Source: 00000002.00000002.2326311368.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: reinforcenh.shop |
Source: 00000002.00000002.2326311368.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: stogeneratmns.shop |
Source: 00000002.00000002.2326311368.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: fragnantbui.shop |
Source: 00000002.00000002.2326311368.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: drawzhotdog.shop |
Source: 00000002.00000002.2326311368.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: vozmeatillu.shop |
Source: 00000002.00000002.2326311368.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: offensivedzvju.shop |
Source: 00000002.00000002.2326311368.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: ghostreedmnu.shop |
Source: 00000002.00000002.2326311368.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: gutterydhowi.shop |
Source: 00000002.00000002.2326311368.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: trustterwowqm.shop |
Source: 00000002.00000002.2326311368.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000002.00000002.2326311368.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: TeslaBrowser/5.5 |
Source: 00000002.00000002.2326311368.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: - Screen Resoluton: |
Source: 00000002.00000002.2326311368.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: - Physical Installed Memory: |
Source: 00000002.00000002.2326311368.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: Workgroup: - |
Source: 00000002.00000002.2326311368.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: tLYMe5--111 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 68677325h |
2_2_00446C94 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-10h] |
2_2_0040EFF8 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_00449F80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx eax, word ptr [esi+edx*4] |
2_2_0040C070 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then add eax, dword ptr [esp+ecx*4+28h] |
2_2_0040C070 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ecx, word ptr [ebp+edi*4+00h] |
2_2_0040C070 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_0040E080 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ecx, word ptr [edi+eax] |
2_2_00448120 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 1B788DCFh |
2_2_004441D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ebx, ecx |
2_2_004141F6 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+00000878h] |
2_2_004291A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [edx], ax |
2_2_004291A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov esi, dword ptr [esp+40h] |
2_2_004291A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_0042E20E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_004232D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], CECD21FDh |
2_2_0042C2E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], CECD21FDh |
2_2_0042C2E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [ebx], 00000000h |
2_2_00415292 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp+18h] |
2_2_00401295 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh |
2_2_00445310 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+20h] |
2_2_004323D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+20h] |
2_2_004323D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
2_2_004323D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
2_2_004323D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
2_2_004323D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
2_2_004323D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+58h] |
2_2_004323D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+20h] |
2_2_004323D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
2_2_004133E4 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h |
2_2_0044A3A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then add ebp, dword ptr [esp+0Ch] |
2_2_00431420 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [ebp+ecx+00h], 0000h |
2_2_004274C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movsx edx, byte ptr [ebp+ebx+00h] |
2_2_004494C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_004494C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [edi], ax |
2_2_004214F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then dec ebx |
2_2_0043F510 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h |
2_2_0044A520 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], cx |
2_2_0042F5E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movsx edx, byte ptr [ebp+ebx+00h] |
2_2_004495A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_004495A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
2_2_0041260C |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [ebp+00h], al |
2_2_0042D624 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then test eax, eax |
2_2_0041E6E6 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 81105F7Ah |
2_2_0044A690 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then push 00000000h |
2_2_00403710 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_0042C710 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [esi], 00000000h |
2_2_004157D7 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
2_2_004307F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edi, eax |
2_2_00408780 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
2_2_0043B8C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_004498A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_0042B8B2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
2_2_0042B8B2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
2_2_00413900 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_00444900 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh |
2_2_00444900 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ebx, byte ptr [eax+edx] |
2_2_00444900 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 0633C81Dh |
2_2_004489D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_004489D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_0042D9B3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 44CAAEB6h |
2_2_00427A60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+14h] |
2_2_0040DA70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_0044AA70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
2_2_0041FA83 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
2_2_00441A80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], cx |
2_2_00426B70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
2_2_0042EB0B |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_00449B30 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
2_2_00404BC0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
2_2_00412B9E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
2_2_00412B9E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
2_2_0042EBA0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [esi], ax |
2_2_00420C60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], dx |
2_2_00420C60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+ebx] |
2_2_00405C00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
2_2_0042FC31 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
2_2_0040DCC0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+48h] |
2_2_00413DE2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
2_2_00443D90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
2_2_0041AF40 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 54CA534Eh |
2_2_00447F30 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+10h] |
2_2_00443FC0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h |
2_2_00430FB0 |
Source: Full-Setup.exe |
String found in binary or memory: http://.css |
Source: Full-Setup.exe |
String found in binary or memory: http://.jpg |
Source: Full-Setup.exe |
String found in binary or memory: http://html4/loose.dtd |
Source: Full-Setup.exe |
String found in binary or memory: https://DwmFlushTlsAllocIsIconicIsZoomedPtInRectSetFocusdxgi.dll |
Source: Full-Setup.exe, 00000000.00000002.2310510440.0000000002146000.00000004.00001000.00020000.00000000.sdmp, Full-Setup.exe, 00000000.00000002.2310510440.000000000236E000.00000004.00001000.00020000.00000000.sdmp, Full-Setup.exe, 00000000.00000002.2312557976.0000000002446000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signature |
Source: Full-Setup.exe, 00000000.00000002.2314493525.0000000002580000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signatureSizes |
Source: Full-Setup.exe, 00000000.00000002.2310510440.000000000236E000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signatureZ |
Source: Full-Setup.exe, 00000000.00000002.2310510440.000000000236E000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md#deprecated-cli-app-action-signaturexS |
Source: BitLockerToGo.exe, 00000002.00000002.2326588837.0000000002F7B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000002.2326588837.0000000002F94000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gutterydhowi.shop/ |
Source: BitLockerToGo.exe, 00000002.00000002.2326588837.0000000002F7B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gutterydhowi.shop/R |
Source: BitLockerToGo.exe, 00000002.00000003.2315276259.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2315276259.0000000002FA3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000002.2326588837.0000000002FBD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2315608551.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gutterydhowi.shop/api |
Source: BitLockerToGo.exe, 00000002.00000002.2326588837.0000000002F7B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gutterydhowi.shop/b |
Source: Full-Setup.exe |
String found in binary or memory: https://login.chinacloudapi.cn/non-pointer |
Source: Full-Setup.exe |
String found in binary or memory: https://management.azure.comnil |
Source: BitLockerToGo.exe, 00000002.00000002.2326588837.0000000002F7B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2315243598.0000000002FFE000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2315608551.0000000002FBD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/5xx-error-landing |
Source: BitLockerToGo.exe, 00000002.00000003.2315243598.0000000002FFE000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2315608551.0000000002FBD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/ |