Click to jump to signature section
| Source: https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para) | SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering |
| Source: https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para) | LLM: Score: 9 Reasons: The brand 'Microsoft Security' is associated with Microsoft, a well-known brand., The URL 'pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev' does not match the legitimate domain 'microsoft.com'., The domain 'r2.dev' is not associated with Microsoft and appears to be a generic or cloud service domain., The presence of a long alphanumeric string in the subdomain is suspicious and often used in phishing attempts., The URL does not contain any direct reference to Microsoft, which is a red flag for phishing. DOM: 1.0.pages.csv |
| Source: https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para) | LLM: Score: 9 Reasons: The brand 'Microsoft Security' is associated with Microsoft, a well-known brand., The URL 'pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev' does not match the legitimate domain 'microsoft.com'., The domain 'r2.dev' is not associated with Microsoft and appears to be a generic or cloud service domain., The presence of a long alphanumeric string in the subdomain is suspicious and often used in phishing attempts., The input fields labeled as 'unknown' do not provide clarity on the purpose of the site, which is a common tactic in phishing sites. DOM: 1.1.pages.csv |
| Source: https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para) | HTTP Parser: Total embedded image size: 73676 |
| Source: https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para) | HTTP Parser: No favicon |
| Source: https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para) | HTTP Parser: No favicon |
| Source: unknown | HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49709 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49710 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49716 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.126.32.133:443 -> 192.168.2.17:49730 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49731 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 2.23.209.133:443 -> 192.168.2.17:49737 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49741 version: TLS 1.2 |
| Source: global traffic | HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br |
| Source: Network traffic | Suricata IDS: 2047978 - Severity 2 - ET PHISHING [TW] NOTG Obfuscation Redirect Observed M1 : 192.168.2.17:49725 -> 172.67.164.87:443 |
| Source: Network traffic | Suricata IDS: 2047978 - Severity 2 - ET PHISHING [TW] NOTG Obfuscation Redirect Observed M1 : 192.168.2.17:49729 -> 172.67.164.87:443 |
| Source: Network traffic | Suricata IDS: 2047978 - Severity 2 - ET PHISHING [TW] NOTG Obfuscation Redirect Observed M1 : 192.168.2.17:49733 -> 172.67.185.124:443 |
| Source: Network traffic | Suricata IDS: 2047978 - Severity 2 - ET PHISHING [TW] NOTG Obfuscation Redirect Observed M1 : 192.168.2.17:49742 -> 172.67.185.124:443 |
| Source: Network traffic | Suricata IDS: 2047978 - Severity 2 - ET PHISHING [TW] NOTG Obfuscation Redirect Observed M1 : 192.168.2.17:49739 -> 172.67.185.124:443 |
| Source: Network traffic | Suricata IDS: 2047978 - Severity 2 - ET PHISHING [TW] NOTG Obfuscation Redirect Observed M1 : 192.168.2.17:49744 -> 172.67.185.124:443 |
| Source: Network traffic | Suricata IDS: 2047978 - Severity 2 - ET PHISHING [TW] NOTG Obfuscation Redirect Observed M1 : 192.168.2.17:49748 -> 172.67.185.124:443 |
| Source: Network traffic | Suricata IDS: 2047978 - Severity 2 - ET PHISHING [TW] NOTG Obfuscation Redirect Observed M1 : 192.168.2.17:49750 -> 172.67.185.124:443 |
| Source: Network traffic | Suricata IDS: 2047978 - Severity 2 - ET PHISHING [TW] NOTG Obfuscation Redirect Observed M1 : 192.168.2.17:49752 -> 172.67.185.124:443 |
| Source: Network traffic | Suricata IDS: 2047978 - Severity 2 - ET PHISHING [TW] NOTG Obfuscation Redirect Observed M1 : 192.168.2.17:49761 -> 172.67.185.124:443 |
| Source: Network traffic | Suricata IDS: 2047978 - Severity 2 - ET PHISHING [TW] NOTG Obfuscation Redirect Observed M1 : 192.168.2.17:49763 -> 172.67.185.124:443 |
| Source: Network traffic | Suricata IDS: 2047978 - Severity 2 - ET PHISHING [TW] NOTG Obfuscation Redirect Observed M1 : 192.168.2.17:49759 -> 172.67.185.124:443 |
| Source: Network traffic | Suricata IDS: 2047978 - Severity 2 - ET PHISHING [TW] NOTG Obfuscation Redirect Observed M1 : 192.168.2.17:49765 -> 172.67.185.124:443 |
| Source: Network traffic | Suricata IDS: 2047978 - Severity 2 - ET PHISHING [TW] NOTG Obfuscation Redirect Observed M1 : 192.168.2.17:49767 -> 172.67.185.124:443 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 4.175.87.197 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.13 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.13 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.13 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.13 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.13 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 192.229.211.108 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.13 |
| Source: global traffic | HTTP traffic detected: GET /index.html HTTP/1.1Host: pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KVYo3GaryY29hvG&MD=3Vzat8WF HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
| Source: global traffic | HTTP traffic detected: GET /jquery-1.9.1.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
| Source: global traffic | HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /jquery-1.9.1.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /api/json/ HTTP/1.1Host: freeipapi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /api/json/ HTTP/1.1Host: freeipapi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br |
| Source: global traffic | HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAATWkW8zAi58hVB%2BchnL158IUjYWO8v6eX2RWgdGI9q5CFYA7kXI%2B0Sfr2ZzOMMacS8ZiT16U1dLcwbOjGaoRdulQAIi9IShKGNXmbeRhJS0t7L%2BOHi0HBTSoh3Ybtw1L98tX4k2h7W0lJHSIZDYyatoLl6ugftzqssdY7VAblcs4ZJBS%2Bn11fVzIBWqj8Veb0cXtETTU2fe7QGuWOIt1Wd2dWbG6wsOOAhZ4KPngCqVGBKs2qyxTfjedypqrj1Mt1W9z55VC4eULDDRzCDz17OLPloojBUrfmfgdF8%2BR1gvBIBQSx8GO9GuPkM%2BrHwQW8O4Ht%2BJRVQA6X9UF9RgFTXEQZgAAEPMXWlX8PmZ5wSRwH7VmmcKwAUEqLUky/Hcu2F4SQS1IG3oOvak3v7bGlrCM7rXAttQ5ryF7KETgWfXgzQEirdqYjRr4jPvjeD6GSw%2BV8W1oY87fVOA%2BT6Rye49Vf6/TlAZs40juwhl8Dw7rtgwROjDrPHbkd5sFlrdNBg7a3rI%2BR1VI7m08BAAifnbdyghSsa03%2BkGkJNJcsx3KOWJ/QrzskAmURx5SOlkpf13iQAArl%2B%2B8Le/c3El91DGESctZevpNbdtLhv4FyXf4a5YsS2P1ppsrJ8O/TDKzAGEYBnMNk2tMp0vzSuaYYIJkHN3TAmH/DKgFmiixhABqQkdqC/qJTY6syEOy8GSDaU7zFogThLxvHINWZnsumo67CXNlxMvSqp7hiqqinCnW6RqSoHXf176nSGneC6JM90SHDLDSyc6LJoQdUixeeC3XnXCRt5vYHGiPySqwCKUmPaQJu%2BobwGxNATlPeTwfnDsimXbI9KC7VzTiRa3FDB%2BUmODtCOSovha8YCu72ijwFUyY3aJpEPYMlIFHzrqMWiETkZEEGd0eZEtQn6ojkaamsgOg81FS1gIMaZ/NyM95G3NgpCdOMNoB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1730195435User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: DCB4EEAB97F74AD2B52A6166480E15A1X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID |
Edit tour
chrome.exe (PID: 3744 cmdline: 
