Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp | String decryptor: reinforcenh.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp | String decryptor: stogeneratmns.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp | String decryptor: fragnantbui.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp | String decryptor: drawzhotdog.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp | String decryptor: vozmeatillu.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp | String decryptor: offensivedzvju.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp | String decryptor: ghostreedmnu.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp | String decryptor: gutterydhowi.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp | String decryptor: ghostreedmnu.shop |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp | String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp | String decryptor: TeslaBrowser/5.5 |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp | String decryptor: - Screen Resoluton: |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp | String decryptor: - Physical Installed Memory: |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp | String decryptor: Workgroup: - |
Source: 00000001.00000002.1856676925.000000000072B000.00000002.00000400.00020000.00000000.sdmp | String decryptor: 9mkWlh--RaUFPPPp |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi+24h] | 1_2_006EF870 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi+08h] | 1_2_006EF870 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [ebp-10h] | 1_2_006EF870 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [ebp-10h] | 1_2_006EF870 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+04h] | 1_2_006EF870 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [ebp-1Ch] | 1_2_006EE9C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov byte ptr [ebx], al | 1_2_006F1DAE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi] | 1_2_006F1DAE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov byte ptr [edi], al | 1_2_006F1DAE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov dword ptr [esp], 00000000h | 1_2_006FA040 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 1_2_00723010 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, ebp | 1_2_006EA0C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, ebp | 1_2_006EA0C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov byte ptr [edx], cl | 1_2_00711167 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi+0Ch] | 1_2_00711167 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi+0Ch] | 1_2_00711167 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov byte ptr [edi], al | 1_2_00711167 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi+44h] | 1_2_006FD1CC |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], 54CA534Eh | 1_2_007272C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 1_2_0071A3F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+08h] | 1_2_006F53E5 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+08h] | 1_2_006F53E5 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov byte ptr [edi], al | 1_2_007113A6 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov byte ptr [edx], al | 1_2_007113A6 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], 1B788DCFh | 1_2_00723460 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+08h] | 1_2_006F447C |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then jmp eax | 1_2_0070D46E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then movzx ecx, word ptr [edi+eax] | 1_2_007274C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h | 1_2_0070D4B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov ebx, dword ptr [edi+04h] | 1_2_0070F530 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh | 1_2_00724590 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+00000874h] | 1_2_00708581 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov word ptr [edx], ax | 1_2_00708581 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [ebp-14h] | 1_2_00725643 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then movzx edx, byte ptr [esi+ebx] | 1_2_006E5680 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+04h] | 1_2_006F0690 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+04h] | 1_2_006F0690 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+0Ch] | 1_2_00729700 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h | 1_2_00729700 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov dword ptr [esp+14h], 12EEEC16h | 1_2_0070E7F6 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+04h] | 1_2_007078E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov word ptr [eax], cx | 1_2_007078E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [ebp-10h] | 1_2_007078E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+0Ch] | 1_2_00729890 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h | 1_2_00729890 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 81105F7Ah | 1_2_00729A10 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi+000006A8h] | 1_2_006FDACA |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi+0Ch] | 1_2_00711AC3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esi+0Ch] | 1_2_00711AC3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then xor eax, eax | 1_2_0070ABF9 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 1_2_006EDBF0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 1_2_00723B90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh | 1_2_00723B90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov eax, dword ptr [esp+08h] | 1_2_006F4C30 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], 0633C81Dh | 1_2_00727D70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h | 1_2_0070FD10 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then movzx eax, word ptr [esi+ecx] | 1_2_00720D00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then cmp byte ptr [edi+eax+01h], 00000000h | 1_2_0070CD08 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then jmp eax | 1_2_0070CD08 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov word ptr [eax], dx | 1_2_006FFD80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then jmp dword ptr [00730078h] | 1_2_006FFD80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 4x nop then mov word ptr [eax], cx | 1_2_00705EF0 |
Source: file.exe | String found in binary or memory: https://api.midtrans.comGetUserDefaultLocaleNameinvalid |
Source: file.exe | String found in binary or memory: https://api.sandbox.midtrans.comcrypto/aes: |
Source: BitLockerToGo.exe, 00000001.00000002.1856895395.00000000007F2000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ghostreedmnu.shop/ |
Source: BitLockerToGo.exe, 00000001.00000002.1856895395.0000000000810000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1846685439.0000000000812000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ghostreedmnu.shop/api |
Source: BitLockerToGo.exe, 00000001.00000003.1846756761.00000000007F6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1846685439.0000000000829000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1846663443.000000000086A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.cloudflare.com/5xx-error-landing |
Source: BitLockerToGo.exe, 00000001.00000003.1846685439.0000000000829000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1846663443.000000000086A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/ |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006EF870 | 1_2_006EF870 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006E1000 | 1_2_006E1000 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006EA0C0 | 1_2_006EA0C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006EE080 | 1_2_006EE080 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006F5081 | 1_2_006F5081 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_00711167 | 1_2_00711167 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006EB150 | 1_2_006EB150 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_0072A120 | 1_2_0072A120 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006E9269 | 1_2_006E9269 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_007162B0 | 1_2_007162B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_0071F2AC | 1_2_0071F2AC |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006E1379 | 1_2_006E1379 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_007283F0 | 1_2_007283F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006E13C1 | 1_2_006E13C1 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006E9442 | 1_2_006E9442 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_0070D4B0 | 1_2_0070D4B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_00716560 | 1_2_00716560 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006E15E3 | 1_2_006E15E3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_0070C5E3 | 1_2_0070C5E3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_0070F5D0 | 1_2_0070F5D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_00708581 | 1_2_00708581 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006E3660 | 1_2_006E3660 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006F0690 | 1_2_006F0690 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_00727870 | 1_2_00727870 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_007178C0 | 1_2_007178C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006E7900 | 1_2_006E7900 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006EC9D0 | 1_2_006EC9D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006FDACA | 1_2_006FDACA |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_00717B70 | 1_2_00717B70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006E6B60 | 1_2_006E6B60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_0070CB0F | 1_2_0070CB0F |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_0070ABF9 | 1_2_0070ABF9 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_00723B90 | 1_2_00723B90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006EBC60 | 1_2_006EBC60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006EACC0 | 1_2_006EACC0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_00727D70 | 1_2_00727D70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_00706D6F | 1_2_00706D6F |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006F2D20 | 1_2_006F2D20 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_0070CD08 | 1_2_0070CD08 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006E4DB0 | 1_2_006E4DB0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_00729E50 | 1_2_00729E50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006F3E12 | 1_2_006F3E12 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006F0ED0 | 1_2_006F0ED0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_0071DF50 | 1_2_0071DF50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006E6F00 | 1_2_006E6F00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Code function: 1_2_006E8FCE | 1_2_006E8FCE |
Source: C:\Users\user\Desktop\file.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: BitLockerToGo.exe, 00000001.00000002.1856895395.0000000000829000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1846685439.0000000000829000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW< |
Source: file.exe | Binary or memory string: main.YFHiCIiixcqEmuOlForkRgsVMgLNXhAujTFmOcP |
Source: BitLockerToGo.exe, 00000001.00000002.1856895395.00000000007D8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1856895395.0000000000814000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1846685439.0000000000812000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: file.exe | Binary or memory string: main.xVFDfAARqjMemLyUDOzhCyJqReWzzAWruHqqEmUwOjMGu |
Source: file.exe, 00000000.00000002.1843500175.0000000001474000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: ymECWhxYrkkpjnZlrjPDSzJkDiTLdWCcvWIdBkmFQkjZElBIRukKygZKZdJqigldpvMCicgGyjGEvQVcW |
Source: file.exe, 00000000.00000002.1842885416.0000000000D5C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll|| |
Source: file.exe, 00000000.00000003.1831171869.00000000017CE000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: reinforcenh.shop |
Source: file.exe, 00000000.00000003.1831171869.00000000017CE000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: stogeneratmns.shop |
Source: file.exe, 00000000.00000003.1831171869.00000000017CE000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: fragnantbui.shop |
Source: file.exe, 00000000.00000003.1831171869.00000000017CE000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: drawzhotdog.shop |
Source: file.exe, 00000000.00000003.1831171869.00000000017CE000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: vozmeatillu.shop |
Source: file.exe, 00000000.00000003.1831171869.00000000017CE000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: offensivedzvju.shop |
Source: file.exe, 00000000.00000003.1831171869.00000000017CE000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: ghostreedmnu.shop |
Source: file.exe, 00000000.00000003.1831171869.00000000017CE000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: gutterydhowi.shop |