Source: 00000000.00000002.1708564024.000000C000618000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: bravedreacisopm.shop |
Source: 00000000.00000002.1708564024.000000C000618000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: shellfyyousdjz.shop |
Source: 00000000.00000002.1708564024.000000C000618000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: broccoltisop.shop |
Source: 00000000.00000002.1708564024.000000C000618000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: grassytaisol.shop |
Source: 00000000.00000002.1708564024.000000C000618000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: stimultaionsppzv.shop |
Source: 00000000.00000002.1708564024.000000C000618000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: parntorpkxzlp.shop |
Source: 00000000.00000002.1708564024.000000C000618000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: effectivedoxzj.shop |
Source: 00000000.00000002.1708564024.000000C000618000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: horizonvxjis.shop |
Source: 00000000.00000002.1708564024.000000C000618000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: weaknessmznxo.shop |
Source: 00000000.00000002.1708564024.000000C000618000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000000.00000002.1708564024.000000C000618000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: TeslaBrowser/5.5 |
Source: 00000000.00000002.1708564024.000000C000618000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: - Screen Resoluton: |
Source: 00000000.00000002.1708564024.000000C000618000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: - Physical Installed Memory: |
Source: 00000000.00000002.1708564024.000000C000618000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: Workgroup: - |
Source: 00000000.00000002.1708564024.000000C000618000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: LPnhqo--@kolnausgb |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [eax], bl |
1_2_02A0F290 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
1_2_02A3C2D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
1_2_02A3A088 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
1_2_02A3C020 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov dword ptr [esi+10h], 00000000h |
1_2_02A12846 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
1_2_02A12846 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov dword ptr [esi+04h], eax |
1_2_02A27970 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+00000094h] |
1_2_02A27970 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edi], al |
1_2_02A27970 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edi], 0000002Bh |
1_2_02A27970 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edi], dl |
1_2_02A27970 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+3Ch] |
1_2_02A27970 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov dword ptr [esi+08h], ebx |
1_2_02A29EF2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+6Ch] |
1_2_02A29EF2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edi], al |
1_2_02A29EF2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edx, byte ptr [esp+eax+20h] |
1_2_02A04E70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], 11081610h |
1_2_02A16E50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
1_2_02A09FA0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 077DEFCDh |
1_2_02A3C7E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
1_2_02A37F70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp+60h] |
1_2_02A17CBB |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp] |
1_2_02A21D60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+00000880h] |
1_2_02A21AAF |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 11081610h |
1_2_02A25AEA |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 11081610h |
1_2_02A25A01 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [esi+eax], 0000h |
1_2_02A19212 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+00000080h] |
1_2_02A18A72 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], B33E16A3h |
1_2_02A15BA8 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp dword ptr [02A42DE4h] |
1_2_02A15BA8 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
1_2_02A26BB0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 11081610h |
1_2_02A25B83 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp dword ptr [02A44B7Ch] |
1_2_02A25B83 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, ecx |
1_2_02A1F321 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx esi, word ptr [edi+ecx*4] |
1_2_02A08330 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
1_2_02A3B300 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edx, dword ptr [esp] |
1_2_02A09890 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edx], bl |
1_2_02A09890 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
1_2_02A3B090 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movsx ecx, byte ptr [esi+eax] |
1_2_02A0E0E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edi, eax |
1_2_02A120F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+04h] |
1_2_02A2582B |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
1_2_02A1E80E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
1_2_02A229FA |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
1_2_02A3B1D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 3BEBD150h |
1_2_02A3C1D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
1_2_02A3B920 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], cx |
1_2_02A23909 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h |
1_2_02A27140 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
1_2_02A3AE80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edi, ebx |
1_2_02A38EE0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edi, byte ptr [ecx+esi] |
1_2_02A03620 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
1_2_02A3B630 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [ebx+ebp+02h], 0000h |
1_2_02A1DFB0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], cx |
1_2_02A15799 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [ecx], 00000000h |
1_2_02A14F7A |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
1_2_02A3C4B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
1_2_02A2143B |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ecx, byte ptr [ebx] |
1_2_02A03450 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
1_2_02A1BD90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
1_2_02A36590 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp+18h] |
1_2_02A0FDE3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [esi], cx |
1_2_02A0FDE3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp+60h] |
1_2_02A185D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then dec edi |
1_2_02A3CDD0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx eax, word ptr [edx] |
1_2_02A3AD00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
1_2_02A3AD00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then inc ebx |
1_2_02A16550 |
Source: github_softwares_v1.18.exe |
String found in binary or memory: http://.css |
Source: github_softwares_v1.18.exe |
String found in binary or memory: http://.jpg |
Source: BitLockerToGo.exe, 00000001.00000003.1755112502.0000000004FDD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
Source: BitLockerToGo.exe, 00000001.00000003.1755112502.0000000004FDD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
Source: BitLockerToGo.exe, 00000001.00000003.1755112502.0000000004FDD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
Source: BitLockerToGo.exe, 00000001.00000003.1755112502.0000000004FDD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: BitLockerToGo.exe, 00000001.00000003.1755112502.0000000004FDD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: BitLockerToGo.exe, 00000001.00000003.1755112502.0000000004FDD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
Source: BitLockerToGo.exe, 00000001.00000003.1755112502.0000000004FDD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
Source: github_softwares_v1.18.exe |
String found in binary or memory: http://html4/loose.dtd |
Source: BitLockerToGo.exe, 00000001.00000003.1755112502.0000000004FDD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: BitLockerToGo.exe, 00000001.00000003.1755112502.0000000004FDD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
Source: BitLockerToGo.exe, 00000001.00000003.1755112502.0000000004FDD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://x1.c.lencr.org/0 |
Source: BitLockerToGo.exe, 00000001.00000003.1755112502.0000000004FDD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://x1.i.lencr.org/0 |
Source: BitLockerToGo.exe, 00000001.00000003.1731546584.0000000004FD1000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1731597052.0000000002F38000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: BitLockerToGo.exe, 00000001.00000003.1756837470.0000000002F02000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417. |
Source: BitLockerToGo.exe, 00000001.00000003.1756837470.0000000002F02000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta |
Source: BitLockerToGo.exe, 00000001.00000003.1731546584.0000000004FD1000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1731597052.0000000002F38000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: BitLockerToGo.exe, 00000001.00000003.1731546584.0000000004FD1000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1731597052.0000000002F38000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: BitLockerToGo.exe, 00000001.00000003.1731546584.0000000004FD1000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1731597052.0000000002F38000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: BitLockerToGo.exe, 00000001.00000003.1756837470.0000000002F02000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg |
Source: BitLockerToGo.exe, 00000001.00000003.1756837470.0000000002F02000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
Source: BitLockerToGo.exe, 00000001.00000003.1731546584.0000000004FD1000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1731597052.0000000002F38000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: BitLockerToGo.exe, 00000001.00000003.1731546584.0000000004FD1000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1731597052.0000000002F38000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: BitLockerToGo.exe, 00000001.00000003.1731546584.0000000004FD1000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1731597052.0000000002F38000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: github_softwares_v1.18.exe |
String found in binary or memory: https://gorm.io/docs/hooks.htmlWarning: |
Source: BitLockerToGo.exe, 00000001.00000003.1756837470.0000000002F02000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi |
Source: BitLockerToGo.exe, 00000001.00000003.1730889198.0000000004FFD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.microsof |
Source: BitLockerToGo.exe, 00000001.00000003.1756527742.00000000050F4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: BitLockerToGo.exe, 00000001.00000003.1756527742.00000000050F4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all |
Source: BitLockerToGo.exe, 00000001.00000003.1730995668.0000000004FF6000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1730889198.0000000004FFD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: BitLockerToGo.exe, 00000001.00000003.1730995668.0000000004FD2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
Source: BitLockerToGo.exe, 00000001.00000003.1730995668.0000000004FF6000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1730889198.0000000004FFD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
Source: BitLockerToGo.exe, 00000001.00000003.1730995668.0000000004FD2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
Source: BitLockerToGo.exe, 00000001.00000003.1743040571.0000000002EF5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://weaknessmznxo.shop/ |
Source: BitLockerToGo.exe, 00000001.00000003.1777410523.0000000002E89000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1777480522.0000000002E8B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://weaknessmznxo.shop/(( |
Source: BitLockerToGo.exe, 00000001.00000002.1846072628.0000000002E89000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1844557480.0000000002E89000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://weaknessmznxo.shop/22 |
Source: BitLockerToGo.exe, 00000001.00000003.1754529360.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1756837470.0000000002F02000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1754816151.0000000002F02000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://weaknessmznxo.shop/GHd |
Source: BitLockerToGo.exe, 00000001.00000002.1846072628.0000000002E89000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1844557480.0000000002E89000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://weaknessmznxo.shop/H |
Source: BitLockerToGo.exe, 00000001.00000003.1730674997.0000000002E8B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1743040571.0000000002EF5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1846585558.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1800001882.0000000002EE3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://weaknessmznxo.shop/api |
Source: BitLockerToGo.exe, 00000001.00000003.1716565174.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://weaknessmznxo.shop/api-L |
Source: BitLockerToGo.exe, 00000001.00000003.1743040571.0000000002EF5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://weaknessmznxo.shop/api0fB? |
Source: BitLockerToGo.exe, 00000001.00000003.1754529360.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1772726652.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://weaknessmznxo.shop/apiBU |
Source: BitLockerToGo.exe, 00000001.00000002.1846072628.0000000002E89000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1844557480.0000000002E89000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://weaknessmznxo.shop/h |
Source: BitLockerToGo.exe, 00000001.00000003.1830856779.0000000002EF5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://weaknessmznxo.shop:443/api |
Source: BitLockerToGo.exe, 00000001.00000003.1730573797.0000000002E70000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://weaknessmznxo.shop:443/api6 |
Source: BitLockerToGo.exe, 00000001.00000003.1756837470.0000000002F02000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94 |
Source: BitLockerToGo.exe, 00000001.00000003.1731546584.0000000004FD1000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1731597052.0000000002F38000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: BitLockerToGo.exe, 00000001.00000003.1756837470.0000000002F02000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219 |
Source: BitLockerToGo.exe, 00000001.00000003.1731546584.0000000004FD1000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1731597052.0000000002F38000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: BitLockerToGo.exe, 00000001.00000003.1756527742.00000000050F4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2 |
Source: BitLockerToGo.exe, 00000001.00000003.1756527742.00000000050F4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR |
Source: BitLockerToGo.exe, 00000001.00000003.1756527742.00000000050F4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: BitLockerToGo.exe, 00000001.00000003.1756527742.00000000050F4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: BitLockerToGo.exe, 00000001.00000003.1756527742.00000000050F4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A0B260 |
1_2_02A0B260 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A34340 |
1_2_02A34340 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A23840 |
1_2_02A23840 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A18184 |
1_2_02A18184 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A27970 |
1_2_02A27970 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A29EF2 |
1_2_02A29EF2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A04E70 |
1_2_02A04E70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A16E50 |
1_2_02A16E50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A22C10 |
1_2_02A22C10 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A3A59A |
1_2_02A3A59A |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A1154C |
1_2_02A1154C |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A3CAB0 |
1_2_02A3CAB0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A232B5 |
1_2_02A232B5 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A01A08 |
1_2_02A01A08 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A1F321 |
1_2_02A1F321 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A08330 |
1_2_02A08330 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A3B300 |
1_2_02A3B300 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A240B7 |
1_2_02A240B7 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A3B090 |
1_2_02A3B090 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A1E80E |
1_2_02A1E80E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A01051 |
1_2_02A01051 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A14188 |
1_2_02A14188 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A03990 |
1_2_02A03990 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A3B1D0 |
1_2_02A3B1D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A05920 |
1_2_02A05920 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A0F110 |
1_2_02A0F110 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A066B0 |
1_2_02A066B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A01EB0 |
1_2_02A01EB0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A3AE80 |
1_2_02A3AE80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A3B630 |
1_2_02A3B630 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A2461E |
1_2_02A2461E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A24643 |
1_2_02A24643 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A14F7A |
1_2_02A14F7A |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A06CA0 |
1_2_02A06CA0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A04480 |
1_2_02A04480 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A2143B |
1_2_02A2143B |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A0BD80 |
1_2_02A0BD80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A275E0 |
1_2_02A275E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A3CDD0 |
1_2_02A3CDD0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A3AD00 |
1_2_02A3AD00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_02A01566 |
1_2_02A01566 |