)IO::Path::PartsIO::Path::Win32IO::Spec::Win32ARGS-TO-CAPTUREcalling-packagecategorize-listenum_from_valueenum_value_listexport_callbackmixin_attributeoffset-in-hourspush-until-lazyset-instruments(?<!(?<!\\)\\)"\^\^|\^|\$\$|\$(?<!(?<!\\)\\)<(?<!(?<!\\)\\)>pod-declaration(?<!(?<!\\)\\)'(?<!(?<!\\)\\){@(debug|html)\b:(catch|then)\bembedded/al.xmlembedded/c#.xmlembedded/hy.xmlembedded/io.xml^-?\d+\.?\d*$%$CubicResamplingRIFF????WEBPVP8NO_SIDE_EFFECTSLEGACY_REQUIREDLENGTH_PREFIXED%d elided lines(alias|status)$(x|ch|ss|sh)es$(vert|ind)ices$big5_chinese_cilatin2_czech_csdec8_swedish_ciswe7_swedish_cieuckr_korean_ciutf8_general_cicp1250_czech_csutf8_tolower_ciutf8_unicode_ciutf8_latvian_ci
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: OpenFunc not setapplication/tomlpageSort.ByTitlepageSort.ReverseTaxonomyList(%d)template: (.*?):[]LabelSelector{AggregationRule:NonResourceURLs:Read after Closerecord not foundgorm:after_queryrow_query_resulttinyint unsignedtimestamp%v NULLcloudsqlpostgresconnection resetavx512vpclmulqdqinvalid name: %qmust be positiveunknown field %vinvalid code: %dInvalid level %dinvalid checksumdefaultInterfaceunsupported typegrpc_stdio.protoplugin.StdioDatainvalid msg typesession shutdown is not exportedServerName: %q, Attributes: %v, <stream: %p, %v>^{h(?::(\d+))?}$^{m(?::(\d+))?}$out of range: %qDART_SASS_BINARYmenuSort.ReverseCosineResamplingarray-dimensionsarray-total-sizecall-next-methodcompute-restartsfind-all-symbolsget-decoded-timehash-table-countlogical-pathnamemachine-instancemake-echo-streamnstring-downcasepackage-use-listparse-namestringpathname-match-ppathname-versionread-from-stringset-exclusive-orshadowing-importsoftware-versionstring-left-trimstring-not-equalstring-not-lessptype-error-datumdefine-conditionwith-open-streamarithmetic-errordivision-by-zerosimple-conditionunbound-variablebroadcast-streamgeneric-functionstructure-objectdeclare-functiondelay-mode-hookseval-and-compilepcase-exhaustivewith-temp-buffersave-restrictionadd-name-to-fileapropos-internalautoload-do-loadbuffer-file-namebuffer-substringbuffer-swap-textbyte-to-positioncategory-table-pchar-or-string-pchar-table-rangeclear-face-cacheclear-font-cachecontinue-processdecode-big5-chardecode-sjis-charencode-big5-charencode-sjis-charexpand-file-namefile-directory-pfile-system-infofont-family-listfontset-list-allformat-mode-lineframe-char-widthframe-face-alistframe-font-cacheframe-parametersframe-text-linesframe-text-widthframe-total-colsget-pos-propertyget-screen-colorinotify-rm-watchinteractive-formlocal-variable-plookup-image-mapmake-bool-vectorminibuffer-depthmsdos-mouse-initnarrow-to-regionnumber-to-stringoverlay-recenterpoint-max-markerpoint-min-markerposix-looking-atprocess-send-eofprocess-sentinelprocess-tty-nameprofiler-cpu-logregion-beginningrun-hook-wrappedset-fontset-fontset-frame-heightset-message-beepset-screen-colorset-syntax-tableset-window-pointset-window-startstring-to-numberstring-to-syntaxtty-no-underlinewindow-new-pixelwindow-new-totalwindow-old-pointwindow-parameterwindow-pixel-topwindow-top-childx-display-planesx-frame-geometryx-parse-geometryx-server-versionzlib-available-pwith-no-warningstext/html+genshiGo HTML TemplateGo Text Templatego-text-template\[[a-zA-Z_]\w*\]reStructuredTextrestructuredtextnested_directivedeep_not_matcher[a-z-]+/[a-z-+]+\[(?=[^#{}$]+\])(0|[1-9][0-9_]*)parenthesis-openprop-get-set-opttype-parenthesisBacktrace::FrameIO::NotificationIO::Path::CygwinIO::Socket::INETIO::Spec::CygwinMetamodel::C3MROPod::Block::CodePod::Block::Paraatomic-dec-fetchatomic-fetch-addatomic-fetch-decatomic-fetch-incatomic-fetch-subatomic-inc-fetchroles_to_composeset_composalizeruncaught_handlerweekday-of-month)\k<delimiter>*)0b[01]+(_[01]+)*(?<!(?<!\\)\\)\[(?<!(?<!
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: OpenFunc not setapplication/tomlpageSort.ByTitlepageSort.ReverseTaxonomyList(%d)template: (.*?):[]LabelSelector{AggregationRule:NonResourceURLs:Read after Closerecord not foundgorm:after_queryrow_query_resulttinyint unsignedtimestamp%v NULLcloudsqlpostgresconnection resetavx512vpclmulqdqinvalid name: %qmust be positiveunknown field %vinvalid code: %dInvalid level %dinvalid checksumdefaultInterfaceunsupported typegrpc_stdio.protoplugin.StdioDatainvalid msg typesession shutdown is not exportedServerName: %q, Attributes: %v, <stream: %p, %v>^{h(?::(\d+))?}$^{m(?::(\d+))?}$out of range: %qDART_SASS_BINARYmenuSort.ReverseCosineResamplingarray-dimensionsarray-total-sizecall-next-methodcompute-restartsfind-all-symbolsget-decoded-timehash-table-countlogical-pathnamemachine-instancemake-echo-streamnstring-downcasepackage-use-listparse-namestringpathname-match-ppathname-versionread-from-stringset-exclusive-orshadowing-importsoftware-versionstring-left-trimstring-not-equalstring-not-lessptype-error-datumdefine-conditionwith-open-streamarithmetic-errordivision-by-zerosimple-conditionunbound-variablebroadcast-streamgeneric-functionstructure-objectdeclare-functiondelay-mode-hookseval-and-compilepcase-exhaustivewith-temp-buffersave-restrictionadd-name-to-fileapropos-internalautoload-do-loadbuffer-file-namebuffer-substringbuffer-swap-textbyte-to-positioncategory-table-pchar-or-string-pchar-table-rangeclear-face-cacheclear-font-cachecontinue-processdecode-big5-chardecode-sjis-charencode-big5-charencode-sjis-charexpand-file-namefile-directory-pfile-system-infofont-family-listfontset-list-allformat-mode-lineframe-char-widthframe-face-alistframe-font-cacheframe-parametersframe-text-linesframe-text-widthframe-total-colsget-pos-propertyget-screen-colorinotify-rm-watchinteractive-formlocal-variable-plookup-image-mapmake-bool-vectorminibuffer-depthmsdos-mouse-initnarrow-to-regionnumber-to-stringoverlay-recenterpoint-max-markerpoint-min-markerposix-looking-atprocess-send-eofprocess-sentinelprocess-tty-nameprofiler-cpu-logregion-beginningrun-hook-wrappedset-fontset-fontset-frame-heightset-message-beepset-screen-colorset-syntax-tableset-window-pointset-window-startstring-to-numberstring-to-syntaxtty-no-underlinewindow-new-pixelwindow-new-totalwindow-old-pointwindow-parameterwindow-pixel-topwindow-top-childx-display-planesx-frame-geometryx-parse-geometryx-server-versionzlib-available-pwith-no-warningstext/html+genshiGo HTML TemplateGo Text Templatego-text-template\[[a-zA-Z_]\w*\]reStructuredTextrestructuredtextnested_directivedeep_not_matcher[a-z-]+/[a-z-+]+\[(?=[^#{}$]+\])(0|[1-9][0-9_]*)parenthesis-openprop-get-set-opttype-parenthesisBacktrace::FrameIO::NotificationIO::Path::CygwinIO::Socket::INETIO::Spec::CygwinMetamodel::C3MROPod::Block::CodePod::Block::Paraatomic-dec-fetchatomic-fetch-addatomic-fetch-decatomic-fetch-incatomic-fetch-subatomic-inc-fetchroles_to_composeset_composalizeruncaught_handlerweekday-of-month)\k<delimiter>*)0b[01]+(_[01]+)*(?<!(?<!\\)\\)\[(?<!(?<!
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: truncated profilemalformed profileerror logging: %s:cacheDir/modules:resourceDir/_genno output formatspageSort.ByWeightpageSort.ByLengthpageSort.ByParam.&AggregationRule{&ClusterRoleList{&RoleBindingList{FieldValueTooLongFieldValueTooManyUnsupported value^[-._a-zA-Z0-9]+$must be non-emptya qualified name jinzhu/gorm/.*.gogorm:after_creategorm:after_deletegorm:query_optiongorm:auto_preloadSAVE_ASSOCIATIONSgorm:after_updategorm:update_attrsSELECT DATABASE()POLYMORPHIC_VALUE ) AS count_tableinvalid range: %v%s: %v is not set%%!%c(dec.Dec=%s)net.protocol.nameno data to encodeUnknown data modegrpc_broker.protostreams exhaustedkeepalive timeoutTRANSIENT_FAILUREgrpc-message-typemenuSort.ByWeightMitchellNetravaliBSplineResamplingHammingResamplingallocate-instancearray-in-bounds-pchar-not-greaterpdelete-duplicatesenough-namestringfunction-keywordslist-all-packagesmake-random-statemethod-qualifiersnset-exclusive-orpackage-nicknamesread-char-no-hangremove-duplicatesshared-initializestring-capitalizestring-right-trimsubstitute-if-not&allow-other-keyscompiled-functionsimple-bit-vectorserious-conditionsimple-type-errorstorage-conditioncl-do-all-symbolsdefine-minor-modeeval-when-compilewith-syntax-tablewith-temp-messagewith-wrapper-hookbacktrace--localsbeginning-of-linebool-vector-unionbuffer-modified-pcapitalize-regioncar-less-than-carchar-category-setchar-table-parentclear-image-cachecoding-system-putcolor-supported-pcommand-remappingcontrolling-tty-pcopy-syntax-tablecurrent-idle-timecurrent-local-mapcurrent-time-zonedebug-timer-checkdump-glyph-matrixdump-tool-bar-rowexecute-kbd-macrofile-executable-pframe-char-heightframe-pixel-widthframe-root-windowframe-text-heightframe-total-linesget-buffer-createget-buffer-windowget-char-propertyget-load-suffixesget-text-propertyimagemagick-typesindirect-functionindirect-variableinotify-add-watchinterrupt-processline-end-positionline-pixel-heightlocal-key-bindingmake-category-setmap-charset-charsmemory-use-countsminibuffer-promptminibuffer-windowopen-dribble-fileprofiler-cpu-stopput-text-propertyre-search-forwardread-key-sequenceset-charset-plistset-keymap-parentset-process-plistset-window-bufferstring-as-unibytestring-to-unibytesuspicious-objecttext-property-anythis-command-keystranspose-regionsw32-shell-executewhere-is-internalwindow-body-widthwindow-left-childwindow-new-normalwindow-parameterswindow-pixel-leftwindow-text-widthx-display-screensx-load-color-filex-open-connectionx-window-propertyembedded/html.xmlapplication/x-kidapplication/x-phptext/x-typoscriptsite_block_commondeep_subdirectiveabstract-relationparenthesis-closeIO::Socket::AsyncMetamodel::MixinsMetamodel::NamingPod::Block::NamedPod::Block::TableTelemetry::Periodalternative-namesconfigure_destroyexplicitly-manageis-initial-threadnative-descriptornew-from-daycountoffset-in-minutessetup_mixin_cache(?<=\[\\?)<(?=\])pre-pod-formatter\n *\n|\n(?=^ *=)TypoScriptCSSDataembedded/abap.xmlembedded/abnf.xmlembedded/agda.xmlembedded/bash.xmlembedded/dart.xmlembedded
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: truncated profilemalformed profileerror logging: %s:cacheDir/modules:resourceDir/_genno output formatspageSort.ByWeightpageSort.ByLengthpageSort.ByParam.&AggregationRule{&ClusterRoleList{&RoleBindingList{FieldValueTooLongFieldValueTooManyUnsupported value^[-._a-zA-Z0-9]+$must be non-emptya qualified name jinzhu/gorm/.*.gogorm:after_creategorm:after_deletegorm:query_optiongorm:auto_preloadSAVE_ASSOCIATIONSgorm:after_updategorm:update_attrsSELECT DATABASE()POLYMORPHIC_VALUE ) AS count_tableinvalid range: %v%s: %v is not set%%!%c(dec.Dec=%s)net.protocol.nameno data to encodeUnknown data modegrpc_broker.protostreams exhaustedkeepalive timeoutTRANSIENT_FAILUREgrpc-message-typemenuSort.ByWeightMitchellNetravaliBSplineResamplingHammingResamplingallocate-instancearray-in-bounds-pchar-not-greaterpdelete-duplicatesenough-namestringfunction-keywordslist-all-packagesmake-random-statemethod-qualifiersnset-exclusive-orpackage-nicknamesread-char-no-hangremove-duplicatesshared-initializestring-capitalizestring-right-trimsubstitute-if-not&allow-other-keyscompiled-functionsimple-bit-vectorserious-conditionsimple-type-errorstorage-conditioncl-do-all-symbolsdefine-minor-modeeval-when-compilewith-syntax-tablewith-temp-messagewith-wrapper-hookbacktrace--localsbeginning-of-linebool-vector-unionbuffer-modified-pcapitalize-regioncar-less-than-carchar-category-setchar-table-parentclear-image-cachecoding-system-putcolor-supported-pcommand-remappingcontrolling-tty-pcopy-syntax-tablecurrent-idle-timecurrent-local-mapcurrent-time-zonedebug-timer-checkdump-glyph-matrixdump-tool-bar-rowexecute-kbd-macrofile-executable-pframe-char-heightframe-pixel-widthframe-root-windowframe-text-heightframe-total-linesget-buffer-createget-buffer-windowget-char-propertyget-load-suffixesget-text-propertyimagemagick-typesindirect-functionindirect-variableinotify-add-watchinterrupt-processline-end-positionline-pixel-heightlocal-key-bindingmake-category-setmap-charset-charsmemory-use-countsminibuffer-promptminibuffer-windowopen-dribble-fileprofiler-cpu-stopput-text-propertyre-search-forwardread-key-sequenceset-charset-plistset-keymap-parentset-process-plistset-window-bufferstring-as-unibytestring-to-unibytesuspicious-objecttext-property-anythis-command-keystranspose-regionsw32-shell-executewhere-is-internalwindow-body-widthwindow-left-childwindow-new-normalwindow-parameterswindow-pixel-leftwindow-text-widthx-display-screensx-load-color-filex-open-connectionx-window-propertyembedded/html.xmlapplication/x-kidapplication/x-phptext/x-typoscriptsite_block_commondeep_subdirectiveabstract-relationparenthesis-closeIO::Socket::AsyncMetamodel::MixinsMetamodel::NamingPod::Block::NamedPod::Block::TableTelemetry::Periodalternative-namesconfigure_destroyexplicitly-manageis-initial-threadnative-descriptornew-from-daycountoffset-in-minutessetup_mixin_cache(?<=\[\\?)<(?=\])pre-pod-formatter\n *\n|\n(?=^ *=)TypoScriptCSSDataembedded/abap.xmlembedded/abnf.xmlembedded/agda.xmlembedded/bash.xmlembedded/dart.xmlembedded
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: :cacheDir/:projectsecurity.http.urlspageSort.ByLastmodClusterRoleBindingFieldValueRequiredFieldValueNotFoundsupported values: invalid value typegorm:before_creategorm:insert_optiongorm:before_deletegorm:before_updategorm:update_optionint AUTO_INCREMENT(%v.%v NOT IN (?))gorm:table_options, PRIMARY KEY (%v)%s %v ON %v(%v) %v":file::line::col"dart-sass-embeddedGetConsoleOutputCPduplicate name: %qduplicate field %vGetPerformanceInfonet.sock.peer.addrnet.sock.peer.portnet.sock.host.addrnet.sock.host.portmode not supportedchunk out of ordercompression methoddimension overflow255.255.255.255/32bad resolver statethe stream is doneinvalid config: %v%d, %f, %d, %d, %vindex is finalizedindex %q not foundindex %q not validGaussianResamplingBlackmanResamplingBartlettResamplingadjustable-array-parray-displacementarray-element-typefile-string-lengthget-setf-expansionget-universal-timenstring-capitalizensubstitute-if-notpathname-directoryspecial-operator-ptranslate-pathnamevector-push-extenddestructuring-bindsimple-base-stringprint-not-readableundefined-functionmethod-combinationcl-load-time-valuecl-symbol-macroletaccessible-keymapsbuffer-base-bufferbuffer-enable-undobuffer-local-valuecall-interactivelycategory-docstringchar-table-subtypeclear-charset-mapscoding-system-baseconstrain-to-fieldcurrent-case-tablecurrent-global-mapcurrent-input-modedaemon-initializeddefault-file-modesevent-convert-listfont-shape-gstringformat-time-stringframe-border-widthframe-first-windowframe-fringe-widthframe-pixel-heightget-buffer-processglobal-key-bindinggnutls-available-pgnutls-peer-statusinit-image-libraryinsert-and-inheritinternal-char-fontmake-frame-visiblemake-sparse-keymapmake-symbolic-linkmsdos-mouse-enablemsdos-set-keyboardmultibyte-string-pnumber-or-marker-poverlay-propertiesparse-partial-sexpposix-string-matchprocess-attributesprocess-connectionprofiler-cpu-startre-search-backwardread-coding-systemrecent-auto-save-prun-hook-with-argsset-category-tableset-frame-positionset-mouse-positionset-process-bufferset-process-filterset-time-zone-ruleset-window-fringesset-window-hscrollset-window-marginsset-window-vscrollskip-chars-forwardspecial-variable-pterminal-parametertext-properties-atvisible-frame-listw32-battery-statusw32-long-file-namew32-unload-winsockw32notify-rm-watchwindow-body-heightwindow-dedicated-pwindow-left-columnwindow-line-heightwindow-normal-sizewindow-pixel-edgeswindow-pixel-widthwindow-scroll-barswindow-text-heightwindow-total-widthx-close-connectionx-display-mm-widthx-wm-set-size-hintxw-color-defined-pxw-display-color-pwith-electric-helpapplication/x-raku<\s*[a-zA-Z0-9:.]+(import|package)\b0[xX][0-9a-fA-F_]+"(\\\\|\\"|[^"])*"preproc-expr-chainoptional-semicolonfunction-param-sep(?:case|default)\barray-access-closeDistribution::HashDistribution::PathMetamodel::EnumHOWTelemetry::SamplerMONKEY-SEE-NO-EVALadd_private_methoddelete-by-compilersetup_finalization::\?\w+(?::[_UD])?opening_delimiters(:)(!?)(\w[\w'-]*)escape-hexadecimalregex-escape-classclosing_deli
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: :cacheDir/:projectsecurity.http.urlspageSort.ByLastmodClusterRoleBindingFieldValueRequiredFieldValueNotFoundsupported values: invalid value typegorm:before_creategorm:insert_optiongorm:before_deletegorm:before_updategorm:update_optionint AUTO_INCREMENT(%v.%v NOT IN (?))gorm:table_options, PRIMARY KEY (%v)%s %v ON %v(%v) %v":file::line::col"dart-sass-embeddedGetConsoleOutputCPduplicate name: %qduplicate field %vGetPerformanceInfonet.sock.peer.addrnet.sock.peer.portnet.sock.host.addrnet.sock.host.portmode not supportedchunk out of ordercompression methoddimension overflow255.255.255.255/32bad resolver statethe stream is doneinvalid config: %v%d, %f, %d, %d, %vindex is finalizedindex %q not foundindex %q not validGaussianResamplingBlackmanResamplingBartlettResamplingadjustable-array-parray-displacementarray-element-typefile-string-lengthget-setf-expansionget-universal-timenstring-capitalizensubstitute-if-notpathname-directoryspecial-operator-ptranslate-pathnamevector-push-extenddestructuring-bindsimple-base-stringprint-not-readableundefined-functionmethod-combinationcl-load-time-valuecl-symbol-macroletaccessible-keymapsbuffer-base-bufferbuffer-enable-undobuffer-local-valuecall-interactivelycategory-docstringchar-table-subtypeclear-charset-mapscoding-system-baseconstrain-to-fieldcurrent-case-tablecurrent-global-mapcurrent-input-modedaemon-initializeddefault-file-modesevent-convert-listfont-shape-gstringformat-time-stringframe-border-widthframe-first-windowframe-fringe-widthframe-pixel-heightget-buffer-processglobal-key-bindinggnutls-available-pgnutls-peer-statusinit-image-libraryinsert-and-inheritinternal-char-fontmake-frame-visiblemake-sparse-keymapmake-symbolic-linkmsdos-mouse-enablemsdos-set-keyboardmultibyte-string-pnumber-or-marker-poverlay-propertiesparse-partial-sexpposix-string-matchprocess-attributesprocess-connectionprofiler-cpu-startre-search-backwardread-coding-systemrecent-auto-save-prun-hook-with-argsset-category-tableset-frame-positionset-mouse-positionset-process-bufferset-process-filterset-time-zone-ruleset-window-fringesset-window-hscrollset-window-marginsset-window-vscrollskip-chars-forwardspecial-variable-pterminal-parametertext-properties-atvisible-frame-listw32-battery-statusw32-long-file-namew32-unload-winsockw32notify-rm-watchwindow-body-heightwindow-dedicated-pwindow-left-columnwindow-line-heightwindow-normal-sizewindow-pixel-edgeswindow-pixel-widthwindow-scroll-barswindow-text-heightwindow-total-widthx-close-connectionx-display-mm-widthx-wm-set-size-hintxw-color-defined-pxw-display-color-pwith-electric-helpapplication/x-raku<\s*[a-zA-Z0-9:.]+(import|package)\b0[xX][0-9a-fA-F_]+"(\\\\|\\"|[^"])*"preproc-expr-chainoptional-semicolonfunction-param-sep(?:case|default)\barray-access-closeDistribution::HashDistribution::PathMetamodel::EnumHOWTelemetry::SamplerMONKEY-SEE-NO-EVALadd_private_methoddelete-by-compilersetup_finalization::\?\w+(?::[_UD])?opening_delimiters(:)(!?)(\w[\w'-]*)escape-hexadecimalregex-escape-classclosing_deli
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: golang.org/x/cryptosecurity.exec.allowapplication/rss+xmlpageSort.ByLanguageWeightedPage(%d,%q)descriptor mismatchFieldValueForbiddenFieldValueDuplicateDROP INDEX %v ON %vINNER JOIN %v ON %v(%v.%v IS NOT NULL)CREATE UNIQUE INDEXRUNEWIDTH_EASTASIANmodulus must be odd<unknown slog.Kind>invalid nil pointerfield %v is invalidunexpected token %sinvalid %v value %vinvalid decimal: %sNtReadVirtualMemoryPdhCollectQueryDataGetExtendedTcpTableGetExtendedUdpTableuser_agent.originalWriteConsoleOutputWtoo much pixel data^\s*(%s)\s*(%s)\s*$0:0:0:0:0:ffff::/96PrivacyAndIntegrityrpc.Register: type goldmark.extensionskeepspecialcommentscompiled-function-pfile-error-pathnameget-macro-characterinitialize-instancemake-synonym-streammake-two-way-streamread-delimited-listset-macro-characterset-pprint-dispatchsimple-bit-vector-pstream-element-typestream-error-streamstring-not-greaterpmultiple-value-calldefine-modify-macrodefine-symbol-macrodo-external-symbolsmultiple-value-bindmultiple-value-listmultiple-value-setqwith-simple-restartconcatenated-streamatomic-change-groupdefine-alternativesdefine-derived-modedefine-generic-modewith-category-tablewith-current-bufferwith-demoted-errorswith-selected-framesave-current-bufferSnarf-documentationadd-text-propertiesbool-vector-subsetpcall-last-kbd-macrocall-process-regioncharset-id-internalcheck-coding-systemcoding-system-plistcopy-category-tablecurrent-active-mapscurrent-indentationcurrent-time-stringdelete-all-overlaysdirectory-file-nameexit-recursive-editfile-name-directoryfind-charset-regionfind-charset-stringfont-otf-alternatesforce-window-updateget-unused-categorygnutls-error-fatalpgnutls-error-stringhandle-save-sessionhandle-switch-framehash-table-weaknessinteger-or-marker-pkill-local-variablemake-category-tablemake-local-variablemake-serial-processmake-terminal-framemap-keymap-internalminibuffer-contentsmodify-syntax-entrymove-point-visuallymove-to-window-linemsdos-mouse-disablenewline-cache-checknext-overlay-changeoptimize-char-tableplay-sound-internalprocess-exit-statusprocess-send-regionprocess-send-stringprofiler-memory-logread-char-exclusivescroll-other-windowself-insert-commandset-input-meta-modeset-text-propertiesshow-face-resourcesskip-chars-backwardskip-syntax-forwardstandard-case-tablestring-as-multibytestring-make-unibytestring-to-multibyteterminal-parameterstty-display-color-pw32-get-locale-infow32-short-file-namew32-toggle-lock-keyw32-window-exists-pw32notify-add-watchwindow-inside-edgeswindow-minibuffer-pwindow-next-bufferswindow-next-siblingwindow-pixel-heightwindow-prev-bufferswindow-prev-siblingwindow-resize-applywindow-total-heightx-display-mm-heightx-register-dnd-atomx-selection-owner-papplication/x-perl6(?:def|for|if)\s+.*<\s*py:[a-zA-Z0-9]+preproc-parenthesis(?:untyped|throw)\bMetamodel::ClassHOWMetamodel::StashingMetamodel::TrustingPod::Block::CommentRoutine::WrapHandleThreadPoolSchedulerfirst-date-in-monthset_export_callbackset_mixin_attribute(
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: [0m%s %-44s GlobalMemoryStatusExLookupPrivilegeNameWnet.protocol.versionrpc.grpc.status_codeSetConsoleWindowInfoBad chunk length: %d2002:c058:6301::/120recv window exceededi/o deadline reachedtransport is closinggRPC requires HTTP/2grpc-accept-encodingGracefulClose calledCatmullRomResampling\"(enable\w+)\":nullcopy-pprint-dispatchdirectory-namestringinteger-decode-floatinteractive-stream-pinvalid-method-errorno-applicable-methodpackage-used-by-listset-syntax-from-charmultiple-value-prog1define-setf-expanderpprint-logical-blocksave-selected-windowwith-coding-prioritywith-eval-after-loadwith-selected-windowabort-recursive-editbase64-decode-regionbase64-decode-stringbase64-encode-regionbase64-encode-stringbidi-resolved-levelsbuffer-modified-tickbury-buffer-internalbyte-code-function-pdbus-get-unique-namedecode-coding-regiondecode-coding-stringdefault-printer-namedefine-charset-aliasdefine-fringe-bitmapdetect-coding-regiondetect-coding-stringencode-coding-regionencode-coding-stringerror-message-stringfile-name-absolute-pfile-name-completionfile-selinux-contextfont-face-attributesfont-get-system-fontgnutls-get-initstageinsert-file-contentsinternal-lisp-face-pinternal-show-cursorinvocation-directorylocate-file-internalmake-frame-invisiblemake-indirect-buffermake-network-processmenu-bar-menu-at-x-ymerge-face-attributemouse-pixel-positionnext-property-changeposix-search-forwardprefix-numeric-valueprofiler-memory-stopread-from-minibufferread-no-blanks-inputredirect-frame-focusregister-ccl-programset-buffer-multibyteset-char-table-rangeset-charset-priorityset-process-sentinelset-window-new-pixelset-window-new-totalset-window-parameterskip-syntax-backwardstring-collate-lesspsubst-char-in-regionterminal-local-valuetool-bar-pixel-widthuser-real-login-namevisited-file-modtimew32-define-rgb-colorw32-register-hot-keyw32-send-sys-commandwindow-display-tablex-display-save-underx-selection-exists-p(?m)^@\s+IN\s+SOA\s+Caddyfile Directivescaddyfile-directivesapplication/x-genshiapplication/x-svelte(choose|otherwise)\b\.\d+([Ee][-+]\d+)?i[|^<>=!()\[\]{}.,;:](?:extern|private)\b(?:continue|break)\bCompUnit::RepositorySupplier::Preservinginstall_method_cacheprivate_method_namesprivate_method_tablepublish_method_cache(\w[\w'-]*)(\s*)(=>)colon-pair-attributeembedded/arduino.xmlembedded/cheetah.xmlembedded/clojure.xmlembedded/crystal.xmlembedded/fortran.xmlembedded/gherkin.xmlembedded/gnuplot.xmlembedded/graphql.xmlembedded/haskell.xmlembedded/hexdump.xmlembedded/monkeyc.xmlembedded/natural.xmlembedded/systemd.xmlembedded/termcap.xmlembedded/v_shell.xmlembedded/verilog.xmlwebp: invalid formatinvalid map key typeFilterValues(%s, %v)(alias|status)(es)?$cp1257_lithuanian_ciutf8mb4_icelandic_ciutf8mb4_slovenian_ciutf8mb4_esperanto_ciutf8mb4_hungarian_ciunknown auth plugin:mysql_clear_passwordallowNativePasswordsinvalid bool value: Reader '%s' is <nil>illegal %s length %dcloudsqlconn/latencybatch already closedstatement_cache_modeselect lo_create($1)select lo_unlink($1)select l
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: \_ (?i)^(\s*)#\+RESULTS:02 Jan 06 15:04 -0700tag:yaml.org,2002:seqtag:yaml.org,2002:maptag:yaml.org,2002:strinvalid emitter stateexpected STREAM-STARTexpected DOCUMENT-ENDcannot marshal type: tag:yaml.org,2002:intwrite handler not setIPv4 address too longunexpected slice sizeFloat.SetFloat64(NaN)set bit is not 0 or 1flag %q begins with -%s flag redefined: %sAZURE_GO_SDK_LOG_FILEtag is not an integerunrecognized type: %v\[(?:[a-fA-F0-9:]+)\]invalid named captureunexpected stream endUNVERIFIED_TRANSITIONVERIFIED_INITIAL_HIGHGROUP_CHANGE_RESTRICTGROUP_CHANGE_ANNOUNCEGROUP_PARTICIPANT_ADDproto.LocationMessageproto.DocumentMessageproto.ProtocolMessageproto.FourRowTemplateproto.TemplateMessageproto.CatalogSnapshotproto.ProductSnapshotinvalid nesting depthlogical.PluginVersionSubConn shutting downfallback to scheme %q"FAILED_PRECONDITION"GetProcessHandleCount%d error(s) occurred:%s profile: total %d
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: handler cannot be nilsecurity.funcs.getenvinvalid slice type %Tpages.MergeByLanguagepageSort.ByExpiryDateinvalid nil TimestampClusterRoleSelectors:[]ClusterRoleBinding{FieldValueTypeInvalidjinzhu/gorm/.*test.goINSERT INTO %v %v%v%vgorm:update_interfaceBIGINT AUTO_INCREMENTbigint AUTO_INCREMENTfield value not validASSOCIATIONFOREIGNKEYExpiredTokenExceptioninvalid scalar lengthExtensionRangeOptionsmismatching field: %vmissing "@type" fieldgoogle.protobuf.Valuemissing "value" fieldRtlNtStatusToDosErrorPdhAddEnglishCounterWpng: invalid format: not enough pixel data0:0:0:0:0:ffff:0:0/96grpc_controller.proto(%d events discarded)GRPC_GO_LOG_FORMATTERdue to a non-default array-row-major-indexcompile-file-pathnamedecode-universal-timeencode-universal-timeget-internal-run-timemake-broadcast-streampackage-error-packagereinitialize-instancesynonym-stream-symbolunbound-slot-instanceuser-homedir-pathnamedefine-compiler-macrowith-compilation-unitwith-output-to-stringwith-package-iteratorcl-destructuring-bindsave-window-excursionaccept-process-outputbackward-prefix-charsbuffer-has-markers-atccl-execute-on-stringchar-table-extra-slotcharset-priority-listcoding-system-aliasesdbus-message-internaldeclare-equiv-charsetdefine-prefix-commanddestroy-fringe-bitmapfile-attributes-lesspfont-variation-glyphsframe-selected-windowfringe-bitmaps-at-posfuncall-interactivelyinsert-before-markersinsert-startup-screeninternal--track-mouselist-system-processesmarker-insertion-typeminibuffer-prompt-endmodify-category-entrymsdos-long-file-namesposix-search-backwardprocess-coding-systemprofiler-memory-startset-buffer-auto-savedset-buffer-major-modeset-buffer-modified-pset-char-table-parentset-minibuffer-windowset-window-new-normalsplit-window-internalstandard-syntax-tablestore-kbd-macro-eventstring-collate-equalpstring-make-multibytetext-char-descriptiontext-property-not-allw32-default-color-mapx-display-color-cellsx-display-grayscale-px-display-pixel-widthx-send-client-messagex-uses-old-gtk-dialog(import)(\s+)([^\s]+)(<\?python)(.*?)(\?>)\.\d+([eE][+\-]?\d+)?(?:class|interface)\bstring-interpol-closetype-param-constraint(?:true|false|null)\bhidden-from-backtraceDistribution::LocallyMetamodel::PrimitivesMetamodel::Versioningfind_method_qualified(?<!(?<!\\)\\)<\(|\)>regex-character-class(?<!(?<!\\)\\)(\\)(.)embedded/angular2.xmlembedded/gdscript.xmlembedded/iscdhcpd.xmlembedded/makefile.xmlembedded/minizinc.xmlembedded/modula-2.xmlembedded/newspeak.xmlembedded/openscad.xmlembedded/org_mode.xmlembedded/pl_pgsql.xmlembedded/python_2.xmlembedded/reasonml.xmlembedded/solidity.xmlembedded/tablegen.xmlembedded/terminfo.xml[\p{N}\p{L}]+[^\s-/]*(?:([^f])fe|([lr])f)$utf8mb4_lithuanian_ciutf8mb4_vietnamese_cicaching_sha2_passwordmysql_native_passwordunknown field type %dno rows in result setselect loread($1, $2)release savepoint sp_NoCredentialProvidersAsia Pacific (Mumbai)Asia Pacific (Sydney)Canada West (Calgary)Middle East (Bahrain)US East (N. Virginia)agreement-marketplaceapi.elastic-infere
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: [0m[%s]%s %-44s invalid interlace methodplugin.StdioData_Channelinvalid protocol versionconnection write timeoutrpc: can't find service code: %s, debug data: %q^[a-zA-Z_][a-zA-Z0-9_]*$tabwriter: panic during empty deployment matcherSection list for "posts"array-has-fill-pointer-pbroadcast-stream-streamsecho-stream-input-streamensure-directories-existget-output-stream-stringlisp-implementation-typemake-concatenated-streammake-string-input-streammethod-combination-errortype-error-expected-typewith-hash-table-iteratorfloating-point-underflowcl-define-compiler-macrodefine-global-minor-modewith-tramp-file-propertyactive-minibuffer-windowbarf-if-buffer-read-onlybool-vector-exclusive-orbool-vector-intersectiondescribe-buffer-bindingsgenerate-new-buffer-nameinternal-complete-bufferkill-all-local-variableslast-nonminibuffer-framelibxml-parse-html-regionprevious-property-changeprocess-datagram-addressread-key-sequence-vectorserial-process-configureset-file-selinux-contextset-input-interrupt-modeset-mouse-pixel-positionset-terminal-local-valueset-visited-file-modtimeset-window-configurationset-window-display-tablethis-command-keys-vectorthis-single-command-keysw32-get-codepage-charsetw32-get-console-codepagew32-get-valid-locale-idsw32-set-console-codepagew32-set-process-prioritywaiting-for-user-input-pwindow-combination-limitwindow-scroll-bar-heightx-change-window-propertyx-delete-window-propertyx-get-selection-internalx-menu-bar-open-internalx-own-selection-internalembedded/common_lisp.xmlembedded/go_template.xmlapplication/x-httpd-php3application/x-httpd-php4application/x-httpd-php5text/prs.fallenstein.rst(?:extends|implements)\bIO::Notification::ChangeMetamodel::RoleContainer([$@])((?<!(?<!\\)\\)\()regex-starting-operatorsembedded/applescript.xmlembedded/cap_n_proto.xmlembedded/cfstatement.xmlembedded/mathematica.xmlembedded/objective-c.xmlembedded/plutus_core.xmlembedded/standard_ml.xmlembedded/tradingview.xmlgif: too much image datagif: invalid pixel valueMESSAGE_ENCODING_UNKNOWNutf8_general_mysql500_ciallowFallbackToPlaintextstatement_cache_capacityAsia Pacific (Hong Kong)Asia Pacific (Hyderabad)Asia Pacific (Singapore)Asia Pacific (Melbourne)athena.ap-east-1.api.awsathena.eu-west-1.api.awsathena.eu-west-2.api.awsathena.eu-west-3.api.awsathena.sa-east-1.api.awsathena.us-east-1.api.awsathena.us-east-2.api.awsathena.us-west-1.api.awsathena.us-west-2.api.awscloudfront.amazonaws.comaos.ca-central-1.api.awsaos.eu-central-1.api.awsaos.eu-central-2.api.awsaos.il-central-1.api.awsaos.me-central-1.api.awslambda.ap-east-1.api.awslambda.ca-west-1.api.awslambda.eu-west-1.api.awslambda.eu-west-2.api.awslambda.eu-west-3.api.awslambda.sa-east-1.api.awslambda.us-east-1.api.awslambda.us-east-2.api.awslambda.us-west-1.api.awslambda.us-west-2.api.awsrekognition.ca-central-1budgets.amazonaws.com.cnroute53.amazonaws.com.cnacm.{region}.{dnsSuffix}dms.{region}.{dnsSuffix}ec2.{region}.{dnsSuffix}eks.{region}.{dnsSuffix}iam.us-gov.amazonaws.comrds.{region}.{dnsSuffix}sqs.{reg
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: [0m[%s]%s %-44s invalid interlace methodplugin.StdioData_Channelinvalid protocol versionconnection write timeoutrpc: can't find service code: %s, debug data: %q^[a-zA-Z_][a-zA-Z0-9_]*$tabwriter: panic during empty deployment matcherSection list for "posts"array-has-fill-pointer-pbroadcast-stream-streamsecho-stream-input-streamensure-directories-existget-output-stream-stringlisp-implementation-typemake-concatenated-streammake-string-input-streammethod-combination-errortype-error-expected-typewith-hash-table-iteratorfloating-point-underflowcl-define-compiler-macrodefine-global-minor-modewith-tramp-file-propertyactive-minibuffer-windowbarf-if-buffer-read-onlybool-vector-exclusive-orbool-vector-intersectiondescribe-buffer-bindingsgenerate-new-buffer-nameinternal-complete-bufferkill-all-local-variableslast-nonminibuffer-framelibxml-parse-html-regionprevious-property-changeprocess-datagram-addressread-key-sequence-vectorserial-process-configureset-file-selinux-contextset-input-interrupt-modeset-mouse-pixel-positionset-terminal-local-valueset-visited-file-modtimeset-window-configurationset-window-display-tablethis-command-keys-vectorthis-single-command-keysw32-get-codepage-charsetw32-get-console-codepagew32-get-valid-locale-idsw32-set-console-codepagew32-set-process-prioritywaiting-for-user-input-pwindow-combination-limitwindow-scroll-bar-heightx-change-window-propertyx-delete-window-propertyx-get-selection-internalx-menu-bar-open-internalx-own-selection-internalembedded/common_lisp.xmlembedded/go_template.xmlapplication/x-httpd-php3application/x-httpd-php4application/x-httpd-php5text/prs.fallenstein.rst(?:extends|implements)\bIO::Notification::ChangeMetamodel::RoleContainer([$@])((?<!(?<!\\)\\)\()regex-starting-operatorsembedded/applescript.xmlembedded/cap_n_proto.xmlembedded/cfstatement.xmlembedded/mathematica.xmlembedded/objective-c.xmlembedded/plutus_core.xmlembedded/standard_ml.xmlembedded/tradingview.xmlgif: too much image datagif: invalid pixel valueMESSAGE_ENCODING_UNKNOWNutf8_general_mysql500_ciallowFallbackToPlaintextstatement_cache_capacityAsia Pacific (Hong Kong)Asia Pacific (Hyderabad)Asia Pacific (Singapore)Asia Pacific (Melbourne)athena.ap-east-1.api.awsathena.eu-west-1.api.awsathena.eu-west-2.api.awsathena.eu-west-3.api.awsathena.sa-east-1.api.awsathena.us-east-1.api.awsathena.us-east-2.api.awsathena.us-west-1.api.awsathena.us-west-2.api.awscloudfront.amazonaws.comaos.ca-central-1.api.awsaos.eu-central-1.api.awsaos.eu-central-2.api.awsaos.il-central-1.api.awsaos.me-central-1.api.awslambda.ap-east-1.api.awslambda.ca-west-1.api.awslambda.eu-west-1.api.awslambda.eu-west-2.api.awslambda.eu-west-3.api.awslambda.sa-east-1.api.awslambda.us-east-1.api.awslambda.us-east-2.api.awslambda.us-west-1.api.awslambda.us-west-2.api.awsrekognition.ca-central-1budgets.amazonaws.com.cnroute53.amazonaws.com.cnacm.{region}.{dnsSuffix}dms.{region}.{dnsSuffix}ec2.{region}.{dnsSuffix}eks.{region}.{dnsSuffix}iam.us-gov.amazonaws.comrds.{region}.{dnsSuffix}sqs.{reg
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: not a valid logrus Level: %qRtlDosPathNameToNtPathName_Uhttp.response_content_lengthBUG: got len %d, expected %d/grpc.health.v1.Health/Watchfailed to exit idle mode: %wfailed to convert %q to uintgolang.org/x/net/trace.Traceget-dispatch-macro-characterinvoke-restart-interactivelyset-dispatch-macro-charactertwo-way-stream-output-streamdefine-globalized-minor-modewith-tramp-progress-reporterbool-vector-count-populationcombine-after-change-executecurrent-window-configurationfind-operation-coding-systeminternal-face-x-get-resourcenext-read-file-uses-dialog-pregister-code-conversion-mapset-process-datagram-addressset-process-filter-multibyteset-window-combination-limitthis-single-command-raw-keyswindow-redisplay-end-trigger(?<!\$)(\$)([a-zA-Z_][\w.]*)([\t ]+)([^\r\n]+)(\r?\n|\Z)Telemetry::Instrument::Usage(?<=^|\b|\s)(ms|m|rx)\b(\s*)^( *\.\.)(\s*)(\[.+\])(.*?)$embedded/morrowindscript.xmlembedded/protocol_buffer.xmlgif: reading color table: %s%#v has map key with NaNs
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: Isikhathi sase-Chile esijwayelekileIsikhathi sasemini sase-New ZealandIsikhathi sehlobo sase-Turkmenistanbad successive approximation valuesshould never reach here Include(%q)exif: seek to sub-IFD %s failed: %vunable to find oid for type name %vcannot convert %v to Int4multirangecannot convert %v to Int8multirangecannot convert %v to TimestampArray2006-01-02 15:04:05.999999999Z07:00cannot convert %v to TstzrangeArrayfield match condition not found in unexpected ending in qualified ruleClient request count by HTTP methodServer request count by HTTP methodprecis: disallowed rune encounteredcrypto/blake2b: cannot marshal MACscrypto/cipher: input not full blockssyntax error scanning complex numberaccessing a corrupted shared libraryTime.UnmarshalBinary: invalid lengthmethod ABI and value ABI don't alignreflect.Value.Equal: values of type strings.Builder.Grow: negative countstrings: Join output length overflowThunk Address Of Data too spread outPower PC with floating point supportCherokee United States (chr-Cher-US)Chinese (Traditional) Taiwan (zh-TW)English United Arab Emirates (en-AE)bytes.Reader.ReadAt: negative offsetbytes.Reader.Seek: negative position%s is not a method but has argumentswrong number of args: got %d want %dinternal error: associate not common444089209850062616169452667236328125ryuFtoaFixed64 called with prec > 180123456789abcdefghijklmnopqrstuvwxyzbytes: Repeat output length overflowlfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnable
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: Isikhathi sase-Chile esijwayelekileIsikhathi sasemini sase-New ZealandIsikhathi sehlobo sase-Turkmenistanbad successive approximation valuesshould never reach here Include(%q)exif: seek to sub-IFD %s failed: %vunable to find oid for type name %vcannot convert %v to Int4multirangecannot convert %v to Int8multirangecannot convert %v to TimestampArray2006-01-02 15:04:05.999999999Z07:00cannot convert %v to TstzrangeArrayfield match condition not found in unexpected ending in qualified ruleClient request count by HTTP methodServer request count by HTTP methodprecis: disallowed rune encounteredcrypto/blake2b: cannot marshal MACscrypto/cipher: input not full blockssyntax error scanning complex numberaccessing a corrupted shared libraryTime.UnmarshalBinary: invalid lengthmethod ABI and value ABI don't alignreflect.Value.Equal: values of type strings.Builder.Grow: negative countstrings: Join output length overflowThunk Address Of Data too spread outPower PC with floating point supportCherokee United States (chr-Cher-US)Chinese (Traditional) Taiwan (zh-TW)English United Arab Emirates (en-AE)bytes.Reader.ReadAt: negative offsetbytes.Reader.Seek: negative position%s is not a method but has argumentswrong number of args: got %d want %dinternal error: associate not common444089209850062616169452667236328125ryuFtoaFixed64 called with prec > 180123456789abcdefghijklmnopqrstuvwxyzbytes: Repeat output length overflowlfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnable
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: tls: internal error: sending non-handshake message to QUIC transportpadding bytes must all be zeros unless AllowIllegalWrites is enabledhttp2: Transport conn %p received error from processing frame %v: %vhttp2: Transport received unsolicited DATA frame; closing connectionhttp: message cannot contain multiple Content-Length headers; got %qAn update strategy to replace existing DaemonSet pods with new pods.The last time the condition transitioned from one status to another.The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.PersistentVolumeStatus is the current status of a persistent volume.PodAttachOptions is the query options to a Pod's remote attach call.optional field specify whether the Secret or its key must be definedPodCondition contains details for the current condition of this pod.ScaleIOPersistentVolumeSource represents a persistent ScaleIO volumeproto: ISCSIPersistentVolumeSource: wiretype end group for non-groupproto: PersistentVolumeClaimCondition: illegal tag %d (wire type %d)proto: PersistentVolumeClaimStatus: wiretype end group for non-groupproto: ReplicationControllerCondition: illegal tag %d (wire type %d)proto: ReplicationControllerStatus: wiretype end group for non-groupproto: VsphereVirtualDiskVolumeSource: illegal tag %d (wire type %d)(brief) machine readable reason for the condition's last transition.expected SCALAR, SEQUENCE-START, MAPPING-START, or ALIAS, but got %vembedded IPv4 address must replace the final 2 fields of the addressbig: invalid 2nd argument to Int.Jacobi: need odd integer but got %s2695994666715063979466701508701963067355791626002630814351006629888126959946667150639794667015087019625940457807714424391721682722368061crypto/hmac: hash generation function does not produce unique valuescustom type: type: %v, does not implement the proto.custom interfacedecoding int array or slice: length exceeds input size (%d elements)invalid retry throttling config: tokenRatio (%v) may not be negativelabels in collected metric %s %s are inconsistent with descriptor %sKind %q used in outputs configuration is deprecated, use %q instead.extension %v does not implement protoreflect.ExtensionTypeDescriptorrpc.Register: method %q has %d output parameters; needs exactly one
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uidsSpecifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. If a Job is suspended (at creation or through an update), this timer will effectively be stopped and reset when the Job is resumed again.A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.Distribution of individual non-GC-related stop-the-world pause latencies. This is the time from deciding to stop the world until the world is started again. Some of this time is spent getting all threads to stop (measured directly in /sched/pauses/stopping/other:seconds). Bucket counts increase monotonically.ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uidsSpecifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. If a Job is suspended (at creation or through an update), this timer will effectively be stopped and reset when the Job is resumed again.A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.Distribution of individual non-GC-related stop-the-world pause latencies. This is the time from deciding to stop the world until the world is started again. Some of this time is spent getting all threads to stop (measured directly in /sched/pauses/stopping/other:seconds). Bucket counts increase monotonically.ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.GC cycle the last time the GC CPU limiter was enabled. This metric is useful for diagnosing the root cause of an out-of-memory error, because the limiter trades memory for CPU time when the GC's CPU time gets too high. This is most likely to occur with use of SetMemoryLimit. The first GC cycle is cycle 1, so a value of 0 indicates that it was never enabled.Distribution of individual GC-related stop-the-world pause latencies. This is the time from deciding to stop the world until the world is started again. Some of this time is spent getting all threads to stop (this is measured directly in /sched/pauses/stopping/gc:seconds), during which some threads may still be running. Bucket counts increase monotonically.StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined.AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.Specifies the set of values. Each returned container exit code (might be multiple in case of multiple containers) is checked against this set of values with respect to the operator. The list of values must be ordered and must not contain duplicates. Value '0' cannot be used for the In operator. At least one element is required. At most 255 elements are allowed.Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: nullThe maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deplo
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.GC cycle the last time the GC CPU limiter was enabled. This metric is useful for diagnosing the root cause of an out-of-memory error, because the limiter trades memory for CPU time when the GC's CPU time gets too high. This is most likely to occur with use of SetMemoryLimit. The first GC cycle is cycle 1, so a value of 0 indicates that it was never enabled.Distribution of individual GC-related stop-the-world pause latencies. This is the time from deciding to stop the world until the world is started again. Some of this time is spent getting all threads to stop (this is measured directly in /sched/pauses/stopping/gc:seconds), during which some threads may still be running. Bucket counts increase monotonically.StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined.AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.Specifies the set of values. Each returned container exit code (might be multiple in case of multiple containers) is checked against this set of values with respect to the operator. The list of values must be ordered and must not contain duplicates. Value '0' cannot be used for the In operator. At least one element is required. At most 255 elements are allowed.Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: nullThe maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deplo
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: <rule pattern="(hardware|packet|leased-address|host-decl-name|lease-time|max-lease-time|client-state|config-option|option|filename|next-server|allow|deny|match|ignore)\b">
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: <rule pattern="(?i)\b(?&lt;!-)(?&lt;!#)(ENTIRE|BY|NAME|ARRAY|SPECIFIED|VIEW|MODULE|FUNCTION|RETURNS|AND|NUMERIC|OPTIONAL|END-PARSE|TRUE|END-RESULT|LEAVING|NOT|CONDITION|NUMBER|NO|EXP|FULL|REPLACE|INSERT|DOEND|LOG|ABS|ANY|REPEAT|SET|DLOGOFF|DOWNLOAD|BREAK|VALUES|DIVIDE|COMPRESS|UPDATE|SORTKEY|OR|END-FIND|END-ENDPAGE|REDUCE|IGNORE|MIN|WASTE|END-DEFINE|SUBSTR|END|FIND|ADD|INVESTIGATE|DNATIVE|CONST|COS|ENDHOC|SGN|COPY|REDEFINE|DEFINE|MULTIPLY|ASSIGN|LE|VALUE|COMPOSE|FALSE|POS|CALL|TAN|ERROR|CLOSE|PARSE|LT|WITH_CTE|END-SORT|EJECT|RESET|SHOW|LOCAL|PERFORM|TERMINATE|VAL|BACKOUT|END-LOOP|REJECT|SUM|CREATE|SORT|RETURN|AT|SIN|SETTIME|INT|NE|GLOBAL|END-SELECT|ELSE|DELETE|TOP|INCLUDE|END-ENDDATA|LOOP|OLD|SUSPEND|SKIP|SQRT|RULEVAR|NMIN|AVER|PROCESS|SELECT|MAP|USING|END-HISTOGRAM|MAX|NEWPAGE|ON|OFF|KEY|NAMED|CONTROL|PF1|PF2|PF3|PF4|PF5|PF6|PF7|PF8|PF9|INITIAL|WRITE|STORE|FETCH|ATN|RET|END-WORK|RESTORE|GET|LIMIT|END-ERROR|SEND|OPEN|ESCAPE|COMPUTE|COUNT|TRANSFER|RELEASE|DO|DYNAMIC|ROLLBACK|END-READ|DISPLAY|UPLOAD|END-DATA|NULL-HANDLE|NCOUNT|RESIZE|END-PROCESS|REQUEST|READ|SEPARATE|EQ|INPUT|DATA|END-START|STACK|REINPUT|INCDIC|INCCONT|END-IF|WHEN|END-BEFORE|WHILE|END-ENDFILE|END-TOPPAGE|INCDIR|PARAMETER|OBTAIN|CALLDBPROC|END-BROWSE|MOVE|SUBTRACT|DLOGON|EXAMINE|SUBSTRING|BEFORE|STOP|RUN|END-BREAK|EXPORT|END-SUBROUTINE|FOR|GE|PRINT|BROWSE|IMPORT|EXPAND|ALL|PASSW|FORMAT|GT|END-NOREC|END-DECIDE|END-FOR|CALLNAT|END-ALL|OPTIONS|RETRY|NONE|INCMAC|END-FILE|DECIDE|INIT|HISTOGRAM|NAVER|START|ACCEPT|COMMIT|TOTAL|IF|FRAC|END-REPEAT|UNTIL|TO|INTO|WITH|DELIMITER|FIRST|OF|INTO|SUBROUTINE|GIVING|POSITION)\b(?!-)">
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: <rule pattern="(^|(?&lt;=[^\w\-]))(WORKING-STORAGE|IDENTIFICATION|LOCAL-STORAGE|CONFIGURATION|END-EVALUATE|FILE-CONTROL|END-UNSTRING|END-SUBTRACT|END-MULTIPLY|INPUT-OUTPUT|END-PERFORM|END-DISPLAY|END-OF-PAGE|END-COMPUTE|ENVIRONMENT|I-O-CONTROL|END-REWRITE|END-RETURN|INITIALIZE|END-ACCEPT|END-DIVIDE|PROGRAM-ID|END-STRING|END-DELETE|END-SEARCH|END-WRITE|PROCEDURE|END-START|TERMINATE|END-READ|MULTIPLY|CONTINUE|SUPPRESS|SUBTRACT|INITIATE|UNSTRING|DIVISION|VALIDATE|END-CALL|ALLOCATE|GENERATE|EVALUATE|PERFORM|FOREVER|LINKAGE|END-ADD|REWRITE|INSPECT|SECTION|RELEASE|COMPUTE|DISPLAY|END-IF|GOBACK|INVOKE|CANCEL|UNLOCK|SCREEN|SEARCH|DELETE|STRING|DIVIDE|ACCEPT|RETURN|RESUME|START|RAISE|MERGE|CLOSE|WRITE|FILE|STOP|FREE|READ|ELSE|THEN|SORT|EXIT|OPEN|CALL|MOVE|DATA|END|SET|ADD|USE|GO|FD|SD|IF)\s*($|(?=[^\w\-]))">
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: <rule pattern="(^|(?&lt;=[^\w\-]))(WORKING-STORAGE|IDENTIFICATION|LOCAL-STORAGE|CONFIGURATION|END-EVALUATE|FILE-CONTROL|END-UNSTRING|END-SUBTRACT|END-MULTIPLY|INPUT-OUTPUT|END-PERFORM|END-DISPLAY|END-OF-PAGE|END-COMPUTE|ENVIRONMENT|I-O-CONTROL|END-REWRITE|END-RETURN|INITIALIZE|END-ACCEPT|END-DIVIDE|PROGRAM-ID|END-STRING|END-DELETE|END-SEARCH|END-WRITE|PROCEDURE|END-START|TERMINATE|END-READ|MULTIPLY|CONTINUE|SUPPRESS|SUBTRACT|INITIATE|UNSTRING|DIVISION|VALIDATE|END-CALL|ALLOCATE|GENERATE|EVALUATE|PERFORM|FOREVER|LINKAGE|END-ADD|REWRITE|INSPECT|SECTION|RELEASE|COMPUTE|DISPLAY|END-IF|GOBACK|INVOKE|CANCEL|UNLOCK|SCREEN|SEARCH|DELETE|STRING|DIVIDE|ACCEPT|RETURN|RESUME|START|RAISE|MERGE|CLOSE|WRITE|FILE|STOP|FREE|READ|ELSE|THEN|SORT|EXIT|OPEN|CALL|MOVE|DATA|END|SET|ADD|USE|GO|FD|SD|IF)\s*($|(?=[^\w\-]))">
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: <rule pattern="\b(use-glyph-orientation|decimal-leading-zero|ruby-base-container|ruby-text-container|table-column-group|table-header-group|geometricPrecision|table-footer-group|optimizeLegibility|alternate-reverse|repeat no-repeat|table-row-group|all-petite-caps|ultra-condensed|extra-condensed|box-decoration|sideways-right|extra-expanded|no-close-quote|all-small-caps|semi-condensed|ultra-expanded|column-reverse|space-between|semi-expanded|table-caption|no-open-quote|sideways-left|double-circle|vertical-text|optimizeSpeed|weight style|currentColor|titling-caps|match-parent|table-column|line-through|inline-block|inline-table|wrap-reverse|avoid-column|manipulation|space-around|context-menu|lower-alpha|row-reverse|not-allowed|content-box|ease-in-out|close-quote|lower-latin|crisp-edges|lower-roman|lower-greek|upper-alpha|upper-latin|upper-roman|nwse-resize|nesw-resize|preserve-3d|inline-flex|petite-caps|color-dodge|descendants|padding-box|capitalize|small-caps|difference|inter-word|step-start|all-scroll|stroke-box|soft-light|margin-box|open-quote|table-cell|row-resize|border-box|hard-light|break-word|color-burn|luminosity|full-width|col-resize|from-image|avoid-page|scale-down|saturation|sans-serif|flex-start|distribute|horizontal|alternate|ruby-text|force-end|list-item|se-resize|mandatory|exclusion|ns-resize|underline|ruby-base|ew-resize|condensed|container|uppercase|no-repeat|nw-resize|table-row|backwards|crosshair|proximity|sw-resize|lowercase|allow-end|each-line|monospace|pixelated|ne-resize|luminance|pan-right|ellipsis|pan-down|pan-left|overline|multiply|progress|relative|infinite|repeat-x|repeat-y|georgian|forwards|flex-end|s-resize|fill-box|expanded|separate|ease-out|sideways|e-resize|step-end|n-resize|collapse|triangle|baseline|view-box|w-resize|armenian|absolute|xx-large|xx-small|vertical|zoom-out|contain|ease-in|running|no-drop|zoom-in|unicase|hanging|smaller|x-large|overlay|compact|lighter|lighten|objects|oblique|x-small|reverse|stretch|upright|cursive|inherit|initial|outside|pointer|decimal|default|justify|visible|balance|isolate|fantasy|paused|static|pan-up|invert|inside|italic|weight|inline|hidden|outset|larger|repeat|always|spaces|sticky|circle|digits|linear|column|smooth|nowrap|bolder|normal|sesame|dashed|groove|darken|bottom|run-in|manual|dotted|double|medium|filled|screen|scroll|center|strict|square|edges|serif|start|thick|first|clone|fixed|slice|small|under|unset|block|color|round|solid|space|right|ridge|blink|below|pan-y|avoid|large|cover|inset|alpha|local|alias|style|loose|table|mixed|pan-x|page|ruby|disc|none|snap|ease|text|show|thin|clip|left|open|wrap|fill|cell|flat|flex|flip|last|both|help|bold|over|hide|wait|icon|move|auto|copy|wavy|top|ltr|row|rtl|end|hue|dot|off|all|ink|to|on)\b">
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: <push state="function-start"/>
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: <state name="function-start">
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: <rule pattern="(use-glyph-orientation|decimal-leading-zero|ruby-base-container|ruby-text-container|table-column-group|table-header-group|geometricPrecision|table-footer-group|optimizeLegibility|alternate-reverse|repeat no-repeat|table-row-group|all-petite-caps|ultra-condensed|extra-condensed|box-decoration|sideways-right|extra-expanded|no-close-quote|all-small-caps|semi-condensed|ultra-expanded|column-reverse|space-between|semi-expanded|table-caption|no-open-quote|sideways-left|double-circle|vertical-text|optimizeSpeed|weight style|currentColor|titling-caps|match-parent|table-column|line-through|inline-block|inline-table|wrap-reverse|avoid-column|manipulation|space-around|context-menu|lower-alpha|row-reverse|not-allowed|content-box|ease-in-out|close-quote|lower-latin|crisp-edges|lower-roman|lower-greek|upper-alpha|upper-latin|upper-roman|nwse-resize|nesw-resize|preserve-3d|inline-flex|petite-caps|color-dodge|descendants|padding-box|capitalize|small-caps|difference|inter-word|step-start|all-scroll|stroke-box|soft-light|margin-box|open-quote|table-cell|row-resize|border-box|hard-light|break-word|color-burn|luminosity|full-width|col-resize|from-image|avoid-page|scale-down|saturation|sans-serif|flex-start|distribute|horizontal|alternate|ruby-text|force-end|list-item|se-resize|mandatory|exclusion|ns-resize|underline|ruby-base|ew-resize|condensed|container|uppercase|no-repeat|nw-resize|table-row|backwards|crosshair|proximity|sw-resize|lowercase|allow-end|each-line|monospace|pixelated|ne-resize|luminance|pan-right|ellipsis|pan-down|pan-left|overline|multiply|progress|relative|infinite|repeat-x|repeat-y|georgian|forwards|flex-end|s-resize|fill-box|expanded|separate|ease-out|sideways|e-resize|step-end|n-resize|collapse|triangle|baseline|view-box|w-resize|armenian|absolute|xx-large|xx-small|vertical|zoom-out|contain|ease-in|running|no-drop|zoom-in|unicase|hanging|smaller|x-large|overlay|compact|lighter|lighten|objects|oblique|x-small|reverse|stretch|upright|cursive|inherit|initial|outside|pointer|decimal|default|justify|visible|balance|isolate|fantasy|paused|static|pan-up|invert|inside|italic|weight|inline|hidden|outset|larger|repeat|always|spaces|sticky|circle|digits|linear|column|smooth|nowrap|bolder|normal|sesame|dashed|groove|darken|bottom|run-in|manual|dotted|double|medium|filled|screen|scroll|center|strict|square|edges|serif|start|thick|first|clone|fixed|slice|small|under|unset|block|color|round|solid|space|right|ridge|blink|below|pan-y|avoid|large|cover|inset|alpha|local|alias|style|loose|table|mixed|pan-x|page|ruby|disc|none|snap|ease|text|show|thin|clip|left|open|wrap|fill|cell|flat|flex|flip|last|both|help|bold|over|hide|wait|icon|move|auto|copy|wavy|top|ltr|row|rtl|end|hue|dot|off|all|ink|to|on)\b">
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: <push state="value-start"/>
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: <state name="value-start">
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: <rule pattern="\b(no-discretionary-ligatures|no-historical-ligatures|discretionary-ligatures|simp-chinese-informal|trad-chinese-informal|korean-hanja-informal|historical-ligatures|korean-hangul-formal|decimal-leading-zero|korean-hanja-formal|ruby-text-container|ruby-base-container|no-common-ligatures|trad-chinese-formal|simp-chinese-formal|cjk-earthly-branch|geometricPrecision|optimizeLegibility|table-header-group|table-footer-group|diagonal-fractions|table-column-group|proportional-width|disclosure-closed|stacked-fractions|japanese-informal|alternate-reverse|cjk-heavenly-stem|proportional-nums|slider-horizontal|ideograph-numeric|common-ligatures|isolate-override|ethiopic-numeric|ideograph-alpha|table-row-group|all-petite-caps|cjk-ideographic|inter-character|ultra-condensed|scroll-position|extra-condensed|japanese-formal|disclosure-open|menulist-button|upper-armenian|lower-armenian|extra-expanded|semi-condensed|space-adjacent|all-small-caps|discard-before|katakana-iroha|full-size-kana|no-close-quote|ultra-expanded|hiragana-iroha|target-counter|column-reverse|spelling-error|grammar-error|optimizeSpeed|discard-after|no-contextual|trim-adjacent|table-caption|square-button|semi-expanded|border-bottom|ui-sans-serif|double-circle|vertical-text|outside-shape|horizontal-tb|no-open-quote|space-between|small-caption|oldstyle-nums|bidi-override|progress-bar|match-parent|line-through|space-around|inline-table|inline-block|high-quality|space-evenly|table-column|currentColor|arabic-indic|ui-monospace|rotate-right|inline-start|avoid-region|avoid-column|match-source|manipulation|tabular-nums|context-menu|slashed-zero|cubic-bezier|titling-caps|wrap-reverse|color-dodge|sideways-lr|no-compress|space-first|searchfield|lining-nums|fit-content|ease-in-out|punctuation|min-content|petite-caps|crisp-edges|push-button|translate3d|row-reverse|perspective|max-content|nesw-resize|not-allowed|preserve-3d|space-start|drop-shadow|padding-box|text-bottom|rotate-left|block-start|inline-grid|inline-flex|upper-latin|upper-alpha|lower-latin|auto
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: flow|lower-alpha|message-box|lower-greek|upper-roman|lower-roman|vertical-rl|traditional|justify-all|close-quote|content-box|vertical-lr|cjk-decimal|transparent|sideways-rl|target-text|balance-all|ideographic|nwse-resize|saturation|flex-start|open-quote|from-image|avoid-flex|avoid-line|stroke-box|ui-rounded|margin-box|self-start|inline-end|devanagari|avoid-page|status-bar|all-scroll|col-resize|row-resize|translateZ|translateY|translateX|hue-rotate|small-caps|brightness|step-start|capitalize|trim-start|trim-inner|sans-serif|scale-down|contextual|break-word|horizontal|inter-word|color-burn|cross-fade|hard-light|soft-light|border-box|table-cell|luminosity|full-width|difference|simplified|alphabetic|mandatory|exclusion|from-font|table-row|flow-root|underline|image-set|proximity|ruby-base|ruby-text|list-item|monospace|intersect|ns-resize|textfield|ew-resize|uppercase|sw-resize|se-resize|nw-resize|lowercase|grayscale|ne-resize|pan-right|translate|backwards|available|luminance|condensed|alternate|mongolian|plaintext|malayalam|cambodian|transform|block-end|force-end|break-all|crosshair|allow-end|no-repeat|pixelated|system-ui|xxx-large|space-end|w-resize|georgian|flex-end|baseline|gujarati|fangsong|ui-serif|fill-box|keep-all|view-box|xx-small|gurmukhi|pre-line|pre-wrap|contents|xx-large|text-top|hiragana|self-end|katakana|collapse|separate|anywhere|saturate|expanded|subtract|progress|repeat-x|rotate3d|repeat-y|contrast|relative|forwards|infinite|absolute|matrix3d|vertical|overline|pan-down|pan-left|step-end|triangle|ease-out|textarea|sideways|checkbox|menulist|ellipsis|trim-end|grabbing|multiply|zoom-out|n-resize|s-resize|armenian|ordinal|zoom-in|visible|overlay|no-drop|listbox|unicode|lighten|ease-in|lighter|element|running|justify|display|fantasy|unicase|subgrid|reverse|upright|stretch|rotateX|current|exclude|rotateY|pointer|contain|opacity|default|no-clip|in-flow|hanging|isolate|discard|tibetan|persian|myanmar|rotateZ|content|inherit|outside|initial|kannada|smaller|decimal|symbols|x-large|balance|x-small|economy|caption|minimum|maximum|polygon|ellipse|cursive|bengali|masonry|static|region|column|run-in|inline|middle|circle|larger|button|square|pretty|always|hidden|rotate|inside|scroll|screen|matrix|create|unsafe|center|paused|nowrap|medium|darken|sesame|strict|outset|pan-up|bolder|telugu|scaleX|linear|scaleY|groove|double|scaleZ|dashed|minmax|legacy|hebrew|bottom|dotted|leader|normal|stable|weight|smooth|filled|italic|revert|manual|repeat|sticky|invert|table|round|space|alias|jis78|dense|sepia|emoji|auto;|clear|skewX|cover|right|skewY|style|light|unset|force|alpha|large|focus|solid|ridge|white|embed|tamil|blink|first|scale|radio|color|jis83|under|block|jis90|inset|start|pan-y|oriya|super|loose|mixed|thick|slice|pan-x|khmer|width|local|fixed|clone|avoid|serif|exact|recto|meter|small|verso|jis04|image|flow|flex|grid|ruby|wrap|ease|safe|grab|move|icon|bold|last|open|over|wavy|show|hide|both|url;|none|blur|text|line|menu|copy|dark|left|math|cell|clip|fill|
Source: LisectAVT_2403002A_476.exe	String found in binary or memory: /c|real-part|numerator|hash-set\*|hash-set!|boolean=\?|read-line|hash-ref!|read-char|read-cdot|hash-keys|hash-eqv\?|partition|path-only|between/c|peek-byte|peek-char|read-byte|rational\?|hash-copy|positive\?|weak-box\?|print-box|alarm-evt|guard-evt|promise/c|prop:dict|conjugate|sequence\?|in-range|group-by|set-eqv\?|set-box!|generic\?|dict-map|dict-ref|channel\?|hash-eq\?|set-add!|dict-set|one-of/c|box-cas!|for-each|make-exn|set-copy|hash-map|hash-ref|hash-set|syntax-e|integer\?|set-rest|inexact\?|vectorof|truncate|stream/c|string&lt;\?|string=\?|symbol=\?|string&gt;\?|symbol&lt;\?|vector/c|prop:evt|plumber\?|pregexp\?|identity|in-value|list-set|in-bytes|in-cycle|weak-set|in-slice|date-day|subbytes|in-lines|list-ref|boolean\?|udp-send|promise\?|process\*|keyword\?|equal&lt;%&gt;|object=\?|compose1|exn:fail|in-mlist|split-at|syntax/c|quotient|wrap-evt|complex\?|char&lt;=\?|system\*|println|syntax\?|in-port|compose|in-list|conjoin|regexp\?|bytes&gt;\?|process|compile|\*list/c|object%|thread\?|eof-evt|load/cd|logger\?|struct\?|pregexp|bytes=\?|in-hash|in-dict|srcloc\?|list\*of|append\*|shuffle|writeln|call/cc|hasheqv|subset\?|seventh|char&gt;=\?|call/ec|number\?|bytes&lt;\?|string\?|object\?|symbol\?|symbols|version|display|disjoin|stream\?|vector\?|fixnum\?|arity=\?|flatten|flonum\?|set-map|reverse|newline|ceiling|fprintf|is-a\?/c|future\?|real-in|char-in|remove\*|set-eq\?|set-add|base-&gt;\?|eprintf|andmap|modulo|blame\?|cdaadr|cdaaar|seteqv|length|eighth|vector|cadddr|caddar|date\*\?|cdaddr|cadadr|empty\?|curryr|cadaar|caaddr|in-set|equal\?|mpair\?|list/c|cddaar|cddadr|member|argmax|cons/c|argmin|listof|caadar|printf|caaadr|caaaar|bytes\?|system|putenv|exact\?|expand|class\?|random|srcloc|cdddar|false\?|filter|char&gt;\?|hasheq|none/c|second|cddddr|hash/c|string|place\?|char=\?|values|char&lt;\?|negate|append|regexp|cdadar|fourth|future|banner|gensym|getenv|remove|thread|format|path&lt;\?|tenth|third|remf\*|path\?|char\?|ninth|remq\*|pair\?|ormap|mcons|assoc|remv\*|round|cdddr|takef|range|cons\?|cddar|const|list\?|apply|port\?|count|curry|touch|cdadr|date\*|list\*|date\?|findf|is-a\?|box/c|set/c|set=\?|dict\?|void\?|null\?|seteq|dropf|not/c|caddr|empty|print|cadar|raise|any/c|byte\?|caadr|sixth|angle|and/c|error|caaar|n-&gt;th|sleep|even\?|evt/c|write|bytes|unbox|fifth|unit\?|first|floor|foldl|foldr|force|real\?|zero\?|hash\?|cdaar|sinh|nan\?|udp\?|caar|cadr|null|hash|rest|box\?|&lt;=/c|memv|expt|true|memq|cdar|memf|cddr|odd\?|exn\?|or/c|mcdr|mcar|if/c|eqv\?|exit|remf|remq|atan|assv|assq|remv|assf|asin|pi\.f|tanh|&gt;=/c|take|read|acos|load|cons|sort|add1|cosh|date|list|evt\?|eval|last|sync|void|set\?|drop|sub1|sqrt|sin|sgn|eof|~\.a|eq\?|&lt;/c|lcm|set|cos|~\.s|log|abs|tan|~\.v|gcd|map|xor|=/c|max|cdr|exp|sqr|box|min|car|&gt;/c|not|exn|~v|~s|&lt;=|~r|~e|~a|&gt;=|pi|/|\*|&gt;|\+|=|-|&lt;)(?=[()[\]{}&#34;,\&#39;`;\s])">

Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe

File read: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe "C:\Users\user\Desktop\LisectAVT_2403002A_476.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe			Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe	Section loaded: powrprof.dll			Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe	Section loaded: umpdc.dll			Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: webio.dll			Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: winnsi.dll			Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: rasadhlp.dll			Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: msasn1.dll			Jump to behavior

Source: LisectAVT_2403002A_476.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: LisectAVT_2403002A_476.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: LisectAVT_2403002A_476.exe

Static file information: File size 52278280 > 1048576

Source: LisectAVT_2403002A_476.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1585800
Source: LisectAVT_2403002A_476.exe	Static PE information: Raw size of .data is bigger than: 0x100000 < 0x103000
Source: LisectAVT_2403002A_476.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x1a4e600

Source: LisectAVT_2403002A_476.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: BitLockerToGo.pdb source: LisectAVT_2403002A_476.exe, 00000001.00000002.2349220183.000000C0007F2000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_476.exe, 00000001.00000003.2345604969.000002A25EA40000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_476.exe, 00000001.00000002.2350737713.000000C00082E000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_476.exe, 00000001.00000003.2345642713.000002A25EA00000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2346300993.00000000007C0000.00000004.00000020.00020000.00000000.sdmp

Source:

Binary string: BitLockerToGo.pdbGCTL source: LisectAVT_2403002A_476.exe, 00000001.00000002.2349220183.000000C0007F2000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_476.exe, 00000001.00000003.2345604969.000002A25EA40000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_476.exe, 00000001.00000002.2350737713.000000C00082E000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_476.exe, 00000001.00000003.2345642713.000002A25EA00000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2346300993.00000000007C0000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 3_2_0061B6E2 LoadLibraryW,GetProcAddress,GetProcAddress,NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,

3_2_0061B6E2

Source: LisectAVT_2403002A_476.exe

Static PE information: section name: .xdata

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0061D4F5 push ebp; retf		3_2_0061D4FE
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_0063A4D8 pushad ; retf		3_2_0063A4D9
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 3_2_00639C4D push 7D10D5EFh; retf		3_2_00639C52

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe

Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 3_2_0060BEDC rdtsc

3_2_0060BEDC

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 6408	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 3640	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: LisectAVT_2403002A_476.exe, 00000001.00000002.2353624038.000002A2177F4000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2348525768.00000000007A8000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 3_2_0060BEDC rdtsc

3_2_0060BEDC

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 3_2_0061B6E2 LoadLibraryW,GetProcAddress,GetProcAddress,NtAllocateVirtualMemory,NtFreeVirtualMemory,NtAllocateVirtualMemory,NtFreeVirtualMemory,

3_2_0061B6E2

Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe

Process token adjusted: Debug

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe

Memory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 600000 protect: page execute and read and write

Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe

Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 600000 value starts with: 4D5A

Jump to behavior

Source: LisectAVT_2403002A_476.exe, 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: associationokeo.shop
Source: LisectAVT_2403002A_476.exe, 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: turkeyunlikelyofw.shop
Source: LisectAVT_2403002A_476.exe, 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: pooreveningfuseor.pw
Source: LisectAVT_2403002A_476.exe, 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: edurestunningcrackyow.fun
Source: LisectAVT_2403002A_476.exe, 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: detectordiscusser.shop
Source: LisectAVT_2403002A_476.exe, 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: problemregardybuiwo.fun
Source: LisectAVT_2403002A_476.exe, 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: lighterepisodeheighte.fun
Source: LisectAVT_2403002A_476.exe, 00000001.00000002.2352645087.000000C000DDE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: technologyenterdo.shop

Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 600000			Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 530008			Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe

Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Jump to behavior

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe	Queries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe	Queries volume information: C:\Windows VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe	Queries volume information: C:\Windows\AppReadiness VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_476.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation			Jump to behavior

Stealing of Sensitive Information

Source: Yara match	File source: LisectAVT_2403002A_476.exe, type: SAMPLE
Source: Yara match	File source: 00000001.00000002.2358502353.00007FF629174000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.2150034423.00007FF629174000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: LisectAVT_2403002A_476.exe PID: 4508, type: MEMORYSTR

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Source: Yara match	File source: LisectAVT_2403002A_476.exe, type: SAMPLE
Source: Yara match	File source: 00000001.00000002.2358502353.00007FF629174000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000000.2150034423.00007FF629174000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: LisectAVT_2403002A_476.exe PID: 4508, type: MEMORYSTR

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR