Source: 00000000.00000003.2265990913.000000C00047C000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: demonstationfukewko.shop |
Source: 00000000.00000003.2265990913.000000C00047C000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: liabilitynighstjsko.shop |
Source: 00000000.00000003.2265990913.000000C00047C000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: alcojoldwograpciw.shop |
Source: 00000000.00000003.2265990913.000000C00047C000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: incredibleextedwj.shop |
Source: 00000000.00000003.2265990913.000000C00047C000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: shortsvelventysjo.shop |
Source: 00000000.00000003.2265990913.000000C00047C000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: shatterbreathepsw.shop |
Source: 00000000.00000003.2265990913.000000C00047C000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: tolerateilusidjukl.shop |
Source: 00000000.00000003.2265990913.000000C00047C000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: productivelookewr.shop |
Source: 00000000.00000003.2265990913.000000C00047C000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: shatterbreathepsw.shop |
Source: 00000000.00000003.2265990913.000000C00047C000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000000.00000003.2265990913.000000C00047C000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: TeslaBrowser/5.5 |
Source: 00000000.00000003.2265990913.000000C00047C000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: - Screen Resoluton: |
Source: 00000000.00000003.2265990913.000000C00047C000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: - Physical Installed Memory: |
Source: 00000000.00000003.2265990913.000000C00047C000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: Workgroup: - |
Source: 00000000.00000003.2265990913.000000C00047C000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: xpsGVF--GEIROPA |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+20h] |
5_2_02D10352 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edx, dword ptr [esi+08h] |
5_2_02D0D343 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
5_2_02D0633E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 73CEF4DDh |
5_2_02D291A2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp+04h] |
5_2_02D07AE2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ebx, eax |
5_2_02CF4BB0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+10h] |
5_2_02CFAB00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then lea eax, dword ptr [esp+00000084h] |
5_2_02D05977 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp+10h] |
5_2_02CF9E70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edx, dword ptr [esp+08h] |
5_2_02CF9E70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], cx |
5_2_02D13FD5 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 18DC7455h |
5_2_02D26CF0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp+08h] |
5_2_02D05D07 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+20h] |
5_2_02D012DF |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+20h] |
5_2_02D012DF |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 73CEF4DDh |
5_2_02D292A1 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [edi+edx], 0000h |
5_2_02D0727D |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7A1A689Fh |
5_2_02D27220 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [eax+ecx], 00000000h |
5_2_02D153B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp eax |
5_2_02D133B9 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+00000534h] |
5_2_02D163BC |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+10h] |
5_2_02D2934E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+00000534h] |
5_2_02D16312 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
5_2_02D230D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h |
5_2_02D0A000 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ebx, eax |
5_2_02CF31D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp eax |
5_2_02D121A3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp eax |
5_2_02D1515A |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 5C3924FCh |
5_2_02D27110 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp eax |
5_2_02D01114 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [ecx], 00000000h |
5_2_02D026D2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000090h] |
5_2_02D186C5 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [ebx+eax+01h], 00000000h |
5_2_02D136F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp eax |
5_2_02D2A6E8 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000090h] |
5_2_02D16644 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000090h] |
5_2_02D16647 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
5_2_02CF2610 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edx, dword ptr [esp] |
5_2_02D27620 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [edi], 00000000h |
5_2_02D017DE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
5_2_02D117EE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edx, dword ptr [esi+20h] |
5_2_02D047A1 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp eax |
5_2_02D2A720 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edi, eax |
5_2_02CF64E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+00000534h] |
5_2_02D162C8 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 0AB35B01h |
5_2_02D03B97 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp eax |
5_2_02D068DD |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp eax |
5_2_02D068F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
5_2_02D13880 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000090h] |
5_2_02D15F0E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [eax], cl |
5_2_02D06983 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [eax], cl |
5_2_02D06983 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then lea ebx, dword ptr [edi+ecx] |
5_2_02D11FA1 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edx, dword ptr [esp+60h] |
5_2_02D14F56 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
5_2_02D15F13 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp eax |
5_2_02D11CC6 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp edx |
5_2_02D0CCF0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then inc ebx |
5_2_02D04C00 |
Source: file.exe |
String found in binary or memory: http://.css |
Source: file.exe |
String found in binary or memory: http://.jpg |
Source: BitLockerToGo.exe, 00000005.00000003.2421315426.000000000526D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
Source: BitLockerToGo.exe, 00000005.00000003.2421315426.000000000526D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
Source: BitLockerToGo.exe, 00000005.00000003.2421315426.000000000526D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
Source: BitLockerToGo.exe, 00000005.00000003.2421315426.000000000526D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: BitLockerToGo.exe, 00000005.00000003.2421315426.000000000526D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: BitLockerToGo.exe, 00000005.00000003.2421315426.000000000526D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
Source: BitLockerToGo.exe, 00000005.00000003.2421315426.000000000526D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
Source: file.exe |
String found in binary or memory: http://html4/loose.dtd |
Source: BitLockerToGo.exe, 00000005.00000003.2421315426.000000000526D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: BitLockerToGo.exe, 00000005.00000003.2421315426.000000000526D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
Source: BitLockerToGo.exe, 00000005.00000003.2421315426.000000000526D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://x1.c.lencr.org/0 |
Source: BitLockerToGo.exe, 00000005.00000003.2421315426.000000000526D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://x1.i.lencr.org/0 |
Source: BitLockerToGo.exe, 00000005.00000003.2389832770.0000000002F4B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: BitLockerToGo.exe, 00000005.00000003.2462513783.0000000002F0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189. |
Source: BitLockerToGo.exe, 00000005.00000003.2462513783.0000000002F0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta |
Source: BitLockerToGo.exe, 00000005.00000003.2389832770.0000000002F4B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: BitLockerToGo.exe, 00000005.00000003.2389832770.0000000002F4B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: BitLockerToGo.exe, 00000005.00000003.2389832770.0000000002F4B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: BitLockerToGo.exe, 00000005.00000003.2462513783.0000000002F0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg |
Source: BitLockerToGo.exe, 00000005.00000003.2462513783.0000000002F0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
Source: file.exe |
String found in binary or memory: https://database.usgovcloudapi.net/unsupported |
Source: file.exe |
String found in binary or memory: https://datalake.azure.net/https://api.loganalytics.iohttps://graph.microsoft.us/https://api.loganal |
Source: BitLockerToGo.exe, 00000005.00000003.2389832770.0000000002F4B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: BitLockerToGo.exe, 00000005.00000003.2389832770.0000000002F4B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: BitLockerToGo.exe, 00000005.00000003.2389832770.0000000002F4B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: file.exe |
String found in binary or memory: https://gallery.azure.com/https://graph.windows.net/mariadb.database.azure.comhttps://storage.azure. |
Source: BitLockerToGo.exe, 00000005.00000003.2462513783.0000000002F0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi |
Source: file.exe |
String found in binary or memory: https://manage.chinacloudapi.com/publishsettings/indexhttps://manage.microsoftazure.de/publishsettin |
Source: file.exe |
String found in binary or memory: https://manage.windowsazure.com/publishsettings/indexnon-CONNECT |
Source: file.exe |
String found in binary or memory: https://manage.windowsazure.us/publishsettings/indexMaximum |
Source: file.exe |
String found in binary or memory: https://management.azure.com/https://managedhsm.azure.net/https://servicebus.azure.net/https://datab |
Source: file.exe |
String found in binary or memory: https://management.azure.comINVALID |
Source: file.exe |
String found in binary or memory: https://management.chinacloudapi.cntoo |
Source: file.exe |
String found in binary or memory: https://management.core.usgovcloudapi.net/https://dev.azuresynapse.usgovcloudapi.netbad |
Source: file.exe |
String found in binary or memory: https://protobuf.dev/reference/go/faq#namespace-conflictLZMA |
Source: BitLockerToGo.exe, 00000005.00000003.2490547443.0000000002F0A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2419343297.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2418983675.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop/ |
Source: BitLockerToGo.exe, 00000005.00000003.2470403875.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop/&6 |
Source: BitLockerToGo.exe, 00000005.00000003.2462485236.0000000002F41000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2397981986.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop/0 |
Source: BitLockerToGo.exe, 00000005.00000003.2470403875.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop/?6a |
Source: BitLockerToGo.exe, 00000005.00000003.2398142344.0000000002F11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2397680492.0000000002F11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2398470292.0000000002F11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2397264679.0000000002F11000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop/D7 |
Source: BitLockerToGo.exe, 00000005.00000003.2462610333.0000000002EE8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2531513795.0000000002EAE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop/api |
Source: BitLockerToGo.exe, 00000005.00000003.2462610333.0000000002EE8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop/apiT |
Source: BitLockerToGo.exe, 00000005.00000003.2389056869.0000000002E93000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop/apiar |
Source: BitLockerToGo.exe, 00000005.00000002.2531924515.0000000002E93000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop/apihort |
Source: BitLockerToGo.exe, 00000005.00000003.2397981986.0000000002E93000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2398248173.0000000002EE8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop/apii |
Source: BitLockerToGo.exe, 00000005.00000003.2470610228.0000000002EE8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2419422712.0000000002EE8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2462610333.0000000002EE8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop/apizen |
Source: BitLockerToGo.exe, 00000005.00000003.2420113247.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2462513783.0000000002F0B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2418852252.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2419343297.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2418983675.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop/w6 |
Source: BitLockerToGo.exe, 00000005.00000003.2398142344.0000000002F11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2397680492.0000000002F11000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2397264679.0000000002F11000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop/y7 |
Source: BitLockerToGo.exe, 00000005.00000003.2420113247.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2462513783.0000000002F0B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2418852252.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2419343297.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2418983675.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop/~6 |
Source: BitLockerToGo.exe, 00000005.00000003.2531309021.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2420113247.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2397981986.0000000002E93000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2462513783.0000000002F0B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2463146392.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2389056869.0000000002E93000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000002.2532039828.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2483801676.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2418852252.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2470403875.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2483094012.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2490547443.0000000002F0A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2419343297.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2418983675.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop:443/api |
Source: BitLockerToGo.exe, 00000005.00000003.2531309021.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000002.2532039828.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.2490547443.0000000002F0A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop:443/api-release/key4.dbPK |
Source: BitLockerToGo.exe, 00000005.00000003.2490547443.0000000002F0A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://shatterbreathepsw.shop:443/apirosoft |
Source: BitLockerToGo.exe, 00000005.00000003.2454550554.0000000005385000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: BitLockerToGo.exe, 00000005.00000003.2454550554.0000000005385000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all |
Source: file.exe |
String found in binary or memory: https://vault.azure.net/mysql.database.azure.comhttps://cosmos.azure.comjson: |
Source: file.exe |
String found in binary or memory: https://vault.azure.netusgovtrafficmanager.netvault.usgovcloudapi.nethttps://vault.azure.cn/vault.mi |
Source: BitLockerToGo.exe, 00000005.00000003.2462513783.0000000002F0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3 |
Source: BitLockerToGo.exe, 00000005.00000003.2389832770.0000000002F4B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: BitLockerToGo.exe, 00000005.00000003.2389832770.0000000002F4B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: BitLockerToGo.exe, 00000005.00000003.2462415774.000000000526A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.or |
Source: BitLockerToGo.exe, 00000005.00000003.2462415774.000000000526A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org |
Source: BitLockerToGo.exe, 00000005.00000003.2454550554.0000000005385000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle |
Source: BitLockerToGo.exe, 00000005.00000003.2454550554.0000000005385000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ |
Source: BitLockerToGo.exe, 00000005.00000003.2454550554.0000000005385000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: BitLockerToGo.exe, 00000005.00000003.2462513783.0000000002F0B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_ |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02D10352 |
5_2_02D10352 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02CF1750 |
5_2_02CF1750 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02D10AD0 |
5_2_02D10AD0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02CF4BB0 |
5_2_02CF4BB0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02CF3390 |
5_2_02CF3390 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02D153B0 |
5_2_02D153B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02CF41C0 |
5_2_02CF41C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02CF8160 |
5_2_02CF8160 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02D1863B |
5_2_02D1863B |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02D27620 |
5_2_02D27620 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02CF3780 |
5_2_02CF3780 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02CF5760 |
5_2_02CF5760 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02CF64E0 |
5_2_02CF64E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02D1BBF2 |
5_2_02D1BBF2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02D17B8C |
5_2_02D17B8C |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02CF6B00 |
5_2_02CF6B00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02D15F0E |
5_2_02D15F0E |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02D2C9C0 |
5_2_02D2C9C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02D249C0 |
5_2_02D249C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02D11FA1 |
5_2_02D11FA1 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02D0CCF0 |
5_2_02D0CCF0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02CFFDE0 |
5_2_02CFFDE0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02D2CD00 |
5_2_02D2CD00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 5_2_02D18D3B |
5_2_02D18D3B |