Windows Analysis Report
download.exe

Overview

General Information

Sample name: download.exe
Analysis ID: 1562775
MD5: 42131ad9cd6ff5801461b1071581a091
SHA1: 8b14015ad7e0c90a41e6f6bd00e9c849b1a9e6ab
SHA256: 72502d27fda56e265bb8ced8b4735df100bb300b783269a4e5e7bc936e154b2e
Infos:

Detection

RHADAMANTHYS
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Early bird code injection technique detected
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
Allocates memory in foreign processes
Connects to many ports of the same IP (likely port scanning)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
One or more processes crash
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Dllhost Internet Connection
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

Name Description Attribution Blogpost URLs Link
Rhadamanthys According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
 https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: download.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: download.exe Virustotal: Detection: 51% Perma Link
Machine Learning detection for sample
Source: download.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7760C4 CryptUnprotectData, 3_3_00007DF40F7760C4
Uses 32bit PE files
Source: download.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51988 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51989 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51990 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51991 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51992 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51993 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51994 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51995 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51996 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51997 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51998 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51999 version: TLS 1.2
Source: download.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: wkernel32.pdb source: download.exe, 00000000.00000003.144628409309.0000000003100000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144628554816.0000000003220000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633593917.0000000005390000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633401630.0000000005270000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdb source: download.exe, 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144629242088.0000000003320000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633919728.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144634408978.0000000005490000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: download.exe, 00000000.00000003.144626977903.00000000032F0000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144625964709.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632031098.0000000005460000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144631548894.0000000005270000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.144826664532.000001E607100000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.144826216697.000001E606F10000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdbUGP source: download.exe, 00000000.00000003.144627996795.00000000032A0000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144627566876.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632566329.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632964215.0000000005410000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntdll.pdbUGP source: download.exe, 00000000.00000003.144626977903.00000000032F0000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144625964709.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632031098.0000000005460000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144631548894.0000000005270000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.144826664532.000001E607100000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.144826216697.000001E606F10000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: download.exe, 00000000.00000003.144627996795.00000000032A0000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144627566876.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632566329.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632964215.0000000005410000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: Xo02fa-tDef5e02-6.pDBH source: chrome.exe, 00000009.00000002.144860724877.000048DC0005C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: wmlaunch.exe, 00000013.00000003.145062523605.0000018A52C90000.00000004.00000001.00020000.00000000.sdmp, wmlaunch.exe, 00000013.00000003.145062685628.0000018A52CC0000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdbUGP source: download.exe, 00000000.00000003.144628409309.0000000003100000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144628554816.0000000003220000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633593917.0000000005390000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633401630.0000000005270000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdbUGP source: download.exe, 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144629242088.0000000003320000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633919728.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144634408978.0000000005490000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: win32u.pdbGCTL source: wmlaunch.exe, 00000013.00000003.145062523605.0000018A52C90000.00000004.00000001.00020000.00000000.sdmp, wmlaunch.exe, 00000013.00000003.145062685628.0000018A52CC0000.00000004.00000001.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_00731B09 FindFirstFileExW, 0_2_00731B09
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F770B54 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW, 3_3_00007DF40F770B54
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Adobe Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Adobe\Acrobat Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA Jump to behavior
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Windows\System32\fontdrvhost.exe Code function: 4x nop then dec esp 3_3_00007DF40F781761
Source: C:\Windows\System32\fontdrvhost.exe Code function: 4x nop then dec esp 3_2_000002DF102C0511
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4x nop then dec esp 4_2_000001E604F31761
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 4x nop then ret 19_2_0000018A5292108E
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 4x nop then dec esp 19_2_0000018A52925681
Source: chrome.exe Memory has grown: Private usage: 2MB later: 18MB

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:5980 -> 192.168.11.20:49757
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51991
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51992
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51988
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51998
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51990
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51996
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51993
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51999
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51994
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51989
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:5980 -> 192.168.11.20:51986
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:5980 -> 192.168.11.20:51987
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51997
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 95.182.97.106:443 -> 192.168.11.20:51995
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\svchost.exe Network Connect: 95.182.97.106 5980 Jump to behavior
Connects to many ports of the same IP (likely port scanning)
Source: global traffic TCP traffic: 95.182.97.106 ports 5980,0,443,5,8,9
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.11.20:49757 -> 95.182.97.106:5980
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: caec7ddf6889590d999d7ca1b76373b6
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 95.182.97.106:5980 -> 192.168.11.20:51986
Source: Network traffic Suricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 95.182.97.106:5980 -> 192.168.11.20:51987
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: unknown TCP traffic detected without corresponding DNS query: 95.182.97.106
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7A9C90 WSARecv, 3_3_00007DF40F7A9C90
Source: fontdrvhost.exe, 00000003.00000003.144885676844.000002DF128A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: .com"},{"applied_policy":"prompt","domain":"www.facebook.com"},{"applied_policy":"prompt","domain":"www.instagram.com"}, equals www.facebook.com (Facebook)
Source: global traffic DNS traffic detected: DNS query: time.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: ntp.time.nl
Source: global traffic DNS traffic detected: DNS query: time.windows.com
Source: global traffic DNS traffic detected: DNS query: ntp.nict.jp
Source: global traffic DNS traffic detected: DNS query: gbg1.ntp.se
Source: global traffic DNS traffic detected: DNS query: ntp.time.in.ua
Source: global traffic DNS traffic detected: DNS query: ntp1.hetzner.de
Source: global traffic TCP traffic: 192.168.11.20:59210 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:60589 -> 239.255.255.250:1900
Source: chrome.exe, 00000009.00000002.144867247297.000048DC00C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867343409.000048DC00C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144864269062.000048DC00777000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1/
Source: chrome.exe, 00000009.00000002.144867247297.000048DC00C88000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1/?C
Source: chrome.exe, 00000009.00000002.144861198675.000048DC0013C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:8000/
Source: msedge.exe, 0000000B.00000002.144890987910.000050C000044000.00000004.00000800.00020000.00000000.sdmp, Session_13377053363756224.14.dr, History.14.dr, Tabs_13377053363765091.14.dr String found in binary or memory: http://127.0.0.1:8000/f4698726/6e5a1ad9
Source: fontdrvhost.exe, 00000003.00000003.144887695196.000002DF12618000.00000004.00000020.00020000.00000000.sdmp, History.14.dr String found in binary or memory: http://127.0.0.1:8000/f4698726/6e5a1ad9/
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:8000/f4698726/6e5a1ad9P
Source: fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10610000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:8000/f4698726/6e5a1ad9UJa
Source: msedge.exe, 0000000B.00000002.144887394001.000002164ECFB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:8000/f4698726/6e5a1ad9User
Source: chrome.exe, 00000009.00000002.144858344920.000018180002C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144860025767.000048D8000E9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868409498.000048DC00E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867610970.000048DC00D10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144857507794.000008180002C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:8000/f4698726/75fae57d
Source: chrome.exe, 00000009.00000002.144861609001.000048DC001BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144865807200.000048DC009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:8000/f4698726/75fae57d0(p
Source: fontdrvhost.exe, 00000003.00000003.144926580188.000002DF1263B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://1270.1:
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2514
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2727
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3016
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3153
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3243
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/342316794
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/345244067
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625P
Source: msedge.exe, 0000000B.00000002.144892438792.000050C000438000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625r
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096464
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096601
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096643
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096838
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40644663
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40644740
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40644747
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40644776
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40644912
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/41488637
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/41493495
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42261226
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42261756
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42261881
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42261882
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262115
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262161
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262166
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262239
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262247
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262249
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262258
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262286
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262287
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262476
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262506
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262605
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262955
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263010
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263031
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263049
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263158
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263239
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263322
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263477
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263580
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263622
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263629
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263911
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263914
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263960
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263969
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264071
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264193
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264287
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264422
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264443
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264446
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264571
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264577
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264669
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264767
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264951
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265147
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265186
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265248
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265353
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265369
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265370
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265407
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265429
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265509
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265516
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265647
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265841
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265878
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265957
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266019
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266021
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266024
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266194
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266231
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266232
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266602
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266652
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266666
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266725
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144861949780.000048DC00294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266842
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266906
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266976
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42267038
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42267057
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42267095
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42267113
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4339
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4889
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4995
Source: msedge.exe, 0000000B.00000002.144892495736.000050C000448000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000009.00000002.144864792512.000048DC00814000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=128
Source: msedge.exe, 0000000B.00000002.144892862190.000050C000494000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/1165751
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/350528343
Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dns-tunnel-check.googlezip.net/connect
Source: chrome.exe, 00000009.00000002.144860823300.000048DC00095000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/173636783
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000009.00000002.144867610970.000048DC00D10000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000009.00000002.144867683942.000048DC00D34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: svchost.exe, 00000002.00000002.144716981333.0000000002C3C000.00000004.00000010.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.144717744264.000000000310C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF106AD000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144885805243.000002DF106B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144824904520.000002DF106AD000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851950121.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886783830.000002DF106B5000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145099971418.000002DF106D6000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100578013.000002DF106AF000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853625533.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945809110.000002DF106B0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942503856.000002DF106B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851244286.000002DF106AD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://95.182.97.106:5980/363881569c00eea8aaf3/pmgoamua.jpbdq
Source: svchost.exe, 00000002.00000002.144717744264.000000000310C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145160550194.000002DF102C0000.00000040.00000001.00020000.00000000.sdmp String found in binary or memory: https://95.182.97.106:5980/363881569c00eea8aaf3/pmgoamua.jpbdqkernelbasentdllkernel32GetProcessMitig
Source: svchost.exe, 00000002.00000002.144716981333.0000000002C3C000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: https://95.182.97.106:5980/363881569c00eea8aaf3/pmgoamua.jpbdqx
Source: fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144869068215.000048DC01004000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144891807084.000050C0001A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000009.00000002.144860591327.000048DC00014000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144891359370.000050C0000EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: msedge.exe, 0000000B.00000002.144891359370.000050C0000EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGetP
Source: chrome.exe, 00000009.00000002.144861949780.000048DC00294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AccountChooser
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000009.00000002.144860859825.000048DC000A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
Source: chrome.exe, 00000009.00000002.144868698581.000048DC00F14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144866475903.000048DC00B14000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: chrome.exe, 00000009.00000002.144866475903.000048DC00B14000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardion.enabled)
Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000009.00000002.144862247284.000048DC00310000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000009.00000002.144860859825.000048DC000B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/samlredirect
Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/40644738
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/40644850
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42263540
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42264383
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265636
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265637
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265720
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265782
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265792
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265794
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265839
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265854
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265958
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42266070
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42266183
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42266319
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42266364
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42266842
Source: chrome.exe, 00000009.00000003.144850257158.000048DC00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144846473560.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42267038
Source: msedge.exe, 0000000B.00000002.144888944357.0000021650B20000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://arc.msn.com
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://beastacademy.com/checkout/cart
Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://c2rsetup.officeapps.live.com/c2r/download.aspx?productReleaseID=HomeBusiness2019Retail&platf
Source: chrome.exe, 00000009.00000002.144866605403.000048DC00B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000009.00000002.144865556351.000048DC00958000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cart.ebay.com/
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cart.godaddy.com/go/checkout
Source: chrome.exe, 00000009.00000002.144866680698.000048DC00B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.stubdownloader.services.mozilla.com/builds/firefox-latest-ssl/en-GB/win64/b5110ff5d41570
Source: chrome.exe, 00000009.00000003.144851073877.000048DC010B4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000009.00000002.144869315449.000048DC0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144866680698.000048DC00B68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867610970.000048DC00D10000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000009.00000002.144864373824.000048DC00784000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=enWeb
Source: chrome.exe, 00000009.00000002.144868367655.000048DC00E6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144861028506.000048DC000F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144851073877.000048DC010B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstorekgejglhpjiefppelpmljglcjbhoiplfnapp.window.fullscreen.overrideEsc
Source: chrome.exe, 00000009.00000002.144860554259.000048DC00004000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromemodelexecution-pa.googleapis.com/v1:Execute?key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBg
Source: chrome.exe, 00000009.00000002.144860554259.000048DC00004000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromemodelquality-pa.googleapis.com/v1:LogAiData?key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBg
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.144879897157.000050C00045C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144892590425.000050C00045C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000009.00000002.144861442677.000048DC001AC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/category/extensions
Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/category/themes
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000009.00000003.144834107840.00001818000DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144834049331.00001818000D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: msedge.exe, 0000000B.00000002.144891807084.000050C0001A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000009.00000002.144865856922.000048DC009D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
Source: chrome.exe, 00000009.00000002.144864644079.000048DC007E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000009.00000002.144864529525.000048DC007B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000009.00000002.144864529525.000048DC007B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000009.00000002.144864792512.000048DC00814000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=128
Source: svchost.exe, 00000002.00000003.144674407342.00000000031A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cloudflare-dns.com/dns-query
Source: svchost.exe, 00000002.00000003.144674407342.00000000031A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
Source: fontdrvhost.exe, 00000003.00000003.144893733877.000002DF128A7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://discord.com
Source: fontdrvhost.exe, 00000003.00000003.144893733877.000002DF128A7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://discordapp.com
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B9AB9339B
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXE
Source: chrome.exe, 00000009.00000002.144866605403.000048DC00B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000009.00000002.144866605403.000048DC00B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000009.00000002.144866605403.000048DC00B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000009.00000002.144866605403.000048DC00B48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867152934.000048DC00C3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.mozilla.org/?product=firefox-latest-ssl&os=win64&lang=en-GB&attribution_code=c291cm
Source: chrome.exe, 00000009.00000002.144869210990.000048DC0102C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000009.00000002.144869210990.000048DC0102C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144866680698.000048DC00B68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmp, Web Data.14.dr String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: fontdrvhost.exe, 00000003.00000003.144882410038.000002DF128E2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144869210990.000048DC0102C000.00000004.00000800.00020000.00000000.sdmp, Web Data.14.dr String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000009.00000002.144869210990.000048DC0102C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.dr String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chrome.exe, 00000009.00000002.144867343409.000048DC00C9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144866680698.000048DC00B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gemini.google.com/app?q=
Source: chrome.exe, 00000009.00000002.144867343409.000048DC00C9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gemini.google.com/app?q=searchTerms
Source: msedge.exe, 0000000B.00000002.144891250357.000050C0000A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/155487768
Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: msedge.exe, 0000000B.00000002.144891957226.000050C0001D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.144878420361.000050C0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097N
Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: msedge.exe, 0000000B.00000002.144891957226.000050C0001D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.144878420361.000050C0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002O
Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: msedge.exe, 0000000B.00000002.144891957226.000050C0001D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.144878420361.000050C0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444O
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/288119108
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/292282210
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/292285899
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/309028728
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/328301788
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/328837151
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/336844257
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/347601787
Source: chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/349489248
Source: msedge.exe, 0000000B.00000002.144893088251.000050C0004B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL?BundleId=245029_d3c52aa6bfa54d3ca74e617f18309292K
Source: chrome.exe, 00000009.00000002.144866538607.000048DC00B2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867343409.000048DC00C9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: fontdrvhost.exe, 00000003.00000003.144854279182.000002DF128B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893246921.000002DF125B9000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853938085.000002DF128B2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lh5.googleusercontent.com/p/AF1QipOvNh-L3TTVll_wDyQd66TEaShUCp3i0iabc8se=w92-h92-n-k-no
Source: fontdrvhost.exe, 00000003.00000003.144854279182.000002DF128B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893246921.000002DF125B9000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853938085.000002DF128B2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lh5.googleusercontent.com/p/AF1QipPFr704HJkdqZ5xefxGs53Btx8SeAbaCnWxa6-y=w92-h92-n-k-no
Source: fontdrvhost.exe, 00000003.00000003.144927915441.000002DF126C1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lo.live.com/
Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144852844138.000002DF128B9000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144852716064.000002DF1264B000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/
Source: fontdrvhost.exe, 00000003.00000003.144852844138.000002DF128B9000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144852716064.000002DF1264B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com//
Source: fontdrvhost.exe, 00000003.00000003.144852844138.000002DF128B9000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144852716064.000002DF1264B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/v104
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: msedge.exe, 0000000B.00000002.144891250357.000050C0000A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://msn.cn/
Source: msedge.exe, 0000000B.00000002.144891250357.000050C0000A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://msn.com/
Source: chrome.exe, 00000009.00000002.144866229742.000048DC00A74000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myshop.amplify.com/cart
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000009.00000002.144861798966.000048DC00204000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10601000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854403336.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://packetstormsecurity.com/files/download/22459/BIOS320.EXE
Source: fontdrvhost.exe, 00000003.00000003.144853253505.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://packetstormsecurity.com/https://packetstormsecurity.com/files/download/22459/BIOS320.EXEhttp
Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://passwords.google/
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/GetCheckConnectionInfo
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/ListAccounts?json=standard
Source: msedge.exe, 0000000B.00000002.144891807084.000050C0001A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/Logout
Source: msedge.exe, 0000000B.00000003.144879897157.000050C00045C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144892590425.000050C00045C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/devicemanagement/data/api
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/embedded/reauth/chromeos
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/embedded/setup/chrome/usermenu
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/embedded/setup/kidsignin/chromeos
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/embedded/setup/kidsignup/chromeos
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/embedded/setup/kidsignup/chromeosPortable
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/embedded/setup/v2/chromeos
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/embedded/setup/windows
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/embedded/xreauth/chrome
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/encryption/unlock/desktop
Source: msedge.exe, 0000000B.00000002.144891281735.000050C0000B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/o/oauth/GetOAuthToken/
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/o/oauth/GetOAuthToken/https://permanently-removed.invalid/GetChe
Source: msedge.exe, 0000000B.00000002.144891119947.000050C000060000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/signin/chrome/sync?ssp=1
Source: msedge.exe, 0000000B.00000003.144878420361.000050C0001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://permanently-removed.invalid/v1/events
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://poshmark.com/bundles/shop
Source: chrome.exe, 00000009.00000002.144862458609.000048DC00370000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000009.00000002.144861236074.000048DC0014C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849882040.000048DC00664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144863872129.000048DC0068C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsingohttpgateway.googleapis.com/v1/ohttp/hpkekeyconfig?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000009.00000002.144860859825.000048DC000A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sdlc-esd.oracle.com/ESD6/JSCDL/jdk/8u301-b09/d3c52aa6bfa54d3ca74e617f18309292/JavaSetup8u301
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://secure-oldnavy.gap.com/shopping-bag
Source: fontdrvhost.exe, 00000003.00000003.144894538472.000002DF105F9000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10601000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://secure.eicar.org/eicar.co
Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854403336.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://secure.eicar.org/eicar.com
Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF1262E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853053950.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://secure.eicar.org/eicar.com.txt
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://secure.eicar.org/eicar.com.txt/
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://secure.eicar.org/eicar.com.txtD
Source: fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10610000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://secure.eicar.org/eicar.com.txtXka
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://secure.eicar.org/eicar.com/
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF1262E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853053950.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://secure.eicar.org/eicar.com;
Source: fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10610000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://secure.eicar.org/eicar.comXka
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://secure.newegg.com/shop/cart
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shop.advanceautoparts.com/web/OrderItemDisplay
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shop.lululemon.com/shop/mybag
Source: chrome.exe, 00000009.00000002.144866538607.000048DC00B2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867343409.000048DC00C9C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/cart/
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://store.usps.com/store/cart/cart.jsp
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://stubdownloader.services.mozilla.com/?attribution_code=c291cmNlPXd3dy5nb29nbGUuY29tJm1lZGl1bT
Source: msedge.exe, 0000000B.00000002.144892590425.000050C00045C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: msedge.exe, 0000000B.00000003.144879897157.000050C00045C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144892590425.000050C00045C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.google.com/chrome/answer/6258784
Source: chrome.exe, 00000009.00000002.144867683942.000048DC00D34000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000009.00000002.144869210990.000048DC0102C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://uk.search.yahoo.com/favicon.ico
Source: fontdrvhost.exe, 00000003.00000003.144882410038.000002DF128E2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.dr String found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: chrome.exe, 00000009.00000002.144867849168.000048DC00D70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://uk.search.yahoo.com/search
Source: chrome.exe, 00000009.00000002.144867849168.000048DC00D70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://uk.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000009.00000002.144867849168.000048DC00D70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://uk.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: fontdrvhost.exe, 00000003.00000003.144882410038.000002DF128E2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144869210990.000048DC0102C000.00000004.00000800.00020000.00000000.sdmp, Web Data.14.dr String found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: msedge.exe, 0000000B.00000002.144887088162.000002164EC99000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us
Source: msedge.exe, 0000000B.00000002.144888944357.0000021650B20000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://unitedstates1.ss.wd.microsoft.ushttps://unitedstates1.ss.wd.microsoft.us
Source: msedge.exe, 0000000B.00000002.144887088162.000002164EC99000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us
Source: msedge.exe, 0000000B.00000002.144888944357.0000021650B20000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.144887088162.000002164EC99000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://unitedstates4.ss.wd.microsoft.us
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.abebooks.com/servlet/ShopBasketPL
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.academy.com/shop/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.acehardware.com/cart
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.adorama.com/als.mvc/cartview
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ae.com/us/en/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.altardstate.com/cart/
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.co.uk/gp/cart/view.html
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/gp/cart/view.html
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.anthropologie.com/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.apple.com/shop/bag
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.atlassian.com/purchase/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.att.com/buy/cart
Source: fontdrvhost.exe, 00000003.00000003.144853938085.000002DF128B2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.autoitscript.com
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.autoitscript.com/cgi-bin/getfile.pl?autoit3/autoit-v3-setup.exe
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.autoitscript.com/files/autoit3/autoit-v3-setup.exeQ
Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854403336.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/
Source: fontdrvhost.exe, 00000003.00000003.144853253505.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/https://www.autoitscript.com/site/autoit/download
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.backcountry.com/Store/cart/cart.jsp
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.basspro.com/shop/AjaxOrderItemDisplayView
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.bathandbodyworks.com/cart
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.bedbathandbeyond.com/store/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.belk.com/shopping-bag/
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.bestbuy.com/cart
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.bhphotovideo.com/find/cart.jsp
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.bloomingdales.com/my-bag
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.boostmobile.com/cart.html
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.bricklink.com/v2/globalcart.page
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.brownells.com/aspx/store/cart.aspx
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.buybuybaby.com/store/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.carid.com/cart.php
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.chegg.com/shoppingcart
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.containerstore.com/cart/list.htm
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.costco.com/CheckoutCartDisplayView
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.crateandbarrel.com/Checkout/Cart
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.dickssportinggoods.com/OrderItemDisplay
Source: chrome.exe, 00000009.00000002.144863406370.000048DC00574000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.dillards.com/webapp/wcs/stores/servlet/OrderItemDisplay
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.dsw.com/en/us/shopping-bag
Source: fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144869210990.000048DC0102C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000009.00000002.144869068215.000048DC01004000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000009.00000002.144869068215.000048DC01004000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000009.00000002.144869068215.000048DC01004000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: fontdrvhost.exe, 00000003.00000003.144894538472.000002DF105F9000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10601000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.eicar.org/download-anti
Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854403336.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF1262E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853053950.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/:
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/Download
Source: fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10610000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/Xka
Source: fontdrvhost.exe, 00000003.00000003.144853253505.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.eicar.org/https://eicar.org/https://www.eicar.org/download-anti-malware-testfile/https:/
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.electronicexpress.com/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.etsy.com/cart/
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.eyebuydirect.com/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.fingerhut.com/cart/index
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.finishline.com/store/cart/cart.jsp
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.freepeople.com/cart/
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gamestop.com/cart/
Source: fontdrvhost.exe, 00000003.00000003.144853798984.000002DF12615000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854403336.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144867849168.000048DC00D70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144862757421.000048DC003D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/#safe
Source: fontdrvhost.exe, 00000003.00000003.144889120347.000002DF10610000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144942567761.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF1262E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144945146643.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145161940236.000002DF105F4000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853053950.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100920916.000002DF105F1000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_
Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/browser-features/
Source: chrome.exe, 00000009.00000002.144865663689.000048DC00980000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/browser-tools/
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/next-steps.html?brand=CHWL&statcb=0&installdataindex=empty&defaultbrow
Source: chrome.exe, 00000009.00000002.144867029575.000048DC00C04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144866347456.000048DC00AE0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: fontdrvhost.exe, 00000003.00000003.144853253505.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-n
Source: fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128C4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144864529525.000048DC007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144863328932.000048DC00504000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144869068215.000048DC01004000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
Source: fontdrvhost.exe, 00000003.00000003.144882410038.000002DF128E2000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.dr String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12616000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157264551.000002DF105F2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144953274022.000002DF105F0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?q=eicar
Source: chrome.exe, 00000009.00000002.144862458609.000048DC00370000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000009.00000002.144861949780.000048DC00294000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000009.00000002.144868749991.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.144849804973.000048DC00F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144861691013.000048DC001D0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.groupon.com/cart
Source: chrome.exe, 00000009.00000002.144864269062.000048DC0075C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.guitarcenter.com/cart
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.harborfreight.com/checkout/cart
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.hmhco.com/hmhstorefront/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.homedepot.com/mycart/home
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.homesquare.com/Checkout/Cart.aspx
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.hottopic.com/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.hsn.com/checkout/bag
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ikea.com/us/en/shoppingcart/
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.jcpenney.com/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.jcrew.com/checkout/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.joann.com/cart
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.kohls.com/checkout/shopping_cart.jsp
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.landsend.com/shopping-bag/
Source: chrome.exe, 00000009.00000002.144863406370.000048DC00574000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.llbean.com/webapp/wcs/stores/servlet/LLBShoppingCartDisplay
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.lowes.com/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.lulus.com/checkout/bag
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.macys.com/my-bag
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.midwayusa.com/cart
Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893018991.000002DF10629000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145162469680.000002DF106A0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144895064390.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144886067281.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144894015698.000002DF1068D000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145100140354.000002DF10698000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144905199294.000002DF10697000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144893349996.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882779598.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145157963411.000002DF1069F000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854114560.000002DF106A2000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144854403336.000002DF1062C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-release
Source: fontdrvhost.exe, 00000003.00000003.144853253505.000002DF126B3000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144853328763.000002DF12623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-releasehttps://www.mozilla.org/en-GB/fire
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.neimanmarcus.com/checkout/cart.jsp
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.nike.com/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.nordstrom.com/shopping-bag
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.officedepot.com/cart/shoppingCart.do
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.opticsplanet.com/checkout/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.otterbox.com/en-us/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.overstock.com/cart
Source: chrome.exe, 00000009.00000002.144864919143.000048DC00858000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.pacsun.com/on/demandware.store/Sites-pacsun-Site/default/Cart-Show
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.petsmart.com/cart/
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.pier1.com/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.pokemoncenter.com/cart
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.potterybarn.com/shoppingcart/
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.qvc.com/checkout/cart.html
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.redbubble.com/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.rei.com/ShoppingCart
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.revolve.com/r/ShoppingBag.jsp
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.rockauto.com/en/cart/
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.saksfifthavenue.com/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.samsclub.com/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.sephora.com/basket
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.shutterfly.com/cart/
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.staples.com/cc/mmx/cart
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.sweetwater.com/store/cart.php
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.talbots.com/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.target.com/cart
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.teacherspayteachers.com/Cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.therealreal.com/cart
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.tractorsupply.com/TSCShoppingCartView
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ulta.com/bag
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.underarmour.com/en-us/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.urbanoutfitters.com/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.vitalsource.com/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.walgreens.com/cart/view-ui
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.walmart.com/cart
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.wayfair.com/v/checkout/basket/show
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.weightwatchers.com/us/shop/checkout/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.westelm.com/shoppingcart/
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.wiley.com/en-us/cart
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.williams-sonoma.com/shoppingcart/
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.wish.com/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.zappos.com/cart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.zazzle.com/co/cart
Source: chrome.exe, 00000009.00000002.144865509826.000048DC00940000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.zennioptical.com/shoppingCart
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www2.hm.com/en_us/cart
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51988
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51989
Source: unknown Network traffic detected: HTTP traffic on port 51998 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51990 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51992 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51994 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51988 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51999
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51997
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51998
Source: unknown Network traffic detected: HTTP traffic on port 51999 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51991
Source: unknown Network traffic detected: HTTP traffic on port 51997 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51992
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51990
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51995
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51996
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51993
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51994
Source: unknown Network traffic detected: HTTP traffic on port 51991 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51993 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51995 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51989 -> 443
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51988 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51989 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51990 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51991 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51992 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51993 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51994 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51995 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51996 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51997 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51998 version: TLS 1.2
Source: unknown HTTPS traffic detected: 95.182.97.106:443 -> 192.168.11.20:51999 version: TLS 1.2
Creates a DirectInput object (often for capturing keystrokes)
Source: download.exe, 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: DirectInput8Create memstr_e3f64e16-0
Installs a raw input device (often for capturing keystrokes)
Source: download.exe, 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: GetRawInputData memstr_d7e74f50-e
Yara detected Keylogger Generic
Source: Yara match File source: 0.3.download.exe.3320000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.3.svchost.exe.5270000.6.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.3.svchost.exe.5270000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.3.svchost.exe.5270000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.3.download.exe.3100000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.3.svchost.exe.5490000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000002.00000003.144633919728.0000000005270000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.144629242088.0000000003320000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000003.144634408978.0000000005490000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: download.exe PID: 2108, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: svchost.exe PID: 8160, type: MEMORYSTR
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7708A0 CreateDesktopW,CreateProcessW,GetExitCodeProcess,TerminateProcess, 3_3_00007DF40F7708A0
Contains functionality to call native functions
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_000002DF102730C7 NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,RtlFreeHeap,RtlFreeHeap, 3_3_000002DF102730C7
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77FCA0 NtAcceptConnectPort, 3_3_00007DF40F77FCA0
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77FBE0 NtAcceptConnectPort, 3_3_00007DF40F77FBE0
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77E924 NtAcceptConnectPort,calloc,DuplicateHandle,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort, 3_3_00007DF40F77E924
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77F950 NtAcceptConnectPort, 3_3_00007DF40F77F950
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F780894 NtAcceptConnectPort,NtAcceptConnectPort, 3_3_00007DF40F780894
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7807C8 NtAcceptConnectPort,NtAcceptConnectPort, 3_3_00007DF40F7807C8
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77E5B4 CreateFileMappingW,MapViewOfFile,DuplicateHandle,NtAcceptConnectPort, 3_3_00007DF40F77E5B4
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77F5E0 NtAcceptConnectPort, 3_3_00007DF40F77F5E0
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77E3FC NtAcceptConnectPort, 3_3_00007DF40F77E3FC
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77E3DC NtAcceptConnectPort, 3_3_00007DF40F77E3DC
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77E2F8 NtAcceptConnectPort, 3_3_00007DF40F77E2F8
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77F340 NtAcceptConnectPort, 3_3_00007DF40F77F340
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77E208 NtAcceptConnectPort, 3_3_00007DF40F77E208
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77E270 NtAcceptConnectPort, 3_3_00007DF40F77E270
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77E184 NtAcceptConnectPort, 3_3_00007DF40F77E184
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77F194 RtlDosPathNameToNtPathName_U,NtAcceptConnectPort,NtAcceptConnectPort,free, 3_3_00007DF40F77F194
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77E1B0 NtAcceptConnectPort, 3_3_00007DF40F77E1B0
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77E164 NtAcceptConnectPort, 3_3_00007DF40F77E164
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77E0A8 NtAcceptConnectPort, 3_3_00007DF40F77E0A8
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_2_000002DF102C1AA4 NtAcceptConnectPort,NtAcceptConnectPort, 3_2_000002DF102C1AA4
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_2_000002DF102C0AC8 NtAcceptConnectPort,NtAcceptConnectPort, 3_2_000002DF102C0AC8
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_2_000002DF102C1CF4 NtAcceptConnectPort,CloseHandle, 3_2_000002DF102C1CF4
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_2_000002DF102C15C0 NtAcceptConnectPort, 3_2_000002DF102C15C0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F2E354 NtAcceptConnectPort, 4_2_000001E604F2E354
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F2E11C NtAcceptConnectPort, 4_2_000001E604F2E11C
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_3_00007DF4C6851CE8 calloc,CreateProcessW,NtResumeThread,CloseHandle,free, 19_3_00007DF4C6851CE8
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_3_00007DF4C6851958 calloc,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory, 19_3_00007DF4C6851958
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5293290C NtAcceptConnectPort, 19_2_0000018A5293290C
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52932A20 NtAcceptConnectPort, 19_2_0000018A52932A20
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52933158 NtAcceptConnectPort, 19_2_0000018A52933158
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52932E84 NtAcceptConnectPort, 19_2_0000018A52932E84
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52932EC8 NtAcceptConnectPort, 19_2_0000018A52932EC8
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52932CAC NtAcceptConnectPort, 19_2_0000018A52932CAC
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52932DDC NtAcceptConnectPort, 19_2_0000018A52932DDC
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52932D80 NtAcceptConnectPort, 19_2_0000018A52932D80
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52932DAC NtAcceptConnectPort, 19_2_0000018A52932DAC
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE8633970 NtQuerySystemInformation, 20_2_000001AFE8633970
Detected potential crypto function
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_007381D2 0_2_007381D2
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0072C231 0_2_0072C231
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0072C400 0_2_0072C400
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_000002DF102727B2 3_3_000002DF102727B2
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_000002DF10271BBC 3_3_000002DF10271BBC
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_000002DF1027250D 3_3_000002DF1027250D
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_000002DF10275E94 3_3_000002DF10275E94
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_000002DF10275594 3_3_000002DF10275594
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_000002DF10275914 3_3_000002DF10275914
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_000002DF10272C52 3_3_000002DF10272C52
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_000002DF10274A50 3_3_000002DF10274A50
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F767AB4 3_3_00007DF40F767AB4
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F76E944 3_3_00007DF40F76E944
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7708A0 3_3_00007DF40F7708A0
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F75286C 3_3_00007DF40F75286C
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7AFEF8 3_3_00007DF40F7AFEF8
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F770EC8 3_3_00007DF40F770EC8
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F84DEEC 3_3_00007DF40F84DEEC
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7BCDC8 3_3_00007DF40F7BCDC8
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F763D30 3_3_00007DF40F763D30
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7AEC78 3_3_00007DF40F7AEC78
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7BCCB8 3_3_00007DF40F7BCCB8
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F77CBFC 3_3_00007DF40F77CBFC
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7ACC04 3_3_00007DF40F7ACC04
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F83DC14 3_3_00007DF40F83DC14
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7A3C68 3_3_00007DF40F7A3C68
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F83BBE8 3_3_00007DF40F83BBE8
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F82DB48 3_3_00007DF40F82DB48
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F765B50 3_3_00007DF40F765B50
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7A6B64 3_3_00007DF40F7A6B64
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F83EA8C 3_3_00007DF40F83EA8C
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7BCADC 3_3_00007DF40F7BCADC
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F798AE8 3_3_00007DF40F798AE8
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F84AA34 3_3_00007DF40F84AA34
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7B0A54 3_3_00007DF40F7B0A54
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F75F9C0 3_3_00007DF40F75F9C0
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7F1934 3_3_00007DF40F7F1934
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7A38DC 3_3_00007DF40F7A38DC
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7C57A4 3_3_00007DF40F7C57A4
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F83E6F4 3_3_00007DF40F83E6F4
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7D069C 3_3_00007DF40F7D069C
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F83D6DC 3_3_00007DF40F83D6DC
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F83E574 3_3_00007DF40F83E574
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7A55C0 3_3_00007DF40F7A55C0
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F8374F8 3_3_00007DF40F8374F8
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F84A518 3_3_00007DF40F84A518
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F784404 3_3_00007DF40F784404
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F78D44C 3_3_00007DF40F78D44C
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7C133C 3_3_00007DF40F7C133C
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7FA348 3_3_00007DF40F7FA348
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F832358 3_3_00007DF40F832358
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7A5274 3_3_00007DF40F7A5274
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F843278 3_3_00007DF40F843278
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7BD220 3_3_00007DF40F7BD220
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7CD1C8 3_3_00007DF40F7CD1C8
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7621F0 3_3_00007DF40F7621F0
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F83A11C 3_3_00007DF40F83A11C
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F771090 3_3_00007DF40F771090
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F83E030 3_3_00007DF40F83E030
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F751058 3_3_00007DF40F751058
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F755F9C 3_3_00007DF40F755F9C
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_2_000002DF102C0C70 3_2_000002DF102C0C70
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F0F9C0 4_2_000001E604F0F9C0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F1E944 4_2_000001E604F1E944
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F48AE8 4_2_000001E604F48AE8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F6CADC 4_2_000001E604F6CADC
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F17AB4 4_2_000001E604F17AB4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604FEEA8C 4_2_000001E604FEEA8C
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F60A54 4_2_000001E604F60A54
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604FFAA34 4_2_000001E604FFAA34
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604FEDC14 4_2_000001E604FEDC14
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F2CBFC 4_2_000001E604F2CBFC
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F5CC04 4_2_000001E604F5CC04
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F56B64 4_2_000001E604F56B64
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604FDDB48 4_2_000001E604FDDB48
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F6CCB8 4_2_000001E604F6CCB8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F5EC78 4_2_000001E604F5EC78
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F53C68 4_2_000001E604F53C68
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F555C0 4_2_000001E604F555C0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604FEE574 4_2_000001E604FEE574
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604FEE6F4 4_2_000001E604FEE6F4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604FED6DC 4_2_000001E604FED6DC
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F757A4 4_2_000001E604F757A4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F538DC 4_2_000001E604F538DC
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F208A0 4_2_000001E604F208A0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F0286C 4_2_000001E604F0286C
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F6D220 4_2_000001E604F6D220
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F121F0 4_2_000001E604F121F0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F7D1C8 4_2_000001E604F7D1C8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F55274 4_2_000001E604F55274
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604FE2358 4_2_000001E604FE2358
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604FAA348 4_2_000001E604FAA348
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F7133C 4_2_000001E604F7133C
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604FFA518 4_2_000001E604FFA518
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604FE74F8 4_2_000001E604FE74F8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F3D44C 4_2_000001E604F3D44C
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F6CDC8 4_2_000001E604F6CDC8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F5FEF8 4_2_000001E604F5FEF8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F20EC8 4_2_000001E604F20EC8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F05F9C 4_2_000001E604F05F9C
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604FEA11C 4_2_000001E604FEA11C
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F21090 4_2_000001E604F21090
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604F01058 4_2_000001E604F01058
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E605001008 4_2_000001E605001008
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4_2_000001E604FEE030 4_2_000001E604FEE030
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_3_00007DF4C6852204 19_3_00007DF4C6852204
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_3_00007DF4C6854EFC 19_3_00007DF4C6854EFC
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_3_00007DF4C685392C 19_3_00007DF4C685392C
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5292C2D0 19_2_0000018A5292C2D0
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52933218 19_2_0000018A52933218
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5292262C 19_2_0000018A5292262C
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5293EABC 19_2_0000018A5293EABC
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52966C08 19_2_0000018A52966C08
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5293E404 19_2_0000018A5293E404
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5295D3C8 19_2_0000018A5295D3C8
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A529560EC 19_2_0000018A529560EC
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52960114 19_2_0000018A52960114
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52947868 19_2_0000018A52947868
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A529550A4 19_2_0000018A529550A4
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52940898 19_2_0000018A52940898
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52964221 19_2_0000018A52964221
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52955224 19_2_0000018A52955224
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5295420C 19_2_0000018A5295420C
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52960A44 19_2_0000018A52960A44
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52937234 19_2_0000018A52937234
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5295F158 19_2_0000018A5295F158
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5295F9A4 19_2_0000018A5295F9A4
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52954744 19_2_0000018A52954744
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5293D730 19_2_0000018A5293D730
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52947E58 19_2_0000018A52947E58
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52948E88 19_2_0000018A52948E88
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5293CE70 19_2_0000018A5293CE70
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52944678 19_2_0000018A52944678
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5295669C 19_2_0000018A5295669C
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52935FCC 19_2_0000018A52935FCC
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5295AFF0 19_2_0000018A5295AFF0
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5294E028 19_2_0000018A5294E028
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52961048 19_2_0000018A52961048
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A529214D0 19_2_0000018A529214D0
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A529474EC 19_2_0000018A529474EC
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5293FD3C 19_2_0000018A5293FD3C
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52950C4C 19_2_0000018A52950C4C
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5295F4B8 19_2_0000018A5295F4B8
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5293C5D8 19_2_0000018A5293C5D8
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52961564 19_2_0000018A52961564
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52937580 19_2_0000018A52937580
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52955D84 19_2_0000018A52955D84
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A52959DA8 19_2_0000018A52959DA8
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A529555BC 19_2_0000018A529555BC
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_00007DF4C68622CC 19_2_00007DF4C68622CC
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE8637454 20_2_000001AFE8637454
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE8653C60 20_2_000001AFE8653C60
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE863BD40 20_2_000001AFE863BD40
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE8649E10 20_2_000001AFE8649E10
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE865C620 20_2_000001AFE865C620
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE864E5FC 20_2_000001AFE864E5FC
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE864A5D8 20_2_000001AFE864A5D8
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE8638ECC 20_2_000001AFE8638ECC
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE863C6AC 20_2_000001AFE863C6AC
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE8661F28 20_2_000001AFE8661F28
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE864AEF0 20_2_000001AFE864AEF0
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE86526D4 20_2_000001AFE86526D4
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE863D6DC 20_2_000001AFE863D6DC
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE8648F98 20_2_000001AFE8648F98
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE8654780 20_2_000001AFE8654780
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE865C788 20_2_000001AFE865C788
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE864F84C 20_2_000001AFE864F84C
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE863C0BC 20_2_000001AFE863C0BC
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE864287C 20_2_000001AFE864287C
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE864A940 20_2_000001AFE864A940
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE86498F8 20_2_000001AFE86498F8
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE8649A78 20_2_000001AFE8649A78
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE8654264 20_2_000001AFE8654264
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE8648A60 20_2_000001AFE8648A60
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE8653330 20_2_000001AFE8653330
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE86493B4 20_2_000001AFE86493B4
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE8652BC0 20_2_000001AFE8652BC0
Source: C:\Windows\System32\dllhost.exe Code function: 20_2_000001AFE8652374 20_2_000001AFE8652374
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\download.exe Code function: String function: 0072CD90 appears 33 times
One or more processes crash
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5152 -s 592
Sample file is different than original file name gathered from version info
Source: download.exe, 00000000.00000003.144627996795.00000000033CD000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs download.exe
Source: download.exe, 00000000.00000003.144628409309.0000000003100000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs download.exe
Source: download.exe, 00000000.00000003.144626977903.0000000003474000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs download.exe
Source: download.exe, 00000000.00000002.144632524407.000000000077C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameCFF Explorer.exe: vs download.exe
Source: download.exe, 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: OriginalFilenameKernelbase.dllj% vs download.exe
Source: download.exe, 00000000.00000003.144628554816.0000000003220000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs download.exe
Source: download.exe, 00000000.00000003.144629242088.00000000034FC000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: OriginalFilenameKernelbase.dllj% vs download.exe
Source: download.exe, 00000000.00000003.144628409309.0000000003191000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: OriginalFilenamekernel32j% vs download.exe
Source: download.exe, 00000000.00000003.144627566876.0000000003223000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs download.exe
Source: download.exe, 00000000.00000003.144628554816.0000000003270000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: OriginalFilenamekernel32j% vs download.exe
Source: download.exe, 00000000.00000003.144625964709.0000000003277000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs download.exe
Source: download.exe Binary or memory string: OriginalFilenameCFF Explorer.exe: vs download.exe
Uses 32bit PE files
Source: download.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 3.3.fontdrvhost.exe.2df125ae350.1.raw.unpack, CallWrapper.cs Suspicious method names: .CallWrapper.GetPayload
Source: 3.3.fontdrvhost.exe.2df125ae350.0.raw.unpack, CallWrapper.cs Suspicious method names: .CallWrapper.GetPayload
Source: 3.3.fontdrvhost.exe.2df125ae350.2.raw.unpack, CallWrapper.cs Suspicious method names: .CallWrapper.GetPayload
Source: download.exe Binary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
Source: download.exe Binary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@44/103@7/9
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F75286C CreateToolhelp32Snapshot,Thread32First,CloseHandle,SuspendThread, 3_3_00007DF40F75286C
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe File created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-674511B3-68C.pma Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Mutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-bc9a67e-8157-8bb7cc-dd41a83a1a9d}
Source: C:\Windows\System32\fontdrvhost.exe File created: C:\Users\user\AppData\Local\Temp\chrDCBF.tmp Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\svchost.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\download.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: fontdrvhost.exe, 00000003.00000003.144752358673.000002DF10562000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145156682239.000002DF1240E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144759556244.000002DF12561000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145158460142.000002DF12761000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144760024466.000002DF12615000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144758331172.000002DF12086000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145159503002.00007DF40F853000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, chrome.exe, 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmp Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: fontdrvhost.exe, 00000003.00000003.144752358673.000002DF10562000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145156682239.000002DF1240E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144759556244.000002DF12561000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145158460142.000002DF12761000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144760024466.000002DF12615000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144758331172.000002DF12086000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145159503002.00007DF40F853000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, chrome.exe, 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmp Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: fontdrvhost.exe, 00000003.00000003.144752358673.000002DF10562000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145156682239.000002DF1240E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144759556244.000002DF12561000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145158460142.000002DF12761000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144760024466.000002DF12615000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144758331172.000002DF12086000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145159503002.00007DF40F853000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, chrome.exe, 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmp Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: fontdrvhost.exe, 00000003.00000003.144851466965.000002DF12648000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851098351.000002DF12648000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851674694.000002DF128CA000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144851578412.000002DF12648000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
Source: chrome.exe, 00000009.00000002.144856406977.000001CFF19B0000.00000002.00000001.00040000.00000013.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: fontdrvhost.exe, 00000003.00000003.144752358673.000002DF10562000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145156682239.000002DF1240E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144759556244.000002DF12561000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145158460142.000002DF12761000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144760024466.000002DF12615000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144758331172.000002DF12086000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145159503002.00007DF40F853000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, chrome.exe, 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmp Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: fontdrvhost.exe, 00000003.00000003.144752358673.000002DF10562000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145156682239.000002DF1240E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144759556244.000002DF12561000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145158460142.000002DF12761000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144760024466.000002DF12615000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144758331172.000002DF12086000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145159503002.00007DF40F853000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, chrome.exe, 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmp Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: fontdrvhost.exe, 00000003.00000003.144752358673.000002DF10562000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145156682239.000002DF1240E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144759556244.000002DF12561000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145158460142.000002DF12761000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144760024466.000002DF12615000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144758331172.000002DF12086000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145159503002.00007DF40F853000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmp Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: fontdrvhost.exe, 00000003.00000003.144852844138.000002DF128B5000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144852716064.000002DF1264B000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144852581253.000002DF1264B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.144856447306.000001CFF19C5000.00000002.00000001.00040000.00000014.sdmp, chrome.exe, 00000009.00000003.144849160704.000048DC0089C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: fontdrvhost.exe, 00000003.00000003.144752358673.000002DF10562000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145156682239.000002DF1240E000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144759556244.000002DF12561000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145158460142.000002DF12761000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144760024466.000002DF12615000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144758331172.000002DF12086000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.145159503002.00007DF40F853000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, chrome.exe, 00000004.00000002.144830778386.000001E604F00000.00000040.80000000.00040000.00000000.sdmp Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: fontdrvhost.exe, 00000003.00000003.144884809898.000002DF128E0000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144884549731.000002DF12648000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144882359279.000002DF12648000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000003.144883374732.000002DF12648000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.dr Binary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
Source: download.exe Virustotal: Detection: 51%
Source: unknown Process created: C:\Users\user\Desktop\download.exe "C:\Users\user\Desktop\download.exe"
Source: C:\Users\user\Desktop\download.exe Process created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
Source: C:\Windows\SysWOW64\svchost.exe Process created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
Source: C:\Windows\System32\fontdrvhost.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: unknown Process created: C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\elevation_service.exe "C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\elevation_service.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5152 -s 592
Source: C:\Windows\System32\fontdrvhost.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrDCBF.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/f4698726/75fae57d"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=2488,i,6324837096866850942,9732983909897042519,262144 --variations-seed-version --mojo-platform-channel-handle=2612 /prefetch:3
Source: C:\Windows\System32\fontdrvhost.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrE53C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/f4698726/6e5a1ad9"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15793817240475235178,5851487067123892181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
Source: unknown Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --explicitly-allowed-ports=8000 --disable-gpu --new-window --flag-switches-begin --flag-switches-end --do-not-de-elevate http://127.0.0.1:8000/f4698726/6e5a1ad9
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,15667601441087912000,15476632491186070827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 /prefetch:3
Source: C:\Windows\System32\fontdrvhost.exe Process created: C:\Program Files\Windows Media Player\wmlaunch.exe "C:\Program Files\Windows Media Player\wmlaunch.exe"
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
Source: C:\Users\user\Desktop\download.exe Process created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe" Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Process created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe" Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrDCBF.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/f4698726/75fae57d" Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrE53C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/f4698726/6e5a1ad9" Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Process created: C:\Program Files\Windows Media Player\wmlaunch.exe "C:\Program Files\Windows Media Player\wmlaunch.exe" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=2488,i,6324837096866850942,9732983909897042519,262144 --variations-seed-version --mojo-platform-channel-handle=2612 /prefetch:3 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15793817240475235178,5851487067123892181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3 Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,15667601441087912000,15476632491186070827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 /prefetch:3 Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
Source: C:\Users\user\Desktop\download.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\download.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\Desktop\download.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\elevation_service.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\elevation_service.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\elevation_service.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\elevation_service.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Section loaded: mpr.dll
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Section loaded: mfplat.dll
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Section loaded: edgegdi.dll
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Section loaded: rtworkq.dll
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Section loaded: cryptbase.dll
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Section loaded: mswsock.dll
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Section loaded: uxtheme.dll
Source: C:\Windows\System32\dllhost.exe Section loaded: cryptbase.dll
Source: C:\Windows\System32\dllhost.exe Section loaded: iphlpapi.dll
Source: C:\Windows\System32\dllhost.exe Section loaded: mswsock.dll
Source: C:\Windows\System32\dllhost.exe Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\svchost.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32 Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\7.0\Outlook\Profiles\Outlook Jump to behavior
Source: download.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: download.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: download.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: download.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: download.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: download.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: download.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: download.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: wkernel32.pdb source: download.exe, 00000000.00000003.144628409309.0000000003100000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144628554816.0000000003220000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633593917.0000000005390000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633401630.0000000005270000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdb source: download.exe, 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144629242088.0000000003320000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633919728.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144634408978.0000000005490000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: download.exe, 00000000.00000003.144626977903.00000000032F0000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144625964709.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632031098.0000000005460000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144631548894.0000000005270000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.144826664532.000001E607100000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.144826216697.000001E606F10000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdbUGP source: download.exe, 00000000.00000003.144627996795.00000000032A0000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144627566876.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632566329.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632964215.0000000005410000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntdll.pdbUGP source: download.exe, 00000000.00000003.144626977903.00000000032F0000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144625964709.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632031098.0000000005460000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144631548894.0000000005270000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.144826664532.000001E607100000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.144826216697.000001E606F10000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: download.exe, 00000000.00000003.144627996795.00000000032A0000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144627566876.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632566329.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144632964215.0000000005410000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: Xo02fa-tDef5e02-6.pDBH source: chrome.exe, 00000009.00000002.144860724877.000048DC0005C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: wmlaunch.exe, 00000013.00000003.145062523605.0000018A52C90000.00000004.00000001.00020000.00000000.sdmp, wmlaunch.exe, 00000013.00000003.145062685628.0000018A52CC0000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdbUGP source: download.exe, 00000000.00000003.144628409309.0000000003100000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144628554816.0000000003220000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633593917.0000000005390000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633401630.0000000005270000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdbUGP source: download.exe, 00000000.00000003.144628821258.0000000003100000.00000004.00000001.00020000.00000000.sdmp, download.exe, 00000000.00000003.144629242088.0000000003320000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144633919728.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.144634408978.0000000005490000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: win32u.pdbGCTL source: wmlaunch.exe, 00000013.00000003.145062523605.0000018A52C90000.00000004.00000001.00020000.00000000.sdmp, wmlaunch.exe, 00000013.00000003.145062685628.0000018A52CC0000.00000004.00000001.00020000.00000000.sdmp
Source: download.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: download.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: download.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: download.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: download.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
PE file contains sections with non-standard names
Source: download.exe Static PE information: section name: .textbss
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\download.exe Code function: 0_3_0073B86D push ebx; ret 0_3_0073B864
Source: C:\Users\user\Desktop\download.exe Code function: 0_3_0073A840 push ebp; retf 0_3_0073A841
Source: C:\Users\user\Desktop\download.exe Code function: 0_3_0073E83C pushad ; ret 0_3_0073E841
Source: C:\Users\user\Desktop\download.exe Code function: 0_3_0073E80E push eax; iretd 0_3_0073E81D
Source: C:\Users\user\Desktop\download.exe Code function: 0_3_0073A0F9 push FFFFFF82h; iretd 0_3_0073A0FB
Source: C:\Users\user\Desktop\download.exe Code function: 0_3_0073D8A0 push 0000002Eh; iretd 0_3_0073D8A2
Source: C:\Users\user\Desktop\download.exe Code function: 0_3_0073EE8C push es; iretd 0_3_0073EE8D
Source: C:\Users\user\Desktop\download.exe Code function: 0_3_00739F6A push eax; ret 0_3_00739F75
Source: C:\Users\user\Desktop\download.exe Code function: 0_3_0073EF6E push FFFFFFD2h; retf 0_3_0073EF91
Source: C:\Users\user\Desktop\download.exe Code function: 0_3_0073B70B push ebx; ret 0_3_0073B864
Source: C:\Users\user\Desktop\download.exe Code function: 0_3_0073B1DD push eax; ret 0_3_0073B1DF
Source: C:\Users\user\Desktop\download.exe Code function: 0_3_0073EF92 push 00000038h; iretd 0_3_0073EF9D
Source: C:\Users\user\Desktop\download.exe Code function: 0_3_0073E586 pushad ; retf 0_3_0073E599
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0073B86D push ebx; ret 0_2_0073B864
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0073A840 push ebp; retf 0_2_0073A841
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0073E83C pushad ; ret 0_2_0073E841
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0073E80E push eax; iretd 0_2_0073E81D
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0073A0F9 push FFFFFF82h; iretd 0_2_0073A0FB
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0073D8A0 push 0000002Eh; iretd 0_2_0073D8A2
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_00738904 push ecx; ret 0_2_00738917
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0073B1DD push eax; ret 0_2_0073B1DF
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0073E586 pushad ; retf 0_2_0073E599
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_00739F6A push eax; ret 0_2_00739F75
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0073B70B push ebx; ret 0_2_0073B864
Source: C:\Windows\SysWOW64\svchost.exe Code function: 2_3_02C718C0 push ebp; retf 2_3_02C718C1
Source: C:\Windows\SysWOW64\svchost.exe Code function: 2_3_02C728ED push ebx; ret 2_3_02C728E4
Source: C:\Windows\SysWOW64\svchost.exe Code function: 2_3_02C7588E push eax; iretd 2_3_02C7589D
Source: C:\Windows\SysWOW64\svchost.exe Code function: 2_3_02C758BC pushad ; ret 2_3_02C758C1
Source: C:\Windows\SysWOW64\svchost.exe Code function: 2_3_02C7225D push eax; ret 2_3_02C7225F
Source: C:\Windows\SysWOW64\svchost.exe Code function: 2_3_02C75606 pushad ; retf 2_3_02C75619
Source: C:\Windows\SysWOW64\svchost.exe Code function: 2_3_02C76012 push 00000038h; iretd 2_3_02C7601D
Source: C:\Users\user\Desktop\download.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\dllhost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\dllhost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Switches to a custom stack to bypass stack traces
Source: C:\Users\user\Desktop\download.exe API/Special instruction interceptor: Address: 7FFAF97ECE64
Source: C:\Windows\SysWOW64\svchost.exe API/Special instruction interceptor: Address: 7FFAF97ECE64
Source: C:\Windows\SysWOW64\svchost.exe API/Special instruction interceptor: Address: 557B83A
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: download.exe Binary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
Source: download.exe Binary or memory string: INTERNALNAMECFF EXPLORER.EXE
Contains functionality to query network adapater information
Source: C:\Windows\System32\dllhost.exe Code function: GetAdaptersInfo,GetAdaptersInfo, 20_2_000001AFE8632B70
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Windows\SysWOW64\svchost.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\svchost.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_00731B09 FindFirstFileExW, 0_2_00731B09
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F770B54 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW, 3_3_00007DF40F770B54
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7DD5EC GetSystemInfo, 3_3_00007DF40F7DD5EC
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Adobe Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Adobe\Acrobat Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA Jump to behavior
Source: dllhost.exe, 00000014.00000002.145867634977.000001AFE885A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWP
Source: svchost.exe, 00000002.00000003.144634408978.0000000005490000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: DisableGuestVmNetworkConnectivity
Source: svchost.exe, 00000002.00000002.144717598312.000000000305D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWastErrorCode
Source: fontdrvhost.exe, 00000003.00000002.145160777279.000002DF103F7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWws\System32\en-US\wshqos.dll.mui/
Source: svchost.exe, 00000002.00000002.144717471106.0000000003012000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000003.00000002.145160777279.000002DF103F7000.00000004.00000020.00020000.00000000.sdmp, wmlaunch.exe, 00000013.00000002.145867637674.0000018A529CA000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000014.00000002.145867634977.000001AFE885A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: svchost.exe, 00000002.00000002.144717471106.0000000003012000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW(
Source: svchost.exe, 00000002.00000003.144634408978.0000000005490000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: EnableGuestVmNetworkConnectivity
Source: fontdrvhost.exe, 00000003.00000002.145160777279.000002DF103F7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWplA
Source: msedge.exe, 0000000B.00000002.144886784995.000002164EC62000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: chrome.exe, 00000009.00000002.144853150715.000001CFE8687000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllee
Source: dllhost.exe, 00000014.00000002.145867634977.000001AFE885A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW*s:4
Source: C:\Users\user\Desktop\download.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0072CB32 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_0072CB32
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\download.exe Code function: 0_3_00739277 mov eax, dword ptr fs:[00000030h] 0_3_00739277
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_00739277 mov eax, dword ptr fs:[00000030h] 0_2_00739277
Source: C:\Windows\SysWOW64\svchost.exe Code function: 2_3_02C70283 mov eax, dword ptr fs:[00000030h] 2_3_02C70283
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0072BEFA GetProcessHeap,HeapAlloc,HeapFree,HeapFree,VirtualFree,HeapFree, 0_2_0072BEFA
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0072CB32 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_0072CB32
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0072CCC5 SetUnhandledExceptionFilter, 0_2_0072CCC5
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_00731508 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00731508
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0072CFC3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_0072CFC3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Early bird code injection technique detected
Source: C:\Windows\System32\fontdrvhost.exe Process created / APC Queued / Resumed: C:\Program Files\Google\Chrome\Application\chrome.exe Jump to behavior
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\svchost.exe Network Connect: 95.182.97.106 5980 Jump to behavior
Allocates memory in foreign processes
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Memory allocated: C:\Windows\System32\dllhost.exe base: 1AFE8630000 protect: page read and write
Maps a DLL or memory area into another process
Source: C:\Windows\System32\fontdrvhost.exe Section loaded: NULL target: C:\Program Files\Google\Chrome\Application\chrome.exe protection: execute and read and write Jump to behavior
Queues an APC in another process (thread injection)
Source: C:\Windows\System32\fontdrvhost.exe Thread APC queued: target process: C:\Program Files\Google\Chrome\Application\chrome.exe Jump to behavior
Writes to foreign memory regions
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Memory written: C:\Windows\System32\dllhost.exe base: 1AFE8630000
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Memory written: C:\Windows\System32\dllhost.exe base: 7FF6D1B814E0
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\download.exe Process created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe" Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe Process created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe" Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Process created: C:\Program Files\Windows Media Player\wmlaunch.exe "C:\Program Files\Windows Media Player\wmlaunch.exe" Jump to behavior
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0072CDD5 cpuid 0_2_0072CDD5
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Windows\System32\fontdrvhost.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\SysWOW64\svchost.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\dllhost.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F775984 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe, 3_3_00007DF40F775984
Source: C:\Users\user\Desktop\download.exe Code function: 0_2_0072CA19 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_0072CA19
Source: C:\Windows\SysWOW64\svchost.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected RHADAMANTHYS Stealer
Source: Yara match File source: 00000000.00000003.144624602568.00000000006D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.144718291811.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.144630604102.0000000000E20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000003.144630570589.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Found many strings related to Crypto-Wallets (likely being stolen)
Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: !CP:Defichain-Electrum
Source: fontdrvhost.exe, 00000003.00000002.145161524348.000002DF105D5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: com.liberty.jaxx
Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: passphrase.json
Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: %AppData%\Exodus
Source: fontdrvhost.exe, 00000003.00000003.144894177157.000002DF10694000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: %AppData%\Coinomi\Coinomi\wallets
Source: chrome.exe, 00000009.00000002.144865026904.000048DC00888000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: GCMKeyStore
Source: fontdrvhost.exe, 00000003.00000002.145160777279.000002DF1045E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live
Tries to harvest and steal Bitcoin Wallet information
Source: C:\Windows\System32\fontdrvhost.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Bitcoin\Bitcoin-Qt Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core Jump to behavior
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Source: C:\Windows\System32\fontdrvhost.exe Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Security Jump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index-dir Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7d1231262330823bd07f6259b80025388c6b86e3 Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Search Logos Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\adc0237d-19f1-4a05-9d5e-34249f767b8b Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_and_features_store Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\discounts_db Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7d1231262330823bd07f6259b80025388c6b86e3\fa042932-fc34-4e32-904f-a4bd482d112b Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index-dir Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Cache Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7d1231262330823bd07f6259b80025388c6b86e3\fa042932-fc34-4e32-904f-a4bd482d112b\index-dir Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Windows\System32\fontdrvhost.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook Jump to behavior
Searches for user specific document files
Source: C:\Windows\System32\fontdrvhost.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Directory queried: C:\Users\user\Documents\CZQKSDDMWR Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Directory queried: C:\Users\user\Documents\DUUDTUBZFW Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Directory queried: C:\Users\user\Documents\EEGWXUHVUG Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Directory queried: C:\Users\user\Documents\EFOYFBOLXA Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Directory queried: C:\Users\user\Documents\HQJBRDYKDE Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Directory queried: C:\Users\user\Documents\JDDHMPCDUJ Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Directory queried: C:\Users\user\Documents\LFOPODGVOH Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Directory queried: C:\Users\user\Documents\NVWZAPQSQL Jump to behavior
Source: C:\Windows\System32\fontdrvhost.exe Directory queried: C:\Users\user\Documents\PALRGUCVEH Jump to behavior

Remote Access Functionality
barindex
Yara detected RHADAMANTHYS Stealer
Source: Yara match File source: 00000000.00000003.144624602568.00000000006D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.144718291811.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.144630604102.0000000000E20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000003.144630570589.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7A9E68 listen,malloc, 3_3_00007DF40F7A9E68
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F775984 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe, 3_3_00007DF40F775984
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7A97F8 socket,bind, 3_3_00007DF40F7A97F8
Source: C:\Windows\System32\fontdrvhost.exe Code function: 3_3_00007DF40F7A83A0 socket,bind, 3_3_00007DF40F7A83A0
Source: C:\Program Files\Windows Media Player\wmlaunch.exe Code function: 19_2_0000018A5292D004 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe, 19_2_0000018A5292D004
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562775 Sample: download.exe Startdate: 26/11/2024 Architecture: WINDOWS Score: 100 52 time.windows.com 2->52 54 time.cloudflare.com 2->54 56 6 other IPs or domains 2->56 70 Suricata IDS alerts for network traffic 2->70 72 Antivirus / Scanner detection for submitted sample 2->72 74 Multi AV Scanner detection for submitted file 2->74 76 4 other signatures 2->76 10 download.exe 1 2->10         started        13 msedge.exe 22 93 2->13         started        15 elevation_service.exe 2->15         started        signatures3 process4 signatures5 86 Switches to a custom stack to bypass stack traces 10->86 17 svchost.exe 10->17         started        21 msedge.exe 13->21         started        process6 dnsIp7 50 95.182.97.106, 443, 49757, 51986 FATUM-ASRussiaKazan420061Kosmonavtovstr29aRU Russian Federation 17->50 66 System process connects to network (likely due to code injection or exploit) 17->66 68 Switches to a custom stack to bypass stack traces 17->68 23 fontdrvhost.exe 6 17->23         started        signatures8 process9 dnsIp10 58 ntp.time.nl 94.198.159.10, 123, 60559 SIDNNL Netherlands 23->58 60 gbg1.ntp.netnod.se 194.58.203.20, 123, 60559 NTP-SEAnycastedNTPservicesfromNetnodIXPsSE Sweden 23->60 62 5 other IPs or domains 23->62 78 Early bird code injection technique detected 23->78 80 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 23->80 82 Tries to steal Mail credentials (via file / registry access) 23->82 84 5 other signatures 23->84 27 wmlaunch.exe 23->27         started        30 chrome.exe 23->30         started        33 msedge.exe 28 23->33         started        36 chrome.exe 23->36         started        signatures11 process12 dnsIp13 88 Writes to foreign memory regions 27->88 90 Allocates memory in foreign processes 27->90 38 dllhost.exe 27->38         started        64 239.255.255.250, 1900 unknown Reserved 30->64 92 Found many strings related to Crypto-Wallets (likely being stolen) 30->92 40 chrome.exe 30->40         started        46 C:\Users\user\AppData\...\download_cache, COM 33->46 dropped 48 C:\Users\user\AppData\Local\Temp\...\cache, COM 33->48 dropped 42 msedge.exe 33->42         started        44 WerFault.exe 2 36->44         started        file14 signatures15 process16
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
162.159.200.1
 time.cloudflare.com United States
13335 CLOUDFLARENETUS false
94.198.159.10
 ntp.time.nl Netherlands
1140 SIDNNL false
213.239.239.164
 ntp1.hetzner.de Germany
24940 HETZNER-ASDE false
194.58.203.20
 gbg1.ntp.netnod.se Sweden
57021 NTP-SEAnycastedNTPservicesfromNetnodIXPsSE false
62.149.0.30
 ntp.time.in.ua Ukraine
15497 COLOCALLInternetDataCenterColoCALLUA false
133.243.238.243
 ntp.nict.jp Japan 9355 NICTNationalInstituteofInformationandCommunicationsTe false
95.182.97.106
 unknown Russian Federation
34518 FATUM-ASRussiaKazan420061Kosmonavtovstr29aRU true
239.255.255.250
 unknown Reserved
unknown unknown false

Private

IP
127.0.0.1

Contacted Domains

Name IP Active
time.cloudflare.com 162.159.200.1 true
ntp.nict.jp 133.243.238.243 true
gbg1.ntp.netnod.se 194.58.203.20 true
ntp.time.nl 94.198.159.10 true
ntp.time.in.ua 62.149.0.30 true
ntp1.hetzner.de 213.239.239.164 true
gbg1.ntp.se unknown unknown
time.windows.com unknown unknown