Windows Analysis Report
fxsWdzl.exe

Overview

General Information

Sample name: fxsWdzl.exe
Analysis ID: 1596868
MD5: 7a58b56b7f6c48e110f9ed84d25f0286
SHA1: 73bbfca9d18b9eeb933f36fc2ba37bf48dfcddb4
SHA256: 610405206f96bddcd27807b4bd21b14307bba9edd0fecd9cb70e947f10f83b05
Tags: exemalwaretrojanuser-Joker
Infos:

Detection

MicroClip, Vidar
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected MicroClip
Yara detected Vidar stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Contains functionality to query locales information (e.g. system language)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

AV Detection

barindex
Source: https://lfissrtg.rest/8 Avira URL Cloud: Label: malware
Source: https://lfissrtg.rest Avira URL Cloud: Label: malware
Source: https://lfissrtg.rest/e Avira URL Cloud: Label: malware
Source: https://lfissrtg.rest/ezB Avira URL Cloud: Label: malware
Source: https://lfissrtg.rest/Z Avira URL Cloud: Label: malware
Source: https://lfissrtg.rest/f Avira URL Cloud: Label: malware
Source: https://lfissrtg.rest/ Avira URL Cloud: Label: malware
Source: 00000004.00000002.2590366796.0000000000400000.00000040.00000400.00020000.00000000.sdmp Malware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199817305251", "Botnet": "fc0stn"}
Source: fxsWdzl.exe Virustotal: Detection: 25% Perma Link
Source: fxsWdzl.exe ReversingLabs: Detection: 27%
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0040C009 CryptUnprotectData, 4_2_0040C009
Source: fxsWdzl.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
Source: unknown HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 116.203.164.230:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: fxsWdzl.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: BitLockerToGo.pdb source: fxsWdzl.exe, 00000000.00000002.2048868715.000000000A8B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: BitLockerToGo.pdbGCTL source: fxsWdzl.exe, 00000000.00000002.2048868715.000000000A8B8000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041008C FindFirstFileA, 4_2_0041008C
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004291EA FindFirstFileA, 4_2_004291EA
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00428248 FindFirstFileA,memset,memset, 4_2_00428248
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042A4E5 FindFirstFileA, 4_2_0042A4E5
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0040E749 FindFirstFileA, 4_2_0040E749
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0040177C FindFirstFileA, 4_2_0040177C
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00412AC9 FindFirstFileA, 4_2_00412AC9
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0040CCEA FindFirstFileA, 4_2_0040CCEA
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042BD1E FindFirstFileA, 4_2_0042BD1E
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004018DA FindFirstFileA, 4_2_004018DA
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00428DDA GetLogicalDriveStringsA, 4_2_00428DDA
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: chrome.exe Memory has grown: Private usage: 8MB later: 41MB

Networking

barindex
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49744 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49742 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49739 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49743 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49816 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49816 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.164.230:443 -> 192.168.2.4:49742
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49864 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49864 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49840 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49876 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49876 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.164.230:443 -> 192.168.2.4:49741
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49789 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49810 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49810 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49832 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49832 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49882 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49882 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49906 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49906 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49854 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49854 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49898 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49898 -> 116.203.164.230:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49937 -> 116.203.164.230:443
Source: Malware configuration extractor URLs: https://steamcommunity.com/profiles/76561199817305251
Source: global traffic HTTP traffic detected: GET /w0ctzn HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: Joe Sandbox View IP Address: 116.203.164.230 116.203.164.230
Source: Joe Sandbox View IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View ASN Name: HETZNER-ASDE HETZNER-ASDE
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0040A09E recv, 4_2_0040A09E
Source: global traffic HTTP traffic detected: GET /w0ctzn HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: lfissrtg.restConnection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: chrome.exe, 00000005.00000003.2238833587.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2239234198.000038E4002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2239191287.000038E400F0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000005.00000003.2238833587.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2239234198.000038E4002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2239191287.000038E400F0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: global traffic DNS traffic detected: DNS query: t.me
Source: global traffic DNS traffic detected: DNS query: lfissrtg.rest
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: apis.google.com
Source: global traffic DNS traffic detected: DNS query: play.google.com
Source: unknown HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----sr90rq1dtjw47yukxbi5User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: lfissrtg.restContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: fxsWdzl.exe, 00000000.00000002.2047676171.000000000A408000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://earth.google.com/kml/2.0
Source: fxsWdzl.exe, 00000000.00000002.2047676171.000000000A408000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://earth.google.com/kml/2.1
Source: fxsWdzl.exe, 00000000.00000002.2047676171.000000000A408000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://earth.google.com/kml/2.2
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000005.00000003.2241109310.000038E400F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2240963206.000038E401018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241145669.000038E401044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241042568.000038E401028000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000005.00000003.2242052812.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241109310.000038E400F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241983346.000038E400CAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242954240.000038E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242107609.000038E400F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242630344.000038E4002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242528449.000038E401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2240963206.000038E401018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242019689.000038E400A28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241145669.000038E401044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241042568.000038E401028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241077061.000038E401078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242800367.000038E4010B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000005.00000003.2242052812.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241109310.000038E400F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241983346.000038E400CAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242954240.000038E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242107609.000038E400F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242630344.000038E4002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242528449.000038E401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2240963206.000038E401018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242019689.000038E400A28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241145669.000038E401044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241042568.000038E401028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241077061.000038E401078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242800367.000038E4010B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000005.00000003.2242052812.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241109310.000038E400F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241983346.000038E400CAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242954240.000038E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242107609.000038E400F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242630344.000038E4002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242528449.000038E401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2240963206.000038E401018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242019689.000038E400A28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241145669.000038E401044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241042568.000038E401028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241077061.000038E401078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242800367.000038E4010B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000005.00000003.2242052812.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241109310.000038E400F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241983346.000038E400CAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242954240.000038E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242107609.000038E400F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242630344.000038E4002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242528449.000038E401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2240963206.000038E401018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242019689.000038E400A28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241145669.000038E401044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241042568.000038E401028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2241077061.000038E401078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242800367.000038E4010B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chromecache_62.7.dr String found in binary or memory: http://www.broofa.com
Source: fxsWdzl.exe String found in binary or memory: http://www.collada.org/2005/11/COLLADASchema
Source: fxsWdzl.exe, 00000000.00000002.2047676171.000000000A41A000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.garmin.com/xmlschemas/TrainingCenterDatabase/v2
Source: fxsWdzl.exe, 00000000.00000002.2047676171.000000000A408000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.opengis.net/gml
Source: fxsWdzl.exe, 00000000.00000002.2047676171.000000000A408000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.opengis.net/gml/3.2
Source: fxsWdzl.exe, 00000000.00000002.2047676171.000000000A408000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.opengis.net/gml/3.3/exr
Source: fxsWdzl.exe, 00000000.00000002.2047676171.000000000A408000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.opengis.net/kml/2.2
Source: fxsWdzl.exe, 00000000.00000002.2047676171.000000000A408000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.topografix.com/GPX/1/1
Source: BitLockerToGo.exe, 00000004.00000002.2592445565.0000000005389000.00000004.00000020.00020000.00000000.sdmp, ctj5p8.4.dr String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000005.00000003.2249085067.000038E400294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 00000005.00000003.2249085067.000038E400294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 00000005.00000003.2249085067.000038E400294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: chromecache_65.7.dr String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_65.7.dr String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000005.00000003.2233003898.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236344335.000038E400824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000005.00000003.2255123077.000038E401368000.00000004.00000800.00020000.00000000.sdmp, chromecache_65.7.dr, chromecache_62.7.dr String found in binary or memory: https://apis.google.com
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2595134749.0000000005951000.00000004.00000020.00020000.00000000.sdmp, ekf37y.4.dr String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2595134749.0000000005951000.00000004.00000020.00020000.00000000.sdmp, ekf37y.4.dr String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: BitLockerToGo.exe, 00000004.00000002.2592445565.0000000005389000.00000004.00000020.00020000.00000000.sdmp, ctj5p8.4.dr String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: BitLockerToGo.exe, 00000004.00000002.2592445565.0000000005389000.00000004.00000020.00020000.00000000.sdmp, ctj5p8.4.dr String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: BitLockerToGo.exe, 00000004.00000002.2592445565.0000000005389000.00000004.00000020.00020000.00000000.sdmp, ctj5p8.4.dr String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000005.00000003.2225906520.000038E400480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000005.00000003.2242335362.000038E400CAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2239311923.000038E400EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2238660390.000038E400CAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236839710.000038E400CAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2243076368.000038E400EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2236982267.000038E400CD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000005.00000003.2262797997.00004C000080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2219304220.00004C0000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000005.00000003.2262797997.00004C000080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2219304220.00004C0000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2219753968.00004C0000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000005.00000003.2262797997.00004C000080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2219304220.00004C0000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000005.00000003.2215830110.00003AF4002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2215844838.00003AF4002E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000005.00000003.2225906520.000038E400480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chromecache_65.7.dr String found in binary or memory: https://clients6.google.com
Source: chromecache_65.7.dr String found in binary or memory: https://content.googleapis.com
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2595134749.0000000005951000.00000004.00000020.00020000.00000000.sdmp, ekf37y.4.dr String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2595134749.0000000005951000.00000004.00000020.00020000.00000000.sdmp, ekf37y.4.dr String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: chrome.exe, 00000005.00000003.2225906520.000038E400480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: chromecache_65.7.dr String found in binary or memory: https://domains.google.com/suggest/flow
Source: chrome.exe, 00000005.00000003.2225906520.000038E400480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000005.00000003.2225906520.000038E400480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000005.00000003.2225906520.000038E400480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000005.00000003.2225906520.000038E400480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000005.00000003.2225906520.000038E400480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000005.00000003.2225906520.000038E400480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000005.00000003.2225906520.000038E400480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000005.00000003.2225906520.000038E400480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000005.00000003.2225906520.000038E400480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000005.00000003.2225906520.000038E400480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000005.00000003.2242800367.000038E4010B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000005.00000003.2225906520.000038E400480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: BitLockerToGo.exe, 00000004.00000002.2592445565.0000000005389000.00000004.00000020.00020000.00000000.sdmp, ctj5p8.4.dr String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: BitLockerToGo.exe, 00000004.00000002.2592445565.0000000005389000.00000004.00000020.00020000.00000000.sdmp, ctj5p8.4.dr String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: BitLockerToGo.exe, 00000004.00000002.2592445565.0000000005389000.00000004.00000020.00020000.00000000.sdmp, ctj5p8.4.dr String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chromecache_62.7.dr String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_62.7.dr String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_62.7.dr String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_62.7.dr String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/(u
Source: chrome.exe, 00000005.00000003.2262797997.00004C000080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2219304220.00004C0000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Cq
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Fq
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Mq
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Pq
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Rr
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Wq
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Zq
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/aq
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/dq
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/er
Source: chrome.exe, 00000005.00000003.2219753968.00004C0000684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hjL
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/kq
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/nq
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/or
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/sr
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/uq
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/xq
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2219753968.00004C0000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000005.00000003.2262797997.00004C000080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2219304220.00004C0000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000005.00000003.2219753968.00004C0000684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000005.00000003.2219753968.00004C0000684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000005.00000003.2264012329.000038E4015C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264192344.000038E4015CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264066418.000038E4015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2264111441.000038E4015C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: ekf37y.4.dr String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000005.00000003.2236310987.000038E4003C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000005.00000003.2219304220.00004C0000390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000005.00000003.2261261884.000038E4019D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2261407843.000038E4019E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2261203178.000038E4019C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000005.00000003.2262797997.00004C000080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2219304220.00004C0000390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000005.00000003.2261203178.000038E4019C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard8
Source: chrome.exe, 00000005.00000003.2262797997.00004C000080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2219304220.00004C0000390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000005.00000003.2219304220.00004C0000390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000005.00000003.2260164936.000038E401384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255550921.000038E40142C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255485251.000038E401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255726986.000038E401434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2260099041.000038E401368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2260218151.000038E401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255324674.000038E401368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255123077.000038E401368000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000005.00000003.2242954240.000038E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242630344.000038E4002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242528449.000038E401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242800367.000038E4010B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000005.00000003.2242954240.000038E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242630344.000038E4002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242528449.000038E401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242800367.000038E4010B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000005.00000003.2262797997.00004C000080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2219304220.00004C0000390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000005.00000003.2219966619.00004C00006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242800367.000038E4010B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000005.00000003.2219304220.00004C0000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2260929240.000038E400824000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: BitLockerToGo.exe, 00000004.00000003.2116188913.0000000002E6A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.rest
Source: BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.rest%
Source: BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.rest-
Source: BitLockerToGo.exe, 00000004.00000003.2166346657.0000000002E31000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.rest/
Source: BitLockerToGo.exe, 00000004.00000003.2166376249.0000000002DE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.rest/8
Source: BitLockerToGo.exe, 00000004.00000003.2166299086.0000000002E2F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2179807123.0000000002E2F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2194378381.0000000002E2E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2166346657.0000000002E31000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.rest/V6
Source: BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.rest/Z
Source: BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.rest/e
Source: BitLockerToGo.exe, 00000004.00000003.2179807123.0000000002E2F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.rest/ezB
Source: BitLockerToGo.exe, 00000004.00000003.2179807123.0000000002E2F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2194378381.0000000002E2E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.rest/f
Source: BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.rest/v
Source: BitLockerToGo.exe, 00000004.00000003.2166376249.0000000002DE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.rest/ws
Source: BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.rest5
Source: BitLockerToGo.exe, 00000004.00000003.2166376249.0000000002DE6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.rest7
Source: BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.rest9
Source: BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.rest=
Source: BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.restA
Source: BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.restI
Source: BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.restM
Source: BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.restU
Source: BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.restY
Source: BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.resta
Source: BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.reste
Source: BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lfissrtg.restu
Source: chrome.exe, 00000005.00000003.2267986100.000038E400BF4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000005.00000003.2260164936.000038E401384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255550921.000038E40142C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255485251.000038E401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255726986.000038E401434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2260099041.000038E401368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2260218151.000038E401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255324674.000038E401368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255123077.000038E401368000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 00000005.00000003.2255123077.000038E401368000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000005.00000003.2260379226.000038E4010A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000005.00000003.2255123077.000038E401368000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000005.00000003.2255123077.000038E401368000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000005.00000003.2269046667.000038E401B70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000005.00000003.2269046667.000038E401B70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2238475357.000038E400A28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000005.00000003.2238475357.000038E400A28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000005.00000003.2269046667.000038E401B70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2238475357.000038E400A28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000005.00000003.2238475357.000038E400A28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000005.00000003.2269046667.000038E401B70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2238475357.000038E400A28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000005.00000003.2242954240.000038E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242630344.000038E4002F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2242800367.000038E4010B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chromecache_62.7.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_65.7.dr String found in binary or memory: https://plus.google.com
Source: chromecache_65.7.dr String found in binary or memory: https://plus.googleapis.com
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.comb
Source: chrome.exe, 00000005.00000003.2249085067.000038E400294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000005.00000003.2260164936.000038E401384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255550921.000038E40142C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255485251.000038E401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255726986.000038E401434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2260099041.000038E401368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2260218151.000038E401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255324674.000038E401368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255123077.000038E401368000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: fxsWdzl.exe, 00000000.00000002.2048853437.000000000A730000.00000004.00001000.00020000.00000000.sdmp, fxsWdzl.exe, 00000000.00000003.1907935229.000000000A8F4000.00000004.00001000.00020000.00000000.sdmp, fxsWdzl.exe, 00000000.00000002.2048981014.000000000A914000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, BitLockerToGo.exe, 00000004.00000002.2590366796.0000000000400000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199817305251
Source: BitLockerToGo.exe, 00000004.00000002.2590366796.0000000000400000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199817305251fc0stnMozilla/5.0
Source: BitLockerToGo.exe, 00000004.00000002.2595659880.0000000005BD3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: BitLockerToGo.exe, 00000004.00000002.2595659880.0000000005BD3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: BitLockerToGo.exe, 00000004.00000002.2592445565.00000000052E6000.00000004.00000020.00020000.00000000.sdmp, k6fkfc.4.dr String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: BitLockerToGo.exe, 00000004.00000002.2592445565.00000000052C2000.00000004.00000020.00020000.00000000.sdmp, k6fkfc.4.dr String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: BitLockerToGo.exe, 00000004.00000002.2592445565.00000000052E6000.00000004.00000020.00020000.00000000.sdmp, k6fkfc.4.dr String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: BitLockerToGo.exe, 00000004.00000002.2592445565.00000000052C2000.00000004.00000020.00020000.00000000.sdmp, k6fkfc.4.dr String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2166376249.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/J
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2166376249.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/Y
Source: BitLockerToGo.exe, 00000004.00000003.2116214159.0000000002E2F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2116188913.0000000002E6A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/w0ctzn
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/w0ctznBqW
Source: BitLockerToGo.exe, 00000004.00000002.2590366796.0000000000400000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://t.me/w0ctznfc0stnMozilla/5.0
Source: BitLockerToGo.exe, 00000004.00000003.2116214159.0000000002E2F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2116188913.0000000002E6A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://web.telegram.org
Source: chromecache_65.7.dr String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2595134749.0000000005951000.00000004.00000020.00020000.00000000.sdmp, ekf37y.4.dr String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: BitLockerToGo.exe, 00000004.00000002.2592445565.0000000005389000.00000004.00000020.00020000.00000000.sdmp, ctj5p8.4.dr String found in binary or memory: https://www.ecosia.org/newtab/
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2595134749.0000000005951000.00000004.00000020.00020000.00000000.sdmp, ekf37y.4.dr String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: chrome.exe, 00000005.00000003.2249085067.000038E400294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 00000005.00000003.2249085067.000038E400294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000005.00000003.2249085067.000038E400294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000005.00000003.2225906520.000038E400480000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: BitLockerToGo.exe, 00000004.00000002.2592445565.0000000005389000.00000004.00000020.00020000.00000000.sdmp, ctj5p8.4.dr String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000005.00000003.2260164936.000038E401384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255550921.000038E40142C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255485251.000038E401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255726986.000038E401434000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2260099041.000038E401368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2260218151.000038E401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255324674.000038E401368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255123077.000038E401368000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
Source: chrome.exe, 00000005.00000003.2255123077.000038E401368000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000005.00000003.2242800367.000038E4010B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000005.00000003.2249085067.000038E400294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chromecache_65.7.dr String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_65.7.dr String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chrome.exe, 00000005.00000003.2266013715.000038E401748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2266063815.000038E40174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000005.00000003.2260674767.000038E4014C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000005.00000003.2249085067.000038E400294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000005.00000003.2249085067.000038E400294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com
Source: chromecache_62.7.dr String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_62.7.dr String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_62.7.dr String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chrome.exe, 00000005.00000003.2255123077.000038E401368000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000005.00000003.2260164936.000038E401384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255823137.000038E401414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2260099041.000038E401368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2260218151.000038E401460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255324674.000038E401368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2258329748.000038E4013B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2255123077.000038E401368000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000005.00000003.2255123077.000038E401368000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.49JL8PttH04.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000005.00000003.2255123077.000038E401368000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.avVfaMsGWq0.L.W.O/m=qmd
Source: BitLockerToGo.exe, 00000004.00000002.2595659880.0000000005BD3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: BitLockerToGo.exe, 00000004.00000002.2595659880.0000000005BD3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: BitLockerToGo.exe, 00000004.00000002.2595659880.0000000005BD3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: BitLockerToGo.exe, 00000004.00000002.2595659880.0000000005BD3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: BitLockerToGo.exe, 00000004.00000002.2595659880.0000000005BD3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 116.203.164.230:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: fxsWdzl.exe, 00000000.00000002.2046412391.0000000000B3A000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: (no semicolon) is unavailable()<>@,;:\"/[]?=,M3.2.0,M11.1.0/usr/bin/nodejs/usr/bin/python0601021504Z0700476837158203125: cannot parse : no frame (sp=<invalid Value>ASCII_Hex_DigitAddDllDirectoryAlign 128-BytesAlign 265-BytesAlign 512-BytesCLSIDFromStringCallWindowProcWCreateErrorInfoCreateHardLinkWCreatePopupMenuCreateWindowExWCustomAttributeDeviceIoControlDiacriticalDot;DialogBoxParamWDllCanUnloadNowDoubleRightTee;DownLeftVector;DragAcceptFilesDrawThemeTextExDuplicateHandleEFI ApplicationExcludeClipRectFailed to find Failed to load FindNextVolumeWFindVolumeCloseFlushViewOfFileGdiplusShutdownGetActiveObjectGetActiveWindowGetAdaptersInfoGetCommTimeoutsGetCommandLineWGetDpiForWindowGetEnhMetaFileWGetModuleHandleGetMonitorInfoWGetProcessTimesGetRawInputDataGetSecurityInfoGetStartupInfoWGetTextMetricsWGetThreadLocaleGot version 2 !GreaterGreater;Hanifi_RohingyaHitachi SH3 DSPHorizontalLine;ImpersonateSelfImportEntrySizeInsertMenuItemWInvisibleComma;InvisibleTimes;IsWindowEnabledIsWindowUnicodeIsWindowVisibleIsWow64Process2LeftDownVector;LeftRightArrow;Leftrightarrow;LessSlantEqual;LoadLibraryExA memstr_bd9c3b96-f
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0040B846 CreateDesktopA, 4_2_0040B846

System Summary

barindex
Source: 4.2.BitLockerToGo.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: 00000004.00000002.2590366796.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: 00000000.00000002.2049027314.000000000A980000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041A051 4_2_0041A051
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00424071 4_2_00424071
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041E0E1 4_2_0041E0E1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00432081 4_2_00432081
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042F0B1 4_2_0042F0B1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00419161 4_2_00419161
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042F171 4_2_0042F171
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041A111 4_2_0041A111
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041B111 4_2_0041B111
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00431111 4_2_00431111
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004241C1 4_2_004241C1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004301D1 4_2_004301D1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041E1F1 4_2_0041E1F1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00421191 4_2_00421191
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041A1B1 4_2_0041A1B1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041A251 4_2_0041A251
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00430261 4_2_00430261
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00419201 4_2_00419201
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042F211 4_2_0042F211
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00424281 4_2_00424281
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041B2A1 4_2_0041B2A1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041E2B1 4_2_0041E2B1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00424341 4_2_00424341
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042F301 4_2_0042F301
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00419331 4_2_00419331
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004043E1 4_2_004043E1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004243E1 4_2_004243E1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004303F1 4_2_004303F1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042F3F1 4_2_0042F3F1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00431381 4_2_00431381
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041A441 4_2_0041A441
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00432411 4_2_00432411
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004194F1 4_2_004194F1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042F491 4_2_0042F491
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00431501 4_2_00431501
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041B521 4_2_0041B521
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042F521 4_2_0042F521
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00430531 4_2_00430531
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042F5C1 4_2_0042F5C1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004305D1 4_2_004305D1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041B5F1 4_2_0041B5F1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004195B1 4_2_004195B1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00403641 4_2_00403641
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041A631 4_2_0041A631
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00431631 4_2_00431631
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004206D1 4_2_004206D1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004186F1 4_2_004186F1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042E681 4_2_0042E681
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041A741 4_2_0041A741
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042E741 4_2_0042E741
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00423771 4_2_00423771
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042E7F1 4_2_0042E7F1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004207B1 4_2_004207B1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042F7B1 4_2_0042F7B1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042F851 4_2_0042F851
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00419861 4_2_00419861
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00418811 4_2_00418811
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041A811 4_2_0041A811
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00403811 4_2_00403811
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00430831 4_2_00430831
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00423831 4_2_00423831
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004188E1 4_2_004188E1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004238F1 4_2_004238F1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042F8F1 4_2_0042F8F1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042E891 4_2_0042E891
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004208A1 4_2_004208A1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041B8B1 4_2_0041B8B1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00420941 4_2_00420941
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042E951 4_2_0042E951
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041A901 4_2_0041A901
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00403901 4_2_00403901
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004199F1 4_2_004199F1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004239F1 4_2_004239F1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042F981 4_2_0042F981
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041AA01 4_2_0041AA01
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00430A11 4_2_00430A11
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00423AC1 4_2_00423AC1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041AAD1 4_2_0041AAD1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00419A81 4_2_00419A81
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00420AA1 4_2_00420AA1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00403AB1 4_2_00403AB1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041AB71 4_2_0041AB71
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00430B31 4_2_00430B31
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00403BC1 4_2_00403BC1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00423B91 4_2_00423B91
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041BBA1 4_2_0041BBA1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042DC41 4_2_0042DC41
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00418C71 4_2_00418C71
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00419C01 4_2_00419C01
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00430C01 4_2_00430C01
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042ECC1 4_2_0042ECC1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00430CD1 4_2_00430CD1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00423CE1 4_2_00423CE1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041BCB1 4_2_0041BCB1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042FCB1 4_2_0042FCB1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041BD71 4_2_0041BD71
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042DD01 4_2_0042DD01
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00419D11 4_2_00419D11
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042FDD1 4_2_0042FDD1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042DDE1 4_2_0042DDE1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00423DF1 4_2_00423DF1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041AD91 4_2_0041AD91
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00430E21 4_2_00430E21
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041AE31 4_2_0041AE31
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00418EF1 4_2_00418EF1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00420E91 4_2_00420E91
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00436EA2 4_2_00436EA2
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042FEA1 4_2_0042FEA1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00419EB1 4_2_00419EB1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041AF61 4_2_0041AF61
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00430F61 4_2_00430F61
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00420F61 4_2_00420F61
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00419F71 4_2_00419F71
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00423F01 4_2_00423F01
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042DF31 4_2_0042DF31
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00430FF1 4_2_00430FF1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042DFF1 4_2_0042DFF1
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042EFA1 4_2_0042EFA1
Source: fxsWdzl.exe, 00000000.00000002.2048868715.000000000A8B8000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs fxsWdzl.exe
Source: fxsWdzl.exe, 00000000.00000000.1736688912.0000000000FDB000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameobs6 vs fxsWdzl.exe
Source: fxsWdzl.exe Binary or memory string: OriginalFilenameobs6 vs fxsWdzl.exe
Source: fxsWdzl.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
Source: 4.2.BitLockerToGo.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: 00000004.00000002.2590366796.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: 00000000.00000002.2049027314.000000000A980000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@24/24@8/8
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004201FF CreateToolhelp32Snapshot,Process32First, 4_2_004201FF
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\OANR9PZG.htm Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3964:120:WilError_03
Source: fxsWdzl.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: BitLockerToGo.exe, 00000004.00000003.2347602061.0000000002EA6000.00000004.00000020.00020000.00000000.sdmp, bai5xbsjw.4.dr Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: fxsWdzl.exe Virustotal: Detection: 25%
Source: fxsWdzl.exe ReversingLabs: Detection: 27%
Source: fxsWdzl.exe String found in binary or memory: RtlNtStatusToDosErrorNoTebSHGetPathFromIDList failedSafeArrayAllocDescriptorExSafeArrayDestroyDescriptorSaint Pierre Standard TimeSetFileInformationByHandleSetProcessWorkingSetSizeExSetSecurityDescriptorGroupSetSecurityDescriptorOwnerSetupDiBuildDriverInfoListSouth Africa Standard TimeW. Australia Standard TimeWSAEnumNameSpaceProvidersAWSAEnumNameSpaceProvidersWWest Pacific Standard Time\o/ Walk_TabPage_Class \o/\o/ Walk_WebView_Class \o/^(9694[1-4])([ \-]\d{4})?$^[-+]?[0-9]+(?:\.[0-9]+)?$_html_template_attrescaper_html_template_htmlescaperapplication/vnd.adobe.xfdfapplication/vnd.ms-outlookapplication/x-ms-installerapplication/x-unix-archiveasn1: invalid UTF-8 stringbad certificate hash valuebare " in non-quoted-fieldbase 128 integer too largebidirule: failed Bidi Rulebinary.Read: invalid type cannot marshal DNS messagecannot write log message: corrupted semaphore ticketcriterion lacks equal signcryptobyte: internal errorencountered a cycle via %sentersyscall inconsistent failed to find ConnectEx: forEachP: P did not run fnframe_priority_zero_streamframe_windowupdate_bad_lenfreedefer with d.fn != nilhexcolor|rgb|rgba|hsl|hslainteger overflow on token invalid argument to Int31ninvalid argument to Int63ninvalid port %q after hostinvalid request descriptoriso3166_1_alpha_numeric_euname not unique on networknegative idle mark workersnet/http: request canceledno CSI structure availableno message of desired typenon sequence tagged as setnon-comparable type %s: %vnotewakeup - double wakeupout of memory (stackalloc)persistentalloc: size == 0pkcs7: input data is emptypushover: invalid prioritypushover: message too longread from empty dataBufferreflect.Value.CanInterfacereflect.Value.OverflowUintrequired key not availableruntime: bad span s.state=runtime: pcHeader: magic= segment prefix is reservedshrinking stack in libcallstartlockedm: locked to metemplate escaped correctlytoo many colons in addresstoo many slice indexes: %dtruncated base 128 integerunclosed criterion bracketunexpected . after term %qunexpected type in connectunknown ABI parameter kindunterminated quoted stringurn:ietf:params:scim:%s:%suse of invalid sweepLockerwakep: negative nmspinningx509: invalid simple chainx509: malformed extensionsx509: malformed parameters in action started at %s:%d is not assignable to type not in stack roots range [%q in attribute name: %.32q363797880709171295166015625: unexpected return pc for AddVectoredContinueHandler
Source: fxsWdzl.exe String found in binary or memory: CertEnumCertificatesInStoreChangeWindowMessageFilterExDATA frame with stream ID 0Easter Island Standard TimeFindCloseChangeNotificationG waiting list is corruptedGdipCreateBitmapFromHBITMAPGdipCreateHBITMAPFromBitmapGetEnhMetaFileHeader failedGetSecurityDescriptorLengthGetTextExtentPoint32 failedGetUserPreferredUILanguagesIPv6 field has value >=2^16MapType MUST be of Map KindNAF digits must fit in int8PdhGetFormattedCounterValueRISC-V 32-bit address spaceRISC-V 64-bit address spaceSetupDiClassNameFromGuidExWSetupDiGetDeviceInstanceIdWSetupDiGetDriverInfoDetailWStartServiceCtrlDispatcherW\o/ Walk_GroupBox_Class \o/\o/ Walk_Splitter_Class \o/^(?:[^%]|%[0-9A-Fa-f]{2})*$^00[679]\d{2}([ \-]\d{4})?$^BC1[02-9AC-HJ-NP-Z]{7,76}$^bc1[02-9ac-hj-np-z]{7,76}$_html_template_jsstrescaper_html_template_jsvalescaperaccess-control-allow-originaddress not a stack addressafter object key:value pairapplication/gzip-compressedapplication/pkcs7-signatureapplication/x-7z-compressedapplication/x-installshieldber2der: Invalid BER formatber2der: input ber is emptycan't index item of type %scan't slice item of type %schannel number out of rangecommunication error on sendcould not find QPC syscallscurrent time %s is after %sexpand slice: cannot changeexpression nests too deeplyfailed to create null brushfailed to set sweep barrierframe_pushpromise_pad_shortframe_rststream_zero_streamgcstopm: not waiting for gcgrowslice: len out of rangehttp2: response body closedinput overflows the modulusinsufficient security levelinternal lockOSThread errorinvalid P224 point encodinginvalid P256 point encodinginvalid P384 point encodinginvalid P521 point encodinginvalid character <<%c>> %sinvalid dependent stream IDinvalid profile bucket typeinvalid struct key type: %vinvalid type for comparisonio.File missing Seek methodkey was rejected by servicemakechan: size out of rangemakeslice: cap out of rangemakeslice: len out of rangemspan.sweep: bad span statenet/http: use last responsenot a XENIX named type fileprogToPointerMask: overflowpushover: invalid API tokenredis: cluster has no nodesreflect.Select: invalid Dirreflect.Value.UnsafePointerreflectlite.Value.Interfacereflectlite.Value.NumMethodrunlock of unlocked rwmutexruntime: asyncPreemptStack=runtime: checkdead: find g runtime: checkdead: nmidle=runtime: corrupted polldescruntime: netpollinit failedruntime: thread ID overflowruntime
Source: fxsWdzl.exe String found in binary or memory: .lib section in a.out corrupted11368683772161602973937988281255684341886080801486968994140625BGN/PCGN transliteration schemaCentral Brazilian Standard TimeCertDuplicateCertificateContextMountain Standard Time (Mexico)PRIORITY frame with stream ID 0SOFTWARE\Microsoft\CryptographySetupDiGetDeviceInfoListDetailWSliceType MUST be of Slice KindTelegram transliteration schemaUnable to run function '%v': %vW. Central Africa Standard Time\o/ Walk_CustomWidget_Class \o/^(([a-zA-Z0-9/_|\-=+]{1,})|\*)$application/x-windows-installerbad certificate status responsebad write barrier buffer boundsca-ES-valencia en-US-u-va-posixcannot assign requested addresscannot parse reserved wire typecasgstatus: bad incoming valuescheckmark found unmarked objectcoff symbols parsing failed: %vcrypto/ecdh: invalid public keydst was expected to be a structentersyscallblock inconsistent fmt: unknown base; can't happenframe_headers_prio_weight_shorthttp2: connection error: %v: %vin literal null (expecting 'l')in literal null (expecting 'u')in literal true (expecting 'e')in literal true (expecting 'r')in literal true (expecting 'u')internal error - misuse of itabinvalid network interface indexjson: invalid number literal %qmalformed time zone informationmaximum decoding depth exceededmergeRuneSets odd length []runemissing argument for comparisonnon in-use span in unswept listpacer: sweep done at heap size pattern contains path separatorpkcs7: unsupported algorithm %qpushover: empty recipient tokenpushover: glance title too longredis: all ring shards are downreflect.MakeSlice: negative capreflect.MakeSlice: negative lenreflect: Len of non-array type reflect: NumIn of non-func typeresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesruntime: split stack overflow: signal_recv: inconsistent stateslice bounds out of range [%x:]slice bounds out of range [:%x]time: missing unit in duration tls: no certificates configuredunexpected EOF in CDATA sectionunsafe.String: len out of rangeunterminated character constantvalue has type %s; should be %swindow class already registeredx509: certificate is valid for x509: malformed GeneralizedTimex509: malformed subjectUniqueIDx509: malformed tbs certificatezone must be a non-empty string (types from different packages)!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~---
Source: fxsWdzl.exe String found in binary or memory: .lib section in a.out corrupted11368683772161602973937988281255684341886080801486968994140625BGN/PCGN transliteration schemaCentral Brazilian Standard TimeCertDuplicateCertificateContextMountain Standard Time (Mexico)PRIORITY frame with stream ID 0SOFTWARE\Microsoft\CryptographySetupDiGetDeviceInfoListDetailWSliceType MUST be of Slice KindTelegram transliteration schemaUnable to run function '%v': %vW. Central Africa Standard Time\o/ Walk_CustomWidget_Class \o/^(([a-zA-Z0-9/_|\-=+]{1,})|\*)$application/x-windows-installerbad certificate status responsebad write barrier buffer boundsca-ES-valencia en-US-u-va-posixcannot assign requested addresscannot parse reserved wire typecasgstatus: bad incoming valuescheckmark found unmarked objectcoff symbols parsing failed: %vcrypto/ecdh: invalid public keydst was expected to be a structentersyscallblock inconsistent fmt: unknown base; can't happenframe_headers_prio_weight_shorthttp2: connection error: %v: %vin literal null (expecting 'l')in literal null (expecting 'u')in literal true (expecting 'e')in literal true (expecting 'r')in literal true (expecting 'u')internal error - misuse of itabinvalid network interface indexjson: invalid number literal %qmalformed time zone informationmaximum decoding depth exceededmergeRuneSets odd length []runemissing argument for comparisonnon in-use span in unswept listpacer: sweep done at heap size pattern contains path separatorpkcs7: unsupported algorithm %qpushover: empty recipient tokenpushover: glance title too longredis: all ring shards are downreflect.MakeSlice: negative capreflect.MakeSlice: negative lenreflect: Len of non-array type reflect: NumIn of non-func typeresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesruntime: split stack overflow: signal_recv: inconsistent stateslice bounds out of range [%x:]slice bounds out of range [:%x]time: missing unit in duration tls: no certificates configuredunexpected EOF in CDATA sectionunsafe.String: len out of rangeunterminated character constantvalue has type %s; should be %swindow class already registeredx509: certificate is valid for x509: malformed GeneralizedTimex509: malformed subjectUniqueIDx509: malformed tbs certificatezone must be a non-empty string (types from different packages)!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~---corhbs
Source: fxsWdzl.exe String found in binary or memory: net/addrselect.go
Source: fxsWdzl.exe String found in binary or memory: github.com/saferwall/pe@v1.5.6/loadconfig.go
Source: fxsWdzl.exe String found in binary or memory: github.com/lxn/walk@v0.0.0-20210112085537-c389da54e794/stopwatch.go
Source: fxsWdzl.exe String found in binary or memory: github.com/lxn/walk@v0.0.0-20210112085537-c389da54e794/stopwatch.go
Source: C:\Users\user\Desktop\fxsWdzl.exe File read: C:\Users\user\Desktop\fxsWdzl.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\fxsWdzl.exe "C:\Users\user\Desktop\fxsWdzl.exe"
Source: C:\Users\user\Desktop\fxsWdzl.exe Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2204,i,7148642926760932529,5839527924704465693,262144 /prefetch:8
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\sjmo8" & exit
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Users\user\Desktop\fxsWdzl.exe Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\sjmo8" & exit Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2204,i,7148642926760932529,5839527924704465693,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10 Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32 Jump to behavior
Source: fxsWdzl.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: fxsWdzl.exe Static file information: File size 8512000 > 1048576
Source: fxsWdzl.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x398600
Source: fxsWdzl.exe Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x3f0000
Source: fxsWdzl.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: BitLockerToGo.pdb source: fxsWdzl.exe, 00000000.00000002.2048868715.000000000A8B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: BitLockerToGo.pdbGCTL source: fxsWdzl.exe, 00000000.00000002.2048868715.000000000A8B8000.00000004.00001000.00020000.00000000.sdmp
Source: fxsWdzl.exe Static PE information: section name: .symtab
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004487CF push eax; ret 4_2_004487D0
Source: C:\Users\user\Desktop\fxsWdzl.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe TID: 2164 Thread sleep count: 83 > 30 Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041008C FindFirstFileA, 4_2_0041008C
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004291EA FindFirstFileA, 4_2_004291EA
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00428248 FindFirstFileA,memset,memset, 4_2_00428248
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042A4E5 FindFirstFileA, 4_2_0042A4E5
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0040E749 FindFirstFileA, 4_2_0040E749
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0040177C FindFirstFileA, 4_2_0040177C
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00412AC9 FindFirstFileA, 4_2_00412AC9
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0040CCEA FindFirstFileA, 4_2_0040CCEA
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042BD1E FindFirstFileA, 4_2_0042BD1E
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_004018DA FindFirstFileA, 4_2_004018DA
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_00428DDA GetLogicalDriveStringsA, 4_2_00428DDA
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041F9A3 GetSystemInfo, 4_2_0041F9A3
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: BitLockerToGo.exe, 00000004.00000003.2166376249.0000000002DE6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW0I
Source: BitLockerToGo.exe, 00000004.00000003.2166376249.0000000002E1F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW0
Source: BitLockerToGo.exe, 00000004.00000003.2166376249.0000000002E1F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2347962708.0000000002E15000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: fxsWdzl.exe, 00000000.00000002.2047291816.0000000001627000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process information queried: ProcessInformation Jump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\Desktop\fxsWdzl.exe Memory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 protect: page execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 value starts with: 4D5A Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2A4F008 Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 401000 Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 43B000 Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 447000 Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 455000 Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 456000 Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 457000 Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\sjmo8" & exit Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10 Jump to behavior
Source: fxsWdzl.exe Binary or memory string: BSTR_UserFreeBSTR_UserSizeBrowserSearchCONNECT_ERRORCache-ControlCertOpenStoreClearCustDataCoTaskMemFreeContent-RangeCreateActCtxWCreateRectRgnCreateTypeLibDeleteServiceDestroyWindowDownArrowBar;DownTeeArrow;DrawFocusRectEFI ROM imageEFI byte codeEnumPrintersWEnumProcessesExitWindowsExExponentialE;FindFirstFileFindNextFileWFindResourceWFreeAddrInfoWGC sweep waitGetClassNameWGetClientRectGetDeviceCapsGetDriveTypeWGetMenuItemIDGetScrollInfoGetSystemMenuGetThemeColorGetWindowLongGetWindowRectGreaterEqual;GreaterTilde;Gunjala_GondiHanja / KanjiHilbertSpace;HumpDownHump;ImageList_AddInterfaceImplIntersection;Kana / HangulLeftArrowBar;LeftTeeArrow;LeftTriangle;LeftUpVector;LoadTypeLibExMIPS with FPUMapViewOfFileMasaram_GondiMende_KikakuiModule32NextWNotCongruent;NotHumpEqual;NotLessEqual;NotLessTilde;NtQueryObjectOMAP From SrcOld_HungarianOleInitializeOpenClipboardOpenThemeDataPdhCloseQueryProportional;RegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExWRightCeiling;RoundImplies;RtlGetVersionRtlInitStringRtlMoveMemorySHA256-RSAPSSSHA384-RSAPSSSHA512-RSAPSSSTREAM_CLOSEDSafeArrayCopySafeArrayLockSetBrushOrgExSetScrollInfoSetWindowLongShellExecuteWShell_TrayWndShortUpArrow;SquareSubset;StandAloneSigStartServiceWSysFreeStringThread32FirstUnderBracket;Usage of %s:
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: GetLocaleInfoA, 4_2_0041F6B3
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Queries volume information: C:\Users\user\Desktop\fxsWdzl.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\fxsWdzl.exe Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0042D98B EntryPoint,GetUserNameW, 4_2_0042D98B
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Code function: 4_2_0041F53D GetTimeZoneInformation, 4_2_0041F53D
Source: C:\Users\user\Desktop\fxsWdzl.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information

barindex
Source: Yara match File source: fxsWdzl.exe, type: SAMPLE
Source: Yara match File source: 0.2.fxsWdzl.exe.7a0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.0.fxsWdzl.exe.7a0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2046412391.0000000000B3A000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000000.1735787345.0000000000B3A000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: fxsWdzl.exe PID: 7620, type: MEMORYSTR
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: 4.2.BitLockerToGo.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000004.00000003.2166299086.0000000002E2F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.2590366796.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.2179807123.0000000002E2F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.2194378381.0000000002E2E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.2166346657.0000000002E31000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: BitLockerToGo.exe PID: 8004, type: MEMORYSTR
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \ElectronCash\wallets\
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Electrum\wallets\
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: window-state.json
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: exodus.conf.json
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Exodus\exodus.wallet\
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: info.seco
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: ElectrumLTC
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: passphrase.json
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Ethereum\
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
Source: fxsWdzl.exe, 00000000.00000002.2046412391.0000000000CA7000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: github.com/go-playground/validator/v10.isEthereumAddress
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Exodus\exodus.wallet\
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: multidoge.wallet
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: seed.seco
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: keystore
Source: BitLockerToGo.exe, 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Electrum-LTC\wallets\
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.db Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Exodus\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Exodus\backups\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\MultiDoge\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Binance\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\ Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\ Jump to behavior
Source: Yara match File source: 00000004.00000002.2590994053.0000000002E1E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: BitLockerToGo.exe PID: 8004, type: MEMORYSTR

Remote Access Functionality

barindex
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: Yara match File source: fxsWdzl.exe, type: SAMPLE
Source: Yara match File source: 0.2.fxsWdzl.exe.7a0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.0.fxsWdzl.exe.7a0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2046412391.0000000000B3A000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000000.1735787345.0000000000B3A000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: fxsWdzl.exe PID: 7620, type: MEMORYSTR
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: 4.2.BitLockerToGo.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000004.00000003.2166299086.0000000002E2F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.2590366796.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.2179807123.0000000002E2F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.2194378381.0000000002E2E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000003.2166346657.0000000002E31000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: BitLockerToGo.exe PID: 8004, type: MEMORYSTR
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs