Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: drawwyobstacw.sbs |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: condifendteu.sbs |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: ehticsprocw.sbs |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: vennurviot.sbs |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: resinedyw.sbs |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: enlargkiw.sbs |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: allocatinow.sbs |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: mathcucom.sbs |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: divewanntwj.biz |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: drawwyobstacw.sbs |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: condifendteu.sbs |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: ehticsprocw.sbs |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: vennurviot.sbs |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: resinedyw.sbs |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: enlargkiw.sbs |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: allocatinow.sbs |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: mathcucom.sbs |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: divewanntwj.biz |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: TeslaBrowser/5.5 |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: - Screen Resoluton: |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: - Physical Installed Memory: |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: Workgroup: - |
Source: 00000000.00000002.2281733359.0000000004215000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: k99eRC--davi |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp eax |
2_2_004438E4 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edx, byte ptr [ebp+esi-1Eh] |
2_2_004439B5 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edx, byte ptr [esp+eax-2D586584h] |
2_2_0043CCC5 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp edi |
2_2_00443D4F |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx esi, byte ptr [esp+eax-0000008Dh] |
2_2_0040CE60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 07E776F1h |
2_2_0042E049 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then lea edi, dword ptr [esp+04h] |
2_2_0042E049 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov esi, dword ptr [esp+18h] |
2_2_00401000 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx esi, byte ptr [esp+ecx-1Eh] |
2_2_0040F0C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then push eax |
2_2_004430D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], cx |
2_2_0042E0D7 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 731CDBF3h |
2_2_004410E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ecx, byte ptr [esp+eax+5715E8D1h] |
2_2_004410E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edi, byte ptr [esi+ecx-43CF5BD5h] |
2_2_004320A3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edi], dl |
2_2_00430120 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edi], cl |
2_2_00430120 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
2_2_0041E180 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then push 2CCA4B49h |
2_2_0040E244 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], dx |
2_2_004252E2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, ebx |
2_2_004252E2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edx, byte ptr [edi+eax-17h] |
2_2_004252E2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
2_2_0042C2EE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
2_2_0042F2F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h |
2_2_004452A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
2_2_004452A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
2_2_00427350 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edx, ecx |
2_2_00429370 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edi, dword ptr [esp+38h] |
2_2_00429370 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 87573896h |
2_2_004463E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h |
2_2_004453F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
2_2_004453F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [ebx+eax], 00000000h |
2_2_0041E4E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h |
2_2_0042B500 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], C85F7986h |
2_2_0042B500 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edx, ecx |
2_2_00429500 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-3643ABD5h] |
2_2_0042D530 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 03BA5404h |
2_2_004405F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h |
2_2_004455B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
2_2_004455B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
2_2_0041E670 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+ebx] |
2_2_004056F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 07E776F1h |
2_2_00440750 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edi, ecx |
2_2_00410772 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h |
2_2_00445700 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
2_2_00445700 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h |
2_2_0042E7C2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], cx |
2_2_004207E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h |
2_2_004457F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
2_2_004457F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edi, byte ptr [ecx] |
2_2_0040F819 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, ebx |
2_2_0040F819 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edi, byte ptr [esp+eax+14h] |
2_2_0040D8C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edi, byte ptr [esp+ebx+04h] |
2_2_0040D8C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ecx, byte ptr [esp+eax-73239D8Bh] |
2_2_0042B8F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
2_2_004398F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp eax |
2_2_004108A8 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h |
2_2_0042F900 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then push esi |
2_2_0042C913 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ecx, byte ptr [esi+eax+74h] |
2_2_00432992 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ecx, byte ptr [esi+eax+74h] |
2_2_00432992 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [esi+ecx+02h], 0000h |
2_2_00421A60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+esi*8], 62429966h |
2_2_00440AA0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [edi+ecx], 00000000h |
2_2_00445B20 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
2_2_00445B20 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp dword ptr [0044EF6Ch] |
2_2_0042CBDC |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edi, byte ptr [ecx+esi] |
2_2_00406B90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h |
2_2_0042CC28 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ecx+edi*8], FFFF4170h |
2_2_00446C30 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ecx, byte ptr [esp+eax+312BE668h] |
2_2_00440CC0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 7B3AFDABh |
2_2_00440CC0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then lea eax, dword ptr [esp+48h] |
2_2_0042AD00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp ecx |
2_2_00445E70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
2_2_0043EE00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], 53F09CFAh |
2_2_0041EE2E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h |
2_2_0041EE2E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h |
2_2_0041EE2E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edx+ecx*8], C59B8BCBh |
2_2_00446F00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ebp, word ptr [eax] |
2_2_00446F00 |
Source: Network traffic |
Suricata IDS: 2056567 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (enlargkiw .sbs in TLS SNI) : 192.168.2.6:49780 -> 104.21.33.249:443 |
Source: Network traffic |
Suricata IDS: 2056565 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (resinedyw .sbs in TLS SNI) : 192.168.2.6:49790 -> 104.21.77.78:443 |
Source: Network traffic |
Suricata IDS: 2056571 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mathcucom .sbs in TLS SNI) : 192.168.2.6:49774 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2056570 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mathcucom .sbs) : 192.168.2.6:65205 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056560 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ehticsprocw .sbs) : 192.168.2.6:63862 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056561 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ehticsprocw .sbs in TLS SNI) : 192.168.2.6:49806 -> 172.67.173.224:443 |
Source: Network traffic |
Suricata IDS: 2056564 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (resinedyw .sbs) : 192.168.2.6:63346 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056559 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (condifendteu .sbs in TLS SNI) : 192.168.2.6:49813 -> 104.21.79.35:443 |
Source: Network traffic |
Suricata IDS: 2056566 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (enlargkiw .sbs) : 192.168.2.6:55186 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056556 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawwyobstacw .sbs) : 192.168.2.6:54466 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056568 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (allocatinow .sbs) : 192.168.2.6:56776 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056562 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vennurviot .sbs) : 192.168.2.6:52725 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056558 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (condifendteu .sbs) : 192.168.2.6:54019 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2056557 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawwyobstacw .sbs in TLS SNI) : 192.168.2.6:49819 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2056563 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vennurviot .sbs in TLS SNI) : 192.168.2.6:49799 -> 172.67.140.193:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49763 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49763 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49774 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49774 -> 188.114.97.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49780 -> 104.21.33.249:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49780 -> 104.21.33.249:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49819 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49819 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49837 -> 172.67.206.204:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49837 -> 172.67.206.204:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49790 -> 104.21.77.78:443 |
Source: Network traffic |
Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49826 -> 104.102.49.254:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49813 -> 104.21.79.35:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49813 -> 104.21.79.35:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49806 -> 172.67.173.224:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49806 -> 172.67.173.224:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49790 -> 104.21.77.78:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49799 -> 172.67.140.193:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49799 -> 172.67.140.193:443 |
Source: Network traffic |
Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49843 -> 172.67.206.204:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49843 -> 172.67.206.204:443 |
Source: Setup.exe, program.js.0.dr |
String found in binary or memory: http://json-schema.org/draft-07/schema |
Source: program.js.0.dr |
String found in binary or memory: http://json-schema.org/draft-07/schema# |
Source: Setup.exe, program.js.0.dr |
String found in binary or memory: http://json-schema.org/schema |
Source: Setup.exe, 00000000.00000002.2279698242.0000000003E1E000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://jsperf.com/1-vs-infinity |
Source: BitLockerToGo.exe, 00000002.00000003.2338992409.00000000031D3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2319556533.00000000031D3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2297775302.00000000031D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://microsoft.co |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: BitLockerToGo.exe, 00000002.00000003.2297775302.00000000031D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://allocatinow.sbs/ |
Source: BitLockerToGo.exe, 00000002.00000003.2297775302.00000000031D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://allocatinow.sbs/3l |
Source: BitLockerToGo.exe, 00000002.00000003.2297775302.00000000031D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://allocatinow.sbs/api |
Source: BitLockerToGo.exe, 00000002.00000003.2297775302.00000000031D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://allocatinow.sbs/api1 |
Source: BitLockerToGo.exe, 00000002.00000003.2319556533.00000000031D3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2297775302.00000000031D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://allocatinow.sbs/co |
Source: BitLockerToGo.exe, 00000002.00000003.2319556533.00000000031D3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2297775302.00000000031D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://allocatinow.sbs/pi |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg |
Source: Setup.exe, program.js.0.dr |
String found in binary or memory: https://aws.amazon.com |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG& |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1 |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6& |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1& |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0 |
Source: BitLockerToGo.exe, 00000002.00000003.2297598155.00000000031AE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://divewanntwj.biz/api |
Source: BitLockerToGo.exe, 00000002.00000003.2338992409.00000000031D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ehticsprocw.sbs/api |
Source: BitLockerToGo.exe, 00000002.00000003.2338992409.00000000031D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ehticsprocw.sbs/li3 |
Source: BitLockerToGo.exe, 00000002.00000003.2319556533.00000000031D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://enlargkiw.sbs/ |
Source: Setup.exe, program.js.0.dr |
String found in binary or memory: https://github.com/aws/jsii |
Source: Setup.exe, program.js.0.dr |
String found in binary or memory: https://github.com/aws/jsii.git |
Source: Setup.exe, program.js.0.dr |
String found in binary or memory: https://github.com/aws/jsii/issues |
Source: program.js.0.dr |
String found in binary or memory: https://github.com/jprichardson/node-fs-extra/issues/269 |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/en/ |
Source: Setup.exe, 00000000.00000002.2279698242.0000000003E1E000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://jsperf.com/object-keys-vs-for-in-with-closure/3 |
Source: BitLockerToGo.exe, 00000002.00000003.2297775302.00000000031D3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000002.00000003.2297598155.00000000031AE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://mathcucom.sbs/ |
Source: BitLockerToGo.exe, 00000002.00000003.2297775302.00000000031D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://mathcucom.sbs/api |
Source: BitLockerToGo.exe, 00000002.00000003.2297775302.00000000031D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://mathcucom.sbs/apij |
Source: program.js.0.dr |
String found in binary or memory: https://raw.githubusercontent.com/ajv-validator/ajv/master/lib/refs/data.json# |
Source: BitLockerToGo.exe, 00000002.00000003.2319556533.00000000031D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://resinedyw.sbs/ |
Source: BitLockerToGo.exe, 00000002.00000003.2319556533.00000000031D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://resinedyw.sbs/api |
Source: BitLockerToGo.exe, 00000002.00000003.2319556533.00000000031D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://resinedyw.sbs:443/apii |
Source: BitLockerToGo.exe, 00000002.00000002.2400111218.0000000003188000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/ |
Source: BitLockerToGo.exe, 00000002.00000002.2400111218.000000000319C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/api |
Source: BitLockerToGo.exe, 00000002.00000002.2400111218.000000000319C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/apiC |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900 |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/market/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/about/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/explore/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/legal/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/mobile |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/news/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/stats/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: BitLockerToGo.exe, 00000002.00000003.2338992409.00000000031D3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://vennurviot.sbs/ |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/5xx-error-landing |
Source: BitLockerToGo.exe, 00000002.00000003.2386774263.000000000323D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004112A3 |
2_2_004112A3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00443D4F |
2_2_00443D4F |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00401000 |
2_2_00401000 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041900F |
2_2_0041900F |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040F0C0 |
2_2_0040F0C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004150C0 |
2_2_004150C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040A0E0 |
2_2_0040A0E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004410E0 |
2_2_004410E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040B0F0 |
2_2_0040B0F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004320A3 |
2_2_004320A3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00411100 |
2_2_00411100 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00430120 |
2_2_00430120 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004471F0 |
2_2_004471F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00420233 |
2_2_00420233 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004352D0 |
2_2_004352D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004252E2 |
2_2_004252E2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0042C2EE |
2_2_0042C2EE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004012F3 |
2_2_004012F3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0043C2A0 |
2_2_0043C2A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004452A0 |
2_2_004452A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004122B0 |
2_2_004122B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040134E |
2_2_0040134E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00429370 |
2_2_00429370 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00408320 |
2_2_00408320 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0042D327 |
2_2_0042D327 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004453F0 |
2_2_004453F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00444460 |
2_2_00444460 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040D4D0 |
2_2_0040D4D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00415497 |
2_2_00415497 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0042B500 |
2_2_0042B500 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00429500 |
2_2_00429500 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00435500 |
2_2_00435500 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00423510 |
2_2_00423510 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0042D530 |
2_2_0042D530 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041A596 |
2_2_0041A596 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041C596 |
2_2_0041C596 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040A5A0 |
2_2_0040A5A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004275B0 |
2_2_004275B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004455B0 |
2_2_004455B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00401602 |
2_2_00401602 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004316CE |
2_2_004316CE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00403770 |
2_2_00403770 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00428770 |
2_2_00428770 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00445700 |
2_2_00445700 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0042E7C2 |
2_2_0042E7C2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004207E0 |
2_2_004207E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004457F0 |
2_2_004457F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00444870 |
2_2_00444870 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040F819 |
2_2_0040F819 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040D8C0 |
2_2_0040D8C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_004078D0 |
2_2_004078D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0042C8DA |
2_2_0042C8DA |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0043B970 |
2_2_0043B970 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0042F900 |
2_2_0042F900 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0042C931 |
2_2_0042C931 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00416982 |
2_2_00416982 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00432992 |
2_2_00432992 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00446990 |
2_2_00446990 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00421A60 |
2_2_00421A60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041FAC9 |
2_2_0041FAC9 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0042BAF1 |
2_2_0042BAF1 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00436A90 |
2_2_00436A90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041BAAE |
2_2_0041BAAE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00445B20 |
2_2_00445B20 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0043BBD0 |
2_2_0043BBD0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00411C5B |
2_2_00411C5B |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040AC60 |
2_2_0040AC60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00427C6E |
2_2_00427C6E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040BC00 |
2_2_0040BC00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00422C00 |
2_2_00422C00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0043CC17 |
2_2_0043CC17 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00423C30 |
2_2_00423C30 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00446C30 |
2_2_00446C30 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0040ED40 |
2_2_0040ED40 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00444D60 |
2_2_00444D60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00408D70 |
2_2_00408D70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041BD73 |
2_2_0041BD73 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0042AD00 |
2_2_0042AD00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00436D00 |
2_2_00436D00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00404E60 |
2_2_00404E60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_0041EE2E |
2_2_0041EE2E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00406ED0 |
2_2_00406ED0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 2_2_00446F00 |
2_2_00446F00 |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: acgenral.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: msacm32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: winmmbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: winmmbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |