Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp |
String decryptor: reinforcenh.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp |
String decryptor: stogeneratmns.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp |
String decryptor: fragnantbui.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp |
String decryptor: drawzhotdog.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp |
String decryptor: vozmeatillu.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp |
String decryptor: offensivedzvju.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp |
String decryptor: ghostreedmnu.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp |
String decryptor: gutterydhowi.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp |
String decryptor: ghostreedmnu.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp |
String decryptor: TeslaBrowser/5.5 |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp |
String decryptor: - Screen Resoluton: |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp |
String decryptor: - Physical Installed Memory: |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp |
String decryptor: Workgroup: - |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp |
String decryptor: 9mkWlh--RaUFPPPp |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+24h] |
1_2_006EF870 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+08h] |
1_2_006EF870 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-10h] |
1_2_006EF870 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-10h] |
1_2_006EF870 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
1_2_006EF870 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-1Ch] |
1_2_006EE9C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
1_2_006F1DAE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
1_2_006F1DAE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edi], al |
1_2_006F1DAE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
1_2_006FA040 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
1_2_00723010 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, ebp |
1_2_006EA0C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, ebp |
1_2_006EA0C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edx], cl |
1_2_00711167 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+0Ch] |
1_2_00711167 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+0Ch] |
1_2_00711167 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edi], al |
1_2_00711167 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+44h] |
1_2_006FD1CC |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 54CA534Eh |
1_2_007272C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
1_2_0071A3F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
1_2_006F53E5 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
1_2_006F53E5 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edi], al |
1_2_007113A6 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edx], al |
1_2_007113A6 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 1B788DCFh |
1_2_00723460 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
1_2_006F447C |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp eax |
1_2_0070D46E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ecx, word ptr [edi+eax] |
1_2_007274C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h |
1_2_0070D4B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
1_2_0070F530 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh |
1_2_00724590 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+00000874h] |
1_2_00708581 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [edx], ax |
1_2_00708581 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
1_2_00725643 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+ebx] |
1_2_006E5680 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
1_2_006F0690 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
1_2_006F0690 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
1_2_00729700 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h |
1_2_00729700 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov dword ptr [esp+14h], 12EEEC16h |
1_2_0070E7F6 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
1_2_007078E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], cx |
1_2_007078E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-10h] |
1_2_007078E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
1_2_00729890 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h |
1_2_00729890 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 81105F7Ah |
1_2_00729A10 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+000006A8h] |
1_2_006FDACA |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+0Ch] |
1_2_00711AC3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+0Ch] |
1_2_00711AC3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then xor eax, eax |
1_2_0070ABF9 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
1_2_006EDBF0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
1_2_00723B90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh |
1_2_00723B90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
1_2_006F4C30 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 0633C81Dh |
1_2_00727D70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h |
1_2_0070FD10 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
1_2_00720D00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [edi+eax+01h], 00000000h |
1_2_0070CD08 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp eax |
1_2_0070CD08 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], dx |
1_2_006FFD80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp dword ptr [00730078h] |
1_2_006FFD80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], cx |
1_2_00705EF0 |
Source: file.exe |
String found in binary or memory: https://api.midtrans.comGetUserDefaultLocaleNameinvalid |
Source: file.exe |
String found in binary or memory: https://api.sandbox.midtrans.comcrypto/aes: |
Source: BitLockerToGo.exe, 00000001.00000002.1856895395.00000000007F2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ghostreedmnu.shop/ |
Source: BitLockerToGo.exe, 00000001.00000002.1856895395.0000000000810000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1846685439.0000000000812000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ghostreedmnu.shop/api |
Source: BitLockerToGo.exe, 00000001.00000003.1846756761.00000000007F6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1846685439.0000000000829000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1846663443.000000000086A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/5xx-error-landing |
Source: BitLockerToGo.exe, 00000001.00000003.1846685439.0000000000829000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1846663443.000000000086A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/ |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006EF870 |
1_2_006EF870 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006E1000 |
1_2_006E1000 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006EA0C0 |
1_2_006EA0C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006EE080 |
1_2_006EE080 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006F5081 |
1_2_006F5081 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00711167 |
1_2_00711167 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006EB150 |
1_2_006EB150 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0072A120 |
1_2_0072A120 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006E9269 |
1_2_006E9269 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_007162B0 |
1_2_007162B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0071F2AC |
1_2_0071F2AC |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006E1379 |
1_2_006E1379 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_007283F0 |
1_2_007283F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006E13C1 |
1_2_006E13C1 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006E9442 |
1_2_006E9442 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0070D4B0 |
1_2_0070D4B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00716560 |
1_2_00716560 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006E15E3 |
1_2_006E15E3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0070C5E3 |
1_2_0070C5E3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0070F5D0 |
1_2_0070F5D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00708581 |
1_2_00708581 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006E3660 |
1_2_006E3660 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006F0690 |
1_2_006F0690 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00727870 |
1_2_00727870 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_007178C0 |
1_2_007178C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006E7900 |
1_2_006E7900 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006EC9D0 |
1_2_006EC9D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006FDACA |
1_2_006FDACA |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00717B70 |
1_2_00717B70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006E6B60 |
1_2_006E6B60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0070CB0F |
1_2_0070CB0F |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0070ABF9 |
1_2_0070ABF9 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00723B90 |
1_2_00723B90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006EBC60 |
1_2_006EBC60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006EACC0 |
1_2_006EACC0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00727D70 |
1_2_00727D70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00706D6F |
1_2_00706D6F |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006F2D20 |
1_2_006F2D20 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0070CD08 |
1_2_0070CD08 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006E4DB0 |
1_2_006E4DB0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00729E50 |
1_2_00729E50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006F3E12 |
1_2_006F3E12 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006F0ED0 |
1_2_006F0ED0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0071DF50 |
1_2_0071DF50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006E6F00 |
1_2_006E6F00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_006E8FCE |
1_2_006E8FCE |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: BitLockerToGo.exe, 00000001.00000002.1856895395.0000000000829000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1846685439.0000000000829000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW< |
Source: file.exe |
Binary or memory string: main.YFHiCIiixcqEmuOlForkRgsVMgLNXhAujTFmOcP |
Source: BitLockerToGo.exe, 00000001.00000002.1856895395.00000000007D8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1856895395.0000000000814000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1846685439.0000000000812000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: file.exe |
Binary or memory string: main.xVFDfAARqjMemLyUDOzhCyJqReWzzAWruHqqEmUwOjMGu |
Source: file.exe, 00000000.00000002.1843500175.0000000001474000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: ymECWhxYrkkpjnZlrjPDSzJkDiTLdWCcvWIdBkmFQkjZElBIRukKygZKZdJqigldpvMCicgGyjGEvQVcW |
Source: file.exe, 00000000.00000002.1842885416.0000000000D5C000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll|| |
Source: file.exe, 00000000.00000003.1831171869.00000000017CE000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: reinforcenh.shop |
Source: file.exe, 00000000.00000003.1831171869.00000000017CE000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: stogeneratmns.shop |
Source: file.exe, 00000000.00000003.1831171869.00000000017CE000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: fragnantbui.shop |
Source: file.exe, 00000000.00000003.1831171869.00000000017CE000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: drawzhotdog.shop |
Source: file.exe, 00000000.00000003.1831171869.00000000017CE000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: vozmeatillu.shop |
Source: file.exe, 00000000.00000003.1831171869.00000000017CE000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: offensivedzvju.shop |
Source: file.exe, 00000000.00000003.1831171869.00000000017CE000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: ghostreedmnu.shop |
Source: file.exe, 00000000.00000003.1831171869.00000000017CE000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: gutterydhowi.shop |