Source: https://locatedblsoqp.shop/api |
Avira URL Cloud: Label: malware |
Source: https://locatedblsoqp.shop/ |
Avira URL Cloud: Label: phishing |
Source: https://traineiwnqo.shop/api |
Avira URL Cloud: Label: malware |
Source: https://locatedblsoqp.shop/0z |
Avira URL Cloud: Label: phishing |
Source: https://traineiwnqo.shop/8 |
Avira URL Cloud: Label: malware |
Source: https://separateedmsqj.shop/api |
Avira URL Cloud: Label: malware |
Source: https://locatedblsoqp.shop/W |
Avira URL Cloud: Label: phishing |
Source: https://traineiwnqo.shop/ |
Avira URL Cloud: Label: malware |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49713 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49714 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49715 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49716 version: TLS 1.2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp] |
2_2_00433DD2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov al, 01h |
2_2_00435E33 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+10h] |
2_2_00435E33 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov al, 01h |
2_2_00435EF8 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+10h] |
2_2_00435EF8 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov al, 01h |
2_2_004367B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+10h] |
2_2_004367B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ecx], 625B6034h |
2_2_00412054 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h |
2_2_00421030 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [edi+ebx], 0000h |
2_2_00438830 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
2_2_004110C7 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
2_2_0040F11C |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
2_2_0040F11C |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, ebx |
2_2_004071F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], cx |
2_2_00419A40 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+20h] |
2_2_0041DA50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_0041DA50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [ecx], 00000000h |
2_2_0040F20D |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [ecx], al |
2_2_00414AF0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp] |
2_2_00414AF0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edi], dl |
2_2_004272F1 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
2_2_00420A80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-10h] |
2_2_00437280 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp] |
2_2_00438280 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp dword ptr [0043FE64h] |
2_2_0041EA8C |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_0041AA90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movsx esi, byte ptr [ebp+00h] |
2_2_00437AA2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then push edi |
2_2_00420333 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
2_2_0040EBD3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
2_2_004133F7 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edx], 77A9E0C4h |
2_2_00438430 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then add ebp, dword ptr [esp+0Ch] |
2_2_004214E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov esi, dword ptr [ebp-7Ch] |
2_2_0041B4F6 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
2_2_0041049E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp al, 2Eh |
2_2_0041DCB7 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_0040AD00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
2_2_0042AD20 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
2_2_00434650 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
2_2_00432650 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
2_2_00413600 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_0041D620 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+10h] |
2_2_00436622 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edx, dword ptr [esp] |
2_2_00437690 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ecx], 625B6034h |
2_2_004127CF |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
2_2_004197E0 |
Source: Network traffic |
Suricata IDS: 2055479 - Severity 1 - ET MALWARE Lumma Stealer Domain in DNS Lookup (locatedblsoqp .shop) : 192.168.2.6:50099 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2055493 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop) : 192.168.2.6:49716 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2055493 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop) : 192.168.2.6:49715 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2055489 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) : 192.168.2.6:49714 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2055483 - Severity 1 - ET MALWARE Lumma Stealer Domain in DNS Lookup (traineiwnqo .shop) : 192.168.2.6:49209 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49714 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49714 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49715 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49715 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49716 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49713 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49713 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49716 -> 188.114.96.3:443 |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: separateedmsqj.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: locatedblsoqp.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: traineiwnqo.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=XRu95sVNoGkSeHaTLKe6ecZVkq6cnlTXtPLV4r8Wmas-1724938823-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 76Host: traineiwnqo.shop |
Source: 0Subtitle Edit.exe, 00000000.00000002.2282605862.0000000002886000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://earth.google.com/kml/2.0 |
Source: 0Subtitle Edit.exe, 00000000.00000002.2282605862.0000000002886000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://earth.google.com/kml/2.1 |
Source: 0Subtitle Edit.exe, 00000000.00000002.2282605862.0000000002886000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://earth.google.com/kml/2.2 |
Source: 0Subtitle Edit.exe |
String found in binary or memory: http://www.collada.org/2005/11/COLLADASchema |
Source: 0Subtitle Edit.exe, 00000000.00000002.2282605862.00000000028F4000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.garmin.com/xmlschemas/TrainingCenterDatabase/v2 |
Source: 0Subtitle Edit.exe, 00000000.00000002.2282605862.0000000002886000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.opengis.net/gml |
Source: 0Subtitle Edit.exe, 00000000.00000002.2282605862.0000000002886000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.opengis.net/gml/3.2 |
Source: 0Subtitle Edit.exe, 00000000.00000002.2282605862.0000000002886000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.opengis.net/gml/3.3/exr |
Source: 0Subtitle Edit.exe, 00000000.00000002.2282605862.0000000002886000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.opengis.net/kml/2.2 |
Source: 0Subtitle Edit.exe, 00000000.00000002.2282605862.0000000002886000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.topografix.com/GPX/1/1 |
Source: BitLockerToGo.exe, 00000002.00000003.2301570044.0000000002883000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2308315335.0000000002883000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://locatedblsoqp.shop/ |
Source: BitLockerToGo.exe, 00000002.00000003.2301570044.0000000002883000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://locatedblsoqp.shop/0z |
Source: BitLockerToGo.exe, 00000002.00000003.2301570044.0000000002883000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://locatedblsoqp.shop/W |
Source: BitLockerToGo.exe, 00000002.00000003.2301570044.0000000002883000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000002.2319746932.0000000002883000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2308315335.0000000002883000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://locatedblsoqp.shop/api |
Source: 0Subtitle Edit.exe |
String found in binary or memory: https://login.microsoftonline.us/crypto/aes: |
Source: BitLockerToGo.exe, 00000002.00000002.2319746932.0000000002847000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://separateedmsqj.shop/api |
Source: BitLockerToGo.exe, 00000002.00000002.2319746932.000000000285E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://separateedmsqj.shop/x86 |
Source: BitLockerToGo.exe, 00000002.00000002.2319746932.0000000002883000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2308315335.0000000002883000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://traineiwnqo.shop/ |
Source: BitLockerToGo.exe, 00000002.00000003.2308315335.0000000002883000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://traineiwnqo.shop/8 |
Source: BitLockerToGo.exe, 00000002.00000003.2308315335.0000000002883000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://traineiwnqo.shop/api |
Source: BitLockerToGo.exe, 00000002.00000003.2308315335.000000000287F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000002.2319746932.000000000285E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2308293210.00000000028D8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/5xx-error-landing |
Source: BitLockerToGo.exe, 00000002.00000003.2308315335.000000000287F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2308293210.00000000028D8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2308315335.0000000002883000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/learning/ddos/glossary/malware/ |
Source: unknown |
Network traffic detected: HTTP traffic on port 49713 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49716 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49714 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49716 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49714 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49713 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49713 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49714 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49715 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49716 version: TLS 1.2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040C926 |
2_2_0040C926 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00435EF8 |
2_2_00435EF8 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041F840 |
2_2_0041F840 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00407870 |
2_2_00407870 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040F02D |
2_2_0040F02D |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00421030 |
2_2_00421030 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0042F940 |
2_2_0042F940 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00437130 |
2_2_00437130 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004041D0 |
2_2_004041D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004059E0 |
2_2_004059E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004071F0 |
2_2_004071F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041DA50 |
2_2_0041DA50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00425A69 |
2_2_00425A69 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040F20D |
2_2_0040F20D |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00402A20 |
2_2_00402A20 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00436AED |
2_2_00436AED |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00414AF0 |
2_2_00414AF0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00437280 |
2_2_00437280 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040D286 |
2_2_0040D286 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041AA90 |
2_2_0041AA90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00437AA2 |
2_2_00437AA2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00426343 |
2_2_00426343 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00430BD0 |
2_2_00430BD0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00438C40 |
2_2_00438C40 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00426C28 |
2_2_00426C28 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004304D0 |
2_2_004304D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041B4F6 |
2_2_0041B4F6 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004064A0 |
2_2_004064A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041DCB7 |
2_2_0041DCB7 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041CD59 |
2_2_0041CD59 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00404570 |
2_2_00404570 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041F5DB |
2_2_0041F5DB |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00437590 |
2_2_00437590 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004245A0 |
2_2_004245A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040DDAC |
2_2_0040DDAC |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040D620 |
2_2_0040D620 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041D620 |
2_2_0041D620 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00401E3A |
2_2_00401E3A |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00401EE5 |
2_2_00401EE5 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041EEFB |
2_2_0041EEFB |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00437690 |
2_2_00437690 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00413EA7 |
2_2_00413EA7 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00408F70 |
2_2_00408F70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00438F30 |
2_2_00438F30 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00404FD0 |
2_2_00404FD0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00419FFF |
2_2_00419FFF |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: String function: 00409A30 appears 49 times |
|
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: String function: 00417E90 appears 136 times |
|
Source: 0Subtitle Edit.exe, 00000000.00000002.2281871181.0000000001BBD000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFileName vs 0Subtitle Edit.exe |
Source: 0Subtitle Edit.exe, 00000000.00000002.2283833733.0000000002EE4000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs 0Subtitle Edit.exe |
Source: 0Subtitle Edit.exe |
Binary or memory string: OriginalFileName vs 0Subtitle Edit.exe |
Source: 00000000.00000002.2283833733.0000000002F1E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research |
Source: 0Subtitle Edit.exe |
String found in binary or memory: [38;5;%dmconsistsofconsistsOfissubsetofisSubsetOfBeforeEachAfterSuiteNode (End) for type but have impossibleUser-AgentConnectionlocal-addrimage/webpimage/jpegaudio/aiffaudio/mpegaudio/midiaudio/wavevideo/webmfont/woff2RST_STREAMEND_STREAMSet-Cookie; Expires=; Max-Age=; HttpOnly stream=%d:authorityset-cookieuser-agentkeep-aliveconnectionequivalentHost: %s |
Source: 0Subtitle Edit.exe |
String found in binary or memory: ... omitting .WithDeadline(\.+*?()|[]{}^$X-User-DefinedCLICOLOR_FORCE~/.bash_logout~/.kube/configJustBeforeEach> closed by </RequestTimeoutRequestExpiredContent-LengthMAX_FRAME_SIZEPROTOCOL_ERRORINTERNAL_ERRORREFUSED_STREAM; SameSite=Laxaccept-charsetcontent-length{$} not at endempty wildcardparsing %q: %wNot Acceptable.in-addr.arpa.unknown mode: bad record MACControlServiceCreateServiceWIsWellKnownSidMakeAbsoluteSDSetThreadTokenClearCommBreakClearCommErrorCreateEventExWCreateMutexExWGetTickCount64IsWow64ProcessLoadLibraryExWSetConsoleModeSizeofResourceVirtualProtectVirtualQueryExCoInitializeExCoUninitializeGetShellWindowVerQueryValueWprefix length not an ip:portinvalid Prefixmime/multipartzero parameterformnovalidate$htmltemplate_ /* %s */null missing quotesObjectItem: %s%04d-%02d-%02d%02d:%02d:%02ddocument startsequence startlen of type %sInstEmptyWidth" out of rangeApplyFunction;DifferentialD;DoubleLeftTee;DoubleUpArrow;LeftTeeVector;LeftVectorBar;LessFullEqual;LongLeftArrow;Longleftarrow;NotTildeEqual;NotTildeTilde;Poincareplane;PrecedesEqual;PrecedesTilde;RightArrowBar;RightTeeArrow;RightTriangle;RightUpVector;SucceedsEqual;SucceedsTilde;SupersetEqual;UpEquilibrium;VerticalTilde;VeryThinSpace;bigtriangleup;blacktriangle;divideontimes;fallingdotseq;hookleftarrow;leftarrowtail;leftharpoonup;longleftarrow;looparrowleft;measuredangle;ntriangleleft;shortparallel;smallsetminus;triangleright;upharpoonleft;NotEqualTilde;varsubsetneqq;varsupsetneqq;^[a-zA-Z0-9]+$^[0-9a-f]{32}$^[0-9a-f]{64}$^[0-9a-f]{96}$^[0-9a-f]{40}$^[0-9a-f]{48}$eq_ignore_casene_ignore_caseEC PRIVATE KEYSubConn(id:%d)grpc-go/1.65.0"OUT_OF_RANGE"ALREADY_EXISTSAccept-CharsetDkim-Signatureneed more dataREQUEST_METHODRCodeNameErrorResourceHeaderunknown node: expected 'inf'expected 'nan'reserved_rangefield_presenceimage/x-ms-bmpaudio/musepackaudio/vnd.wavevideo/x-ms-asfvideo/x-ms-wmvimage/vnd.djvuplugin startedunknown ID: %vhealth_service%s Channel #%dgrpc-trace-bintoo_many_pingsAuthInfo: '%s'show_sensitivecloud.adc-e.ukcsp.hci.ic.govap-northeast-1ap-northeast-2ap-northeast-3ap-southeast-1ap-southeast-2ap-southeast-3ap-southeast-4Europe (Milan)Europe (Spain)Europe (Paris)US East (Ohio)fips-ca-west-1fips-us-east-1fips-us-east-2fips-us-west-1fips-us-west-2ca-west-1-fipsus-east-1-fipsus-east-2-fipsus-west-1-fipsus-west-2-fipsamplifybackendapi.ecr-publicbackup-gatewayclouddirectorycloudformationlocalhost:8000edge.sagemakerfips-ap-east-1fips-eu-west-1f |