Edit tour

Windows Analysis Report
dOuC8iH5As.exe

Overview

General Information

Sample name:	dOuC8iH5As.exe renamed because original name is a hash value
Original sample name:	ab15ed3fb089ef3562d68a210b3529cf.exe
Analysis ID:	1604948
MD5:	ab15ed3fb089ef3562d68a210b3529cf
SHA1:	949a7af9cc19ce5c5faae300ec656ace1d87b8ed
SHA256:	9f12acce686f5362f7c9c79462f5e938bf56f2c822258451ff14f7b28fdfd3d6
Tags:	exeuser-abuse_ch
Infos:

Detection

Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption

Multi AV Scanner detection for submitted file

Sigma detected: Search for Antivirus process

Suricata IDS alerts for network traffic

Yara detected Vidar stealer

Drops PE files with a suspicious file extension

Joe Sandbox ML detected suspicious sample

Monitors registry run keys for changes

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Contains functionality for read data from the clipboard

Contains functionality to dynamically determine API calls

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Browser Started with Remote Debugging

Sigma detected: Suspicious Copy From or To System Directory

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

dOuC8iH5As.exe (PID: 7508 cmdline: "C:\Users\user\Desktop\dOuC8iH5As.exe" MD5: AB15ED3FB089EF3562D68A210B3529CF)

cmd.exe (PID: 7628 cmdline: "C:\Windows\System32\cmd.exe" /c copy Rc Rc.cmd & Rc.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 7688 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 7704 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

tasklist.exe (PID: 7732 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 7740 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 7784 cmdline: cmd /c md 770098 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

extrac32.exe (PID: 7796 cmdline: extrac32 /Y /E Stunning MD5: 9472AAB6390E4F1431BAA912FCFF9707)

findstr.exe (PID: 7820 cmdline: findstr /V "Vote" Release MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 7832 cmdline: cmd /c copy /b 770098\Insurance.com + Tamil + Bulgaria + Bend + Eye + Jungle + Trial + Thick + Train + Intention 770098\Insurance.com MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cmd.exe (PID: 7848 cmdline: cmd /c copy /b ..\Dealt + ..\Buffer + ..\Pediatric + ..\Tee + ..\Simply + ..\Exceed Y MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Insurance.com (PID: 7864 cmdline: Insurance.com Y MD5: 62D09F076E6E0240548C2F837536A46A)

chrome.exe (PID: 4476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 768 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2268,i,17593014749431667383,9178978654020607195,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msedge.exe (PID: 7108 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8068 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2540 --field-trial-handle=2400,i,14553860859743302056,4043188168258497087,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

choice.exe (PID: 7880 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)

msedge.exe (PID: 2536 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8124 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1988,i,9241448425073907245,4101574487254321429,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5484 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6960 --field-trial-handle=1988,i,9241448425073907245,4101574487254321429,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 4584 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7112 --field-trial-handle=1988,i,9241448425073907245,4101574487254321429,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security

Sigma Signatures

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Insurance.com Y, ParentImage: C:\Users\user\AppData\Local\Temp\770098\Insurance.com, ParentProcessId: 7864, ParentProcessName: Insurance.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 4476, ProcessName: chrome.exe

Sigma detected: Suspicious Copy From or To System Directory

Source: Process started

Author: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Rc Rc.cmd & Rc.cmd, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Rc Rc.cmd & Rc.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\dOuC8iH5As.exe", ParentImage: C:\Users\user\Desktop\dOuC8iH5As.exe, ParentProcessId: 7508, ParentProcessName: dOuC8iH5As.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Rc Rc.cmd & Rc.cmd, ProcessId: 7628, ProcessName: cmd.exe

HIPS / PFW / Operating System Protection Evasion

Sigma detected: Search for Antivirus process

Source: Process started

Author: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Rc Rc.cmd & Rc.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7628, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 7740, ProcessName: findstr.exe

Suricata Signatures

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-02T08:01:35.837603+0100	2044247	1	Malware Command and Control Activity Detected	116.202.5.153	443	192.168.2.8	49714	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-02T08:01:37.236451+0100	2051831	1	Malware Command and Control Activity Detected	116.202.5.153	443	192.168.2.8	49715	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-02T08:01:37.236193+0100	2049087	1	A Network Trojan was detected	192.168.2.8	49715	116.202.5.153	443	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-02T08:01:38.660944+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49716	116.202.5.153	443	TCP
2025-02-02T08:01:39.772128+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49717	116.202.5.153	443	TCP
2025-02-02T08:01:47.868722+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49739	116.202.5.153	443	TCP
2025-02-02T08:01:48.126125+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49742	116.202.5.153	443	TCP
2025-02-02T08:01:49.180867+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49744	116.202.5.153	443	TCP
2025-02-02T08:01:51.221442+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49745	116.202.5.153	443	TCP
2025-02-02T08:01:53.039960+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49746	116.202.5.153	443	TCP
2025-02-02T08:01:59.302568+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49761	116.202.5.153	443	TCP
2025-02-02T08:02:00.011497+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49776	116.202.5.153	443	TCP
2025-02-02T08:02:00.914633+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49783	116.202.5.153	443	TCP
2025-02-02T08:02:03.380735+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49802	116.202.5.153	443	TCP
2025-02-02T08:02:04.539498+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49828	116.202.5.153	443	TCP
2025-02-02T08:02:06.479883+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49846	116.202.5.153	443	TCP
2025-02-02T08:02:07.565496+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49847	116.202.5.153	443	TCP
2025-02-02T08:02:12.066959+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49851	116.202.5.153	443	TCP
2025-02-02T08:02:14.935141+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49852	116.202.5.153	443	TCP
2025-02-02T08:02:16.166964+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49853	116.202.5.153	443	TCP
2025-02-02T08:02:18.922576+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49854	116.202.5.153	443	TCP
2025-02-02T08:02:20.742888+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49855	116.202.5.153	443	TCP
2025-02-02T08:02:20.980307+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49856	116.202.5.153	443	TCP
2025-02-02T08:02:35.290917+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49857	116.202.5.153	443	TCP
2025-02-02T08:02:36.114022+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49858	116.202.5.153	443	TCP
2025-02-02T08:02:37.421067+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49859	116.202.5.153	443	TCP
2025-02-02T08:02:38.819037+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49860	116.202.5.153	443	TCP
2025-02-02T08:02:40.314346+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49861	116.202.5.153	443	TCP
2025-02-02T08:02:40.362312+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.8	49862	116.202.5.153	443	TCP

ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-02T08:01:48.126125+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.8	49742	116.202.5.153	443	TCP
2025-02-02T08:01:49.180867+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.8	49744	116.202.5.153	443	TCP
2025-02-02T08:01:51.221442+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.8	49745	116.202.5.153	443	TCP
2025-02-02T08:02:00.011497+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.8	49776	116.202.5.153	443	TCP
2025-02-02T08:02:00.914633+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.8	49783	116.202.5.153	443	TCP
2025-02-02T08:02:03.380735+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.8	49802	116.202.5.153	443	TCP
2025-02-02T08:02:04.539498+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.8	49828	116.202.5.153	443	TCP
2025-02-02T08:02:06.479883+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.8	49846	116.202.5.153	443	TCP
2025-02-02T08:02:07.565496+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.8	49847	116.202.5.153	443	TCP

ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-02T08:01:33.018145+0100	2859378	1	Malware Command and Control Activity Detected	192.168.2.8	49712	116.202.5.153	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: dOuC8iH5As.exe

Virustotal: Detection: 18%

Perma Link

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.6% probability

Source: dOuC8iH5As.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.8:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.202.5.153:443 -> 192.168.2.8:49711 version: TLS 1.2

Source: dOuC8iH5As.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: cryptosetup.pdbGCTL source: 7qiw4w.13.dr
Source:	Binary string: cryptosetup.pdb source: 7qiw4w.13.dr

Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_2_004062D5 FindFirstFileW,FindClose,	1_2_004062D5
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_2_00402E18 FindFirstFileW,	1_2_00402E18
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	1_2_00406C9B

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\770098\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\770098	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 12MB later: 38MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.8:49715 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49717 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.8:49712 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49745 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49745 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.202.5.153:443 -> 192.168.2.8:49715
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49742 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49742 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49783 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49783 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.202.5.153:443 -> 192.168.2.8:49714
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49739 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49744 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49744 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49716 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49802 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49802 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49746 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49761 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49828 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49828 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49776 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49776 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49847 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49847 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49846 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.8:49846 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49852 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49859 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49855 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49862 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49853 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49857 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49860 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49851 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49854 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49856 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49858 -> 116.202.5.153:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.8:49861 -> 116.202.5.153:443

Source: global traffic

HTTP traffic detected: GET /m08mbk HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 2.23.209.51 2.23.209.51
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Source: global traffic	HTTP traffic detected: GET /m08mbk HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0Host: getyour.cyouConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.d0b81df0decfa0886dfe.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.55sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=3B278B9AEA7A4254BC298CA0D9E0DB01.RefC=2025-02-02T07:01:57Z; USRLOC=; MUID=2F2B8D682846685134F998EF29416959; MUIDB=2F2B8D682846685134F998EF29416959; _EDGE_S=F=1&SID=173D6EB4D4CB668526F27B33D5F1675D; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.8ed343c804e9069b52b4.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.55sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=3B278B9AEA7A4254BC298CA0D9E0DB01.RefC=2025-02-02T07:01:57Z; USRLOC=; MUID=2F2B8D682846685134F998EF29416959; MUIDB=2F2B8D682846685134F998EF29416959; _EDGE_S=F=1&SID=173D6EB4D4CB668526F27B33D5F1675D; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.a01e10d026eb0e3d85f0.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.7fc3109769390e0f7912.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.416deb762b0803a19e78.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.5734d85c965c30638bcf.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/ASuc5ohfQPNzGo5SSihcSk6msC8CUKw5id-p0KCEkBKwK2LS4AjdrDP0wa1qjzCTaTWEfyM52ADmUAdPETYA5vgD87UPEj6gyG11hjsvMLHGmzQgJ9F5D8s8Lo0Lbai5BQYAxlKa5esPJXukyaicyq83JwZ0HIWqzrjN/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_86_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=2F2B8D682846685134F998EF29416959; _EDGE_S=F=1&SID=173D6EB4D4CB668526F27B33D5F1675D; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /b?rn=1738479721203&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2F2B8D682846685134F998EF29416959&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1738479721202&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=3b278b9aea7a4254bc298ca0d9e0db01&activityId=3b278b9aea7a4254bc298ca0d9e0db01&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=2F2B8D682846685134F998EF29416959; _EDGE_S=F=1&SID=173D6EB4D4CB668526F27B33D5F1675D; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /b2?rn=1738479721203&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2F2B8D682846685134F998EF29416959&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=11385d271a548a1adc99cc61738479723; XID=11385d271a548a1adc99cc61738479723
Source: global traffic	HTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 7.25sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 200sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=3B278B9AEA7A4254BC298CA0D9E0DB01.RefC=2025-02-02T07:01:57Z; USRLOC=; MUID=2F2B8D682846685134F998EF29416959; MUIDB=2F2B8D682846685134F998EF29416959; _EDGE_S=F=1&SID=173D6EB4D4CB668526F27B33D5F1675D; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=caa1ad28-cff8-42a5-8b5f-c60c24eda4d0; ai_session=hFz5WAGFHxyhiF18gIHQjz\|1738479721198\|1738479721198; sptmarket_restored=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=3B278B9AEA7A4254BC298CA0D9E0DB01.RefC=2025-02-02T07:01:57Z
Source: global traffic	HTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":21,"imageId":"BB1msyCD","provider":"CMSImage","userSelected":false},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"myFeed","show_greet":true,"vt_opened":false,"wpo_nx":{"v":"2","wgt":{"src":"default"}}}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=3B278B9AEA7A4254BC298CA0D9E0DB01.RefC=2025-02-02T07:01:57Z; USRLOC=; MUID=2F2B8D682846685134F998EF29416959; MUIDB=2F2B8D682846685134F998EF29416959; _EDGE_S=F=1&SID=173D6EB4D4CB668526F27B33D5F1675D; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=caa1ad28-cff8-42a5-8b5f-c60c24eda4d0; ai_session=hFz5WAGFHxyhiF18gIHQjz\|1738479721198\|1738479721198; sptmarket_restored=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=3B278B9AEA7A4254BC298CA0D9E0DB01.RefC=2025-02-02T07:01:57Z
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1738479721202&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=3b278b9aea7a4254bc298ca0d9e0db01&activityId=3b278b9aea7a4254bc298ca0d9e0db01&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=A878E6F6696E44B8B378074463E3837C&MUID=2F2B8D682846685134F998EF29416959 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=2F2B8D682846685134F998EF29416959; _EDGE_S=F=1&SID=173D6EB4D4CB668526F27B33D5F1675D; _EDGE_V=1; SM=T; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D

Source: ce3cf3d0-4c8e-45f1-a29d-135ebe6b88c7.tmp.25.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2165771818.0000653C02DC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: /www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2165771818.0000653C02DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000003.2071843599.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2072004819.0000653C031C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2071921415.0000653C0321C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000013.00000003.2071843599.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2072004819.0000653C031C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2071921415.0000653C0321C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000013.00000002.2165771818.0000653C02DC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ht/www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2160378483.0000653C027C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2166586466.0000653C02F44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2166586466.0000653C02F44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca<e equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2160378483.0000653C027C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytcaogl equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/N equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2172750242.0000653C03D7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2170888473.0000653C03294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2172750242.0000653C03D7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlP equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2172750242.0000653C03D7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlaultP equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2170888473.0000653C03294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2172750242.0000653C03D7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlnjb equals www.youtube.com (Youtube)
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: HFlakauawzP.HFlakauawzP
Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: getyour.cyou
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----68yukfusrqq9rim79hv3User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0Host: getyour.cyouContent-Length: 255Connection: Keep-AliveCache-Control: no-cache

Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2160569381.0000653C0280C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159415633.0000653C025EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586e-data
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586l
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970Z
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970_
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551S
Source: chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2156456827.0000653C0221C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159415633.0000653C025EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162407496.0000653C029A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159415633.0000653C025EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159775224.0000653C02688000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047X
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2160569381.0000653C0280C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159775224.0000653C02688000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162407496.0000653C029A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2160569381.0000653C0280C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: dOuC8iH5As.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: dOuC8iH5As.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: dOuC8iH5As.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: dOuC8iH5As.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000013.00000002.2160648453.0000653C02848000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: Intention.9.dr, Insurance.com.2.dr	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: Intention.9.dr, Insurance.com.2.dr	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Intention.9.dr, Insurance.com.2.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: Intention.9.dr, Insurance.com.2.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Intention.9.dr, Insurance.com.2.dr	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: dOuC8iH5As.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: dOuC8iH5As.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: dOuC8iH5As.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: dOuC8iH5As.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: dOuC8iH5As.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: chrome.exe, 00000013.00000002.2156506040.0000653C0225A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000013.00000003.2073429198.0000653C032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2072983294.0000653C032A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073133465.0000653C032B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073260034.0000653C031C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jsbin.com/temexa/4.
Source: dOuC8iH5As.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: dOuC8iH5As.exe	String found in binary or memory: http://ocsp.digicert.com0
Source: dOuC8iH5As.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: dOuC8iH5As.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: dOuC8iH5As.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: Intention.9.dr, Insurance.com.2.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: Intention.9.dr, Insurance.com.2.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Intention.9.dr, Insurance.com.2.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: Intention.9.dr, Insurance.com.2.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: chrome.exe, 00000013.00000003.2074130434.0000653C02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2164144904.0000653C02B63000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073429198.0000653C032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074743523.0000653C0340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074161669.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2072983294.0000653C032A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073133465.0000653C032B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074502852.0000653C0256C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073260034.0000653C031C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073205366.0000653C03300000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074689610.0000653C0338C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074213027.0000653C0321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074186692.0000653C03038000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000013.00000003.2074130434.0000653C02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2164144904.0000653C02B63000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073429198.0000653C032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074743523.0000653C0340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074161669.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2072983294.0000653C032A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073133465.0000653C032B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074502852.0000653C0256C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073260034.0000653C031C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073205366.0000653C03300000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074689610.0000653C0338C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074213027.0000653C0321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074186692.0000653C03038000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000013.00000003.2074130434.0000653C02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2164144904.0000653C02B63000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073429198.0000653C032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074743523.0000653C0340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074161669.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2072983294.0000653C032A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073133465.0000653C032B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074502852.0000653C0256C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073260034.0000653C031C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073205366.0000653C03300000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074689610.0000653C0338C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074213027.0000653C0321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074186692.0000653C03038000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000013.00000003.2074130434.0000653C02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2164144904.0000653C02B63000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073429198.0000653C032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074743523.0000653C0340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074161669.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2072983294.0000653C032A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073133465.0000653C032B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074502852.0000653C0256C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073260034.0000653C031C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073205366.0000653C03300000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074689610.0000653C0338C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074213027.0000653C0321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074186692.0000653C03038000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000013.00000002.2164144904.0000653C02B48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: chrome.exe, 00000013.00000002.2164387060.0000653C02B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: Intention.9.dr, Insurance.com.2.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Intention.9.dr, Insurance.com.2.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: chrome.exe, 00000013.00000002.2164442316.0000653C02BB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/
Source: Insurance.com, 0000000D.00000000.1454750792.00000000009B5000.00000002.00000001.01000000.00000008.sdmp, Insurance.com.2.dr, Train.9.dr	String found in binary or memory: http://www.autoitscript.com/autoit3/X
Source: dOuC8iH5As.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: chrome.exe, 00000013.00000002.2164652699.0000653C02BE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp, b1v3wl.13.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000013.00000002.2156795848.0000653C0228C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000013.00000002.2159775224.0000653C02688000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2161818328.0000653C0293C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2156456827.0000653C0221C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000013.00000003.2088958547.0000653C02494000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 00000013.00000003.2088958547.0000653C02494000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 00000013.00000003.2088958547.0000653C02494000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000013.00000002.2156897500.0000653C022A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000013.00000002.2156897500.0000653C022A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000013.00000002.2156897500.0000653C022A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000013.00000002.2156795848.0000653C0228C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/n
Source: chromecache_475.21.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_475.21.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159415633.0000653C025EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000013.00000003.2091640268.0000653C03550000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090375717.0000653C0360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090432034.0000653C034D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090404073.0000653C03614000.00000004.00000800.00020000.00000000.sdmp, chromecache_475.21.dr, chromecache_471.21.dr	String found in binary or memory: https://apis.google.com
Source: chrome.exe, 00000013.00000002.2172538293.0000653C03CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2156695882.0000653C02274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes
Source: msedge.exe, 00000017.00000002.2289278083.0000018C5A951000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.com
Source: 2cc80dabc69f58b6_1.25.dr	String found in binary or memory: https://assets.msn.cn/resolver/
Source: 2cc80dabc69f58b6_1.25.dr	String found in binary or memory: https://assets.msn.com/resolver/
Source: 2cc80dabc69f58b6_1.25.dr	String found in binary or memory: https://bit.ly/wb-precache
Source: Reporting and NEL.26.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: chrome.exe, 00000013.00000002.2160022156.0000653C026F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2161552667.0000653C02920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2170888473.0000653C03294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000013.00000002.2165726197.0000653C02DB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: b1v3wl.13.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: service_worker_bin_prod.js.25.dr, offscreendocument_main.js.25.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
Source: chrome.exe, 00000013.00000003.2092014215.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2067766431.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000013.00000003.2092014215.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2067766431.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: b1v3wl.13.dr, Web Data.25.dr, jm7qq1.13.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000013.00000002.2159624770.0000653C02628000.00000004.00000800.00020000.00000000.sdmp, b1v3wl.13.dr, Web Data.25.dr, jm7qq1.13.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000013.00000003.2071478669.0000653C02EFC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000002.2313208212.000020B80237C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: manifest.json0.25.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: chrome.exe, 00000013.00000002.2160695098.0000653C02864000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000013.00000002.2164652699.0000653C02BE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092014215.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2067766431.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2170139959.0000653C0318C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171395063.0000653C0349C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2096956152.0000653C0349C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171238466.0000653C03368000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000013.00000002.2171238466.0000653C03368000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enS
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en_AllowUndamagedNonrootRenderPassToSkipe
Source: chrome.exe, 00000013.00000003.2072708360.0000653C02EFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068739412.0000653C02E58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068435991.0000653C02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2067170228.0000653C0253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2075414741.0000653C02E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2067263549.0000653C02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2072633096.0000653C02E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068912730.0000653C02E60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068381372.0000653C0253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2067449392.0000653C02E60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2067300445.0000653C02E58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2067871272.0000653C02EFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074824389.0000653C0253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2071478669.0000653C02EFC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000013.00000002.2155882437.0000292C00920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000013.00000003.2098730519.0000292C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2059846409.0000292C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2059973661.0000292C00728000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000013.00000002.2155882437.0000292C00920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000013.00000003.2098730519.0000292C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2059846409.0000292C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2059973661.0000292C00728000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000013.00000002.2155882437.0000292C00920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000013.00000002.2155882437.0000292C00920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000013.00000003.2098730519.0000292C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2059846409.0000292C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2059973661.0000292C00728000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000013.00000002.2156456827.0000653C0221C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000002.2313208212.000020B80237C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.25.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000013.00000002.2168735614.0000653C03060000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000013.00000002.2168735614.0000653C03060000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/e
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/g
Source: chrome.exe, 00000013.00000003.2056156266.000010A8002EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2056133653.000010A8002E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000013.00000002.2158817942.0000653C024B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064021842.0000653C02694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2164537452.0000653C02BD5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2156456827.0000653C0221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2158613476.0000653C02490000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000002.2311905288.000020B802220000.00000004.00000800.00020000.00000000.sdmp, manifest.json.25.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000013.00000002.2139518085.00000059A91FD000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxI&y
Source: chrome.exe, 00000013.00000002.2164387060.0000653C02B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000013.00000002.2164387060.0000653C02B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=be
Source: chrome.exe, 00000013.00000002.2164387060.0000653C02B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000013.00000002.2161552667.0000653C02920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chromecache_475.21.dr	String found in binary or memory: https://clients6.google.com
Source: chrome.exe, 00000013.00000002.2160648453.0000653C02848000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chromecache_475.21.dr	String found in binary or memory: https://content.googleapis.com
Source: chrome.exe, 00000013.00000002.2164898483.0000653C02C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: Reporting and NEL.26.dr	String found in binary or memory: https://deff.nelreports.net/api/report
Source: Reporting and NEL.26.dr, 2cc80dabc69f58b6_0.25.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: Reporting and NEL.26.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
Source: chrome.exe, 00000013.00000002.2159134124.0000653C02510000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.goog
Source: chrome.exe, 00000013.00000002.2159134124.0000653C02510000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.googl0
Source: manifest.json.25.dr	String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000013.00000002.2172898145.0000653C03E5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/
Source: chrome.exe, 00000013.00000002.2171395063.0000653C034AD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000013.00000002.2165948636.0000653C02E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171395063.0000653C034AD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2172634442.0000653C03D24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000013.00000002.2171395063.0000653C034AD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
Source: chrome.exe, 00000013.00000002.2172898145.0000653C03E5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/dogl
Source: chrome.exe, 00000013.00000002.2172750242.0000653C03D7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171395063.0000653C034AD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2166649253.0000653C02F54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000013.00000002.2172750242.0000653C03D7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultP
Source: chrome.exe, 00000013.00000002.2172750242.0000653C03D7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultlt
Source: chrome.exe, 00000013.00000002.2172898145.0000653C03E5C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/njb
Source: chrome.exe, 00000013.00000002.2170684969.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159900366.0000653C026C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162247531.0000653C02980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090014869.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074213027.0000653C03240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000013.00000002.2170684969.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159900366.0000653C026C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162247531.0000653C02980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090014869.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074213027.0000653C03240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000013.00000002.2170684969.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159900366.0000653C026C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162247531.0000653C02980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090014869.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074213027.0000653C03240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000013.00000002.2170979200.0000653C03318000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/
Source: chrome.exe, 00000013.00000002.2171395063.0000653C034AD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2096956152.0000653C0349C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000013.00000002.2170684969.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165948636.0000653C02E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171395063.0000653C034AD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2096956152.0000653C0349C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000013.00000002.2171395063.0000653C034AD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2096956152.0000653C0349C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000013.00000002.2170888473.0000653C03294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000013.00000002.2172750242.0000653C03D7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_defaultP
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/ogld_Control_20230922aibag
Source: chrome.exe, 00000013.00000002.2160022156.0000653C026F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2161552667.0000653C02920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2170888473.0000653C03294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/
Source: chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000013.00000002.2165726197.0000653C02DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2170684969.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165948636.0000653C02E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000013.00000003.2096956152.0000653C0349C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000013.00000002.2172750242.0000653C03D7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_defaultP
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/ogl
Source: chrome.exe, 00000013.00000002.2160022156.0000653C026F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2161552667.0000653C02920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2170888473.0000653C03294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chromecache_475.21.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: manifest.json.25.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.25.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.25.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000013.00000002.2159134124.0000653C02510000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-2.corp
Source: manifest.json.25.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000013.00000002.2159134124.0000653C02510000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.googl
Source: manifest.json.25.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000013.00000002.2159134124.0000653C02510000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-4.c
Source: manifest.json.25.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000013.00000002.2159134124.0000653C02510000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.go
Source: manifest.json.25.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.25.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.25.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.25.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000013.00000003.2074689610.0000653C0338C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: manifest.json.25.dr	String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000013.00000002.2170979200.0000653C03318000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2166586466.0000653C02F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000013.00000002.2170979200.0000653C03318000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2ation.ResultHh
Source: chrome.exe, 00000013.00000002.2170979200.0000653C03318000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2d
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/B
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/H
Source: chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000013.00000002.2165726197.0000653C02DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165948636.0000653C02E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2172634442.0000653C03D24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000013.00000002.2165726197.0000653C02DB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_defaulte
Source: chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp, b1v3wl.13.dr, Web Data.25.dr, jm7qq1.13.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000013.00000003.2092014215.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2067766431.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, b1v3wl.13.dr, Web Data.25.dr, jm7qq1.13.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000013.00000003.2092014215.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2067766431.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: b1v3wl.13.dr, Web Data.25.dr, jm7qq1.13.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chrome.exe, 00000013.00000003.2092014215.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2067766431.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icondTripTime
Source: 000003.log6.25.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/%
Source: chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/(
Source: chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com//
Source: chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2
Source: chrome.exe, 00000013.00000003.2098730519.0000292C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2059846409.0000292C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2059973661.0000292C00728000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/8
Source: chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/9
Source: chrome.exe, 00000013.00000002.2155882437.0000292C00920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Enabled_Notice_M1_AllAPIs_GA4Kids_Stable_20230830htt
Source: chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/W
Source: chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Y
Source: chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/d
Source: chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/f
Source: chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000013.00000002.2155882437.0000292C00920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/https://google-ohttp-relay-query.fastly-edge.com/htt
Source: chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/m
Source: chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/p
Source: chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/z
Source: chrome.exe, 00000013.00000002.2155882437.0000292C00920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000013.00000003.2098730519.0000292C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2059846409.0000292C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2059973661.0000292C00728000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000013.00000003.2060486005.0000292C00878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000013.00000002.2155882437.0000292C00920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/=
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 00000013.00000003.2098730519.0000292C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2059846409.0000292C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2059973661.0000292C00728000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: msedge.exe, 00000017.00000002.2313896820.000020B8025A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000013.00000002.2160613736.0000653C02828000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000013.00000002.2165948636.0000653C02E0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/1664752731
Source: chrome.exe, 00000013.00000002.2170684969.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159900366.0000653C026C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162247531.0000653C02980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090014869.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074213027.0000653C03240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000013.00000002.2170684969.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159900366.0000653C026C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162247531.0000653C02980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090014869.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074213027.0000653C03240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000013.00000003.2059973661.0000292C00728000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000013.00000002.2155826830.0000292C00904000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000013.00000002.2154839611.0000292C00238000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard)
Source: chrome.exe, 00000013.00000003.2098730519.0000292C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2059846409.0000292C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2059973661.0000292C00728000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000013.00000003.2098730519.0000292C00974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2059846409.0000292C0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2059973661.0000292C00728000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000013.00000003.2097078209.0000653C03F44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboarde
Source: chrome.exe, 00000013.00000002.2155826830.0000292C00904000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000013.00000003.2059973661.0000292C00728000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000013.00000002.2159624770.0000653C02628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2091640268.0000653C03550000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090432034.0000653C034D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000013.00000003.2074743523.0000653C0340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074502852.0000653C0256C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074689610.0000653C0338C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000013.00000003.2074743523.0000653C0340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074502852.0000653C0256C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074689610.0000653C0338C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000013.00000003.2060528415.0000292C00880000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000013.00000003.2059973661.0000292C00728000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000013.00000002.2155882437.0000292C00920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000013.00000002.2155882437.0000292C00920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000013.00000002.2155798692.0000292C008D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/
Source: chrome.exe, 00000013.00000002.2171395063.0000653C034AD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2096956152.0000653C0349C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000013.00000002.2159624770.0000653C02628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2091640268.0000653C03550000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090432034.0000653C034D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: chrome.exe, 00000013.00000002.2165948636.0000653C02E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171395063.0000653C034AD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2096956152.0000653C0349C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webappld
Source: chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapprome_default
Source: chrome.exe, 00000013.00000002.2171395063.0000653C034AD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2096956152.0000653C0349C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000013.00000002.2165726197.0000653C02DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2170684969.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171395063.0000653C034AD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171159980.0000653C03350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2096956152.0000653C0349C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: msedge.exe, 00000017.00000002.2313896820.000020B8025A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.cn/
Source: msedge.exe, 00000017.00000002.2313896820.000020B8025A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.com/
Source: chrome.exe, 00000013.00000002.2160022156.0000653C026F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2161552667.0000653C02920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2170888473.0000653C03294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000013.00000002.2159868294.0000653C026AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162407496.0000653C029A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyf
Source: chrome.exe, 00000013.00000002.2169432510.0000653C030F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
Source: chrome.exe, 00000013.00000002.2162407496.0000653C029A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000013.00000002.2157077087.0000653C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2072667552.0000653C0310C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: 000003.log3.25.dr, 2cc80dabc69f58b6_0.25.dr	String found in binary or memory: https://ntp.msn.com
Source: 000003.log0.25.dr, 000003.log9.25.dr	String found in binary or memory: https://ntp.msn.com/
Source: 2cc80dabc69f58b6_1.25.dr, 000003.log9.25.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
Source: Session_13382953316487696.25.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: msedge.exe, 00000017.00000002.2313896820.000020B8025A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://office.net/
Source: chrome.exe, 00000013.00000003.2091640268.0000653C03550000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090375717.0000653C0360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090432034.0000653C034D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090404073.0000653C03614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000013.00000002.2165235968.0000653C02CE8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000013.00000003.2091640268.0000653C03550000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090375717.0000653C0360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090432034.0000653C034D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090404073.0000653C03614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000013.00000003.2091640268.0000653C03550000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090375717.0000653C0360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090432034.0000653C034D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090404073.0000653C03614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000013.00000002.2167366305.0000653C02FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171805776.0000653C03660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092014215.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068291838.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2167447624.0000653C02FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000013.00000002.2167366305.0000653C02FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171805776.0000653C03660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092014215.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2167447624.0000653C02FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000013.00000002.2167366305.0000653C02FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171805776.0000653C03660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092014215.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068291838.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2167447624.0000653C02FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000013.00000002.2165095767.0000653C02CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2167366305.0000653C02FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171805776.0000653C03660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092014215.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000013.00000002.2167366305.0000653C02FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171805776.0000653C03660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092014215.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068291838.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2158885758.0000653C024C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2167447624.0000653C02FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000013.00000002.2167366305.0000653C02FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171805776.0000653C03660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092014215.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000013.00000002.2165095767.0000653C02CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2167366305.0000653C02FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171805776.0000653C03660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092014215.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068291838.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2167447624.0000653C02FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2167646093.0000653C02FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000013.00000002.2167366305.0000653C02FA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171805776.0000653C03660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2167561658.0000653C02FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068291838.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2167447624.0000653C02FB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000013.00000002.2159900366.0000653C026C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000013.00000002.2158817942.0000653C024B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://payments.google.com/
Source: chrome.exe, 00000013.00000002.2158817942.0000653C024B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/AddSession
Source: msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/Logout
Source: msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
Source: msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/MergeSession
Source: msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/OAuthLogin
Source: msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
Source: msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/RotateBoundCookieshttps://permanently-removed.invalid/oauth2/v2/
Source: msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
Source: msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
Source: msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
Source: msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
Source: msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
Source: msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
Source: msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
Source: msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
Source: chrome.exe, 00000013.00000002.2164859985.0000653C02C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2072667552.0000653C0310C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000013.00000003.2074743523.0000653C0340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074502852.0000653C0256C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074689610.0000653C0338C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 00000013.00000002.2170846304.0000653C03288000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2172634442.0000653C03D24000.00000004.00000800.00020000.00000000.sdmp, chromecache_471.21.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chrome.exe, 00000013.00000002.2169638652.0000653C03128000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/log?format=json&hasfast=truee
Source: chromecache_475.21.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_475.21.dr	String found in binary or memory: https://plus.googleapis.com
Source: chrome.exe, 00000013.00000002.2157077087.0000653C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2072667552.0000653C0310C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000013.00000002.2156795848.0000653C0228C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000013.00000002.2158817942.0000653C024B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sandbox.google.com/
Source: chrome.exe, 00000013.00000002.2158817942.0000653C024B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: chrome.exe, 00000013.00000002.2156897500.0000653C022A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comb
Source: chrome.exe, 00000013.00000002.2170684969.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159900366.0000653C026C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162247531.0000653C02980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090014869.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074213027.0000653C03240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000013.00000002.2170684969.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159900366.0000653C026C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162247531.0000653C02980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090014869.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074213027.0000653C03240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactionsA
Source: 2cc80dabc69f58b6_1.25.dr	String found in binary or memory: https://srtb.msn.cn/
Source: 2cc80dabc69f58b6_1.25.dr	String found in binary or memory: https://srtb.msn.com/
Source: chrome.exe, 00000013.00000003.2088958547.0000653C02494000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000013.00000002.2159624770.0000653C02628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2091640268.0000653C03550000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090432034.0000653C034D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: chrome.exe, 00000013.00000002.2164652699.0000653C02BE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tasks.googleapis.com/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.25.dr	String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.25.dr	String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.25.dr	String found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: chromecache_475.21.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: Intention.9.dr, Insurance.com.2.dr	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, b1v3wl.13.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000013.00000002.2165726197.0000653C02DB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000013.00000002.2165726197.0000653C02DB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000013.00000002.2165726197.0000653C02DB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: Insurance.com.2.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: chrome.exe, 00000013.00000003.2088958547.0000653C02494000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 00000013.00000002.2170930876.0000653C03308000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000013.00000002.2159134124.0000653C02510000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000013.00000002.2160569381.0000653C0280C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000013.00000002.2162247531.0000653C02980000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000013.00000002.2162407496.0000653C029A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/Chary
Source: chrome.exe, 00000013.00000002.2170684969.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090014869.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074213027.0000653C03240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000013.00000002.2171395063.0000653C0349C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2096956152.0000653C0349C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: chrome.exe, 00000013.00000002.2166586466.0000653C02F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2163069563.0000653C02A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2164030258.0000653C02B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000013.00000002.2166586466.0000653C02F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2163069563.0000653C02A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2164030258.0000653C02B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000013.00000002.2160022156.0000653C026F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2161552667.0000653C02920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2160189857.0000653C02780000.00000004.00000800.00020000.00000000.sdmp, b1v3wl.13.dr, Web Data.25.dr, jm7qq1.13.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000013.00000002.2159624770.0000653C02628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2091640268.0000653C03550000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090432034.0000653C034D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en&tab=ri&ogbl
Source: chrome.exe, 00000013.00000003.2090432034.0000653C034D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090404073.0000653C03614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000013.00000003.2074689610.0000653C0338C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000013.00000002.2159900366.0000653C026C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000013.00000002.2164652699.0000653C02BE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000013.00000003.2088958547.0000653C02494000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: chrome.exe, 00000013.00000002.2158817942.0000653C024B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2156456827.0000653C0221C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chrome.exe, 00000013.00000002.2158817942.0000653C024B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: chrome.exe, 00000013.00000002.2158817942.0000653C024B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: chromecache_475.21.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_475.21.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000013.00000002.2158817942.0000653C024B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: chrome.exe, 00000013.00000002.2158817942.0000653C024B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000013.00000002.2158162005.0000653C0240C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000013.00000002.2170930876.0000653C03308000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000013.00000002.2170930876.0000653C03308000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000013.00000002.2159900366.0000653C026C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000013.00000003.2091640268.0000653C03550000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000013.00000003.2091586235.0000653C03144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090223389.0000653C03550000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092104955.0000653C03630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171590595.0000653C0359C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2091691664.0000653C0356C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2091504666.0000653C03594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2091640268.0000653C03550000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000013.00000003.2091640268.0000653C03550000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2166474538.0000653C02F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090375717.0000653C0360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090432034.0000653C034D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090404073.0000653C03614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.GeV8o4Zu9xM.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000013.00000003.2091640268.0000653C03550000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090375717.0000653C0360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090432034.0000653C034D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090404073.0000653C03614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.ibLFXwX0rCY.L.W.O/m=qmd
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000013.00000002.2166586466.0000653C02F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000013.00000002.2160378483.0000653C027C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytcaogl
Source: chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/N
Source: chrome.exe, 00000013.00000002.2172750242.0000653C03D7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165771818.0000653C02DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2170888473.0000653C03294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: chrome.exe, 00000013.00000002.2172750242.0000653C03D7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlP
Source: chrome.exe, 00000013.00000002.2172750242.0000653C03D7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlaultP
Source: chrome.exe, 00000013.00000002.2170888473.0000653C03294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt
Source: chrome.exe, 00000013.00000002.2172750242.0000653C03D7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlnjb

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.8:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.202.5.153:443 -> 192.168.2.8:49711 version: TLS 1.2

Source: C:\Users\user\Desktop\dOuC8iH5As.exe

Code function: 1_2_004050CD GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

1_2_004050CD

Source: C:\Users\user\Desktop\dOuC8iH5As.exe

Code function: 1_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

1_2_004044A5

Source: C:\Users\user\Desktop\dOuC8iH5As.exe

Code function: 1_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,

1_2_00403883

Source: C:\Users\user\Desktop\dOuC8iH5As.exe	File created: C:\Windows\DifficultMedicare			Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	File created: C:\Windows\PlainsO			Jump to behavior

Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_2_00406ED2	1_2_00406ED2
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_2_004074BB	1_2_004074BB
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_2_0040497C	1_2_0040497C

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\770098\Insurance.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49

Source: C:\Users\user\Desktop\dOuC8iH5As.exe

Code function: String function: 004062A3 appears 58 times

Source: dOuC8iH5As.exe

Static PE information: invalid certificate

Source: dOuC8iH5As.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: dOuC8iH5As.exe

Static PE information: Section: .reloc ZLIB complexity 1.002685546875

Source: 7qiw4w.13.dr

Binary string: #WriteOfflineHivesTerminateSetupModuleds\security\cryptoapi\cryptosetup\cryptosetup.cDCryptoSetup module terminatedCryptoSetupNewRegistryCallBackCryptoSetup EntropyWrite given invalid event typeCryptoSetup EntropyWrite given invalid event data sizeWriteEntropyToNewRegistryCryptoSetup failed to get Ksecdd entropy %08xRNGCryptoSetup failed to open system hive key %08xExternalEntropyCryptoSetup failed to write entropy into the system hive %08xCryptoSetup failed to close system hive key %08xCryptoSetup succeeded writing entropy key\Device\KsecDDWriteCapiMachineGuidCryptoSetup failed get entropy from ksecdd for CAPI machine guid %08x%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02xCryptoSetup failed to convert CAPI machine guid to string %08xMicrosoft\CryptographyCryptoSetup failed get open/create reg key for CAPI machine guid %08xMachineGuidCryptoSetup failed get write CAPI machine guid %08xCryptoSetup assigned CAPI machine guid "%s"

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@86/303@29/23

Source: C:\Users\user\Desktop\dOuC8iH5As.exe

1_2_004044A5

Source: C:\Users\user\Desktop\dOuC8iH5As.exe

Code function: 1_2_004024FB CoCreateInstance,

1_2_004024FB

Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\WJINHZVK.htm

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7640:120:WilError_03

Source: C:\Users\user\Desktop\dOuC8iH5As.exe

File created: C:\Users\user\AppData\Local\Temp\nsfDBC3.tmp

Jump to behavior

Source: dOuC8iH5As.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\dOuC8iH5As.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\dOuC8iH5As.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: chrome.exe, 00000013.00000002.2161552667.0000653C02933000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: 3ohv3ohva.13.dr, vk6xt0zus.13.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: tasklist.exe, 00000004.00000002.1438644791.0000000003390000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Processes;C""\|

Source: dOuC8iH5As.exe

Virustotal: Detection: 18%

Source: C:\Users\user\Desktop\dOuC8iH5As.exe

File read: C:\Users\user\Desktop\dOuC8iH5As.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\dOuC8iH5As.exe "C:\Users\user\Desktop\dOuC8iH5As.exe"
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Rc Rc.cmd & Rc.cmd
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 770098
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Stunning
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "Vote" Release
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 770098\Insurance.com + Tamil + Bulgaria + Bend + Eye + Jungle + Trial + Thick + Train + Intention 770098\Insurance.com
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Dealt + ..\Buffer + ..\Pediatric + ..\Tee + ..\Simply + ..\Exceed Y
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\770098\Insurance.com Insurance.com Y
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2268,i,17593014749431667383,9178978654020607195,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2540 --field-trial-handle=2400,i,14553860859743302056,4043188168258497087,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1988,i,9241448425073907245,4101574487254321429,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6960 --field-trial-handle=1988,i,9241448425073907245,4101574487254321429,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7112 --field-trial-handle=1988,i,9241448425073907245,4101574487254321429,262144 /prefetch:8
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Rc Rc.cmd & Rc.cmd	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 770098	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Stunning	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "Vote" Release	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 770098\Insurance.com + Tamil + Bulgaria + Bend + Eye + Jungle + Trial + Thick + Train + Intention 770098\Insurance.com	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Dealt + ..\Buffer + ..\Pediatric + ..\Tee + ..\Simply + ..\Exceed Y	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\770098\Insurance.com Insurance.com Y	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2268,i,17593014749431667383,9178978654020607195,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2540 --field-trial-handle=2400,i,14553860859743302056,4043188168258497087,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1988,i,9241448425073907245,4101574487254321429,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6960 --field-trial-handle=1988,i,9241448425073907245,4101574487254321429,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7112 --field-trial-handle=1988,i,9241448425073907245,4101574487254321429,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\extrac32.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\choice.exe	Section loaded: version.dll	Jump to behavior

Source: C:\Users\user\Desktop\dOuC8iH5As.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\tasklist.exe tasklist

Source: Google Drive.lnk.19.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.19.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.19.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.19.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.19.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.19.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: dOuC8iH5As.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: cryptosetup.pdbGCTL source: 7qiw4w.13.dr
Source:	Binary string: cryptosetup.pdb source: 7qiw4w.13.dr

Source: C:\Users\user\Desktop\dOuC8iH5As.exe

Code function: 1_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,

1_2_004062FC

Source: dOuC8iH5As.exe

Static PE information: real checksum: 0xf352f should be: 0xf7844

Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007ED278 push eax; retf	1_3_007ED2C9
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007F1233 push ss; iretd	1_3_007F1234
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007EBC17 push es; ret	1_3_007EBCFE
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007EBCA0 push es; ret	1_3_007EBCFE
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007F1133 push ss; iretd	1_3_007F1134
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007EBB2F push es; ret	1_3_007EBC16
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007E8128 push es; ret	1_3_007E8186
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007EB718 push es; ret	1_3_007EB78E
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007E7DD4 push ebp; iretd	1_3_007E7DD5
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007E6BBE push es; ret	1_3_007E6C46
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007E7DBE push ebp; iretd	1_3_007E7DBF
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007EBBB8 push es; ret	1_3_007EBC16
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007E85AC push ebp; iretd	1_3_007E85AD
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007E7BA8 push es; ret	1_3_007E7C06
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007EC3A8 push es; ret	1_3_007EC43E
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007E8596 push ebp; iretd	1_3_007E8597
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_3_007EB78F push es; ret	1_3_007EBB2E

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Temp\770098\Insurance.com

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File created: C:\ProgramData\opz5f\7qiw4w			Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\770098\Insurance.com			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com

File created: C:\ProgramData\opz5f\7qiw4w

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com

File created: C:\ProgramData\opz5f\7qiw4w

Jump to dropped file

Boot Survival

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com

Dropped PE file which has not been started: C:\ProgramData\opz5f\7qiw4w

Jump to dropped file

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_2_004062D5 FindFirstFileW,FindClose,	1_2_004062D5
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_2_00402E18 FindFirstFileW,	1_2_00402E18
Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Code function: 1_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	1_2_00406C9B

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\770098\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\770098	Jump to behavior

Source: chrome.exe, 00000013.00000002.2165235968.0000653C02CE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware
Source: jm7qq1.13.dr	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual USB Mouse
Source: jm7qq1.13.dr	Binary or memory string: discord.comVMware20,11696494690f
Source: jm7qq1.13.dr	Binary or memory string: AMC password management pageVMware20,11696494690
Source: jm7qq1.13.dr	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: jm7qq1.13.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: jm7qq1.13.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: jm7qq1.13.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: jm7qq1.13.dr	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: jm7qq1.13.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: jm7qq1.13.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: jm7qq1.13.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: jm7qq1.13.dr	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: msedge.exe, 00000017.00000003.2195602269.000020B802524000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware20,1(
Source: jm7qq1.13.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: jm7qq1.13.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: jm7qq1.13.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: jm7qq1.13.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: chrome.exe, 00000013.00000002.2142285215.0000018E3D208000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000017.00000002.2279109085.0000018C58A44000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: jm7qq1.13.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: jm7qq1.13.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: jm7qq1.13.dr	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: chrome.exe, 00000013.00000002.2143734086.0000018E40DE9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_
Source: jm7qq1.13.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: chrome.exe, 00000013.00000002.2158613476.0000653C02490000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=ed04fdf6-f48a-4b5d-b0c5-c28c1a103985
Source: jm7qq1.13.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: jm7qq1.13.dr	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: jm7qq1.13.dr	Binary or memory string: global block list test formVMware20,11696494690
Source: jm7qq1.13.dr	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: jm7qq1.13.dr	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: jm7qq1.13.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: jm7qq1.13.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: jm7qq1.13.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: jm7qq1.13.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: jm7qq1.13.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: jm7qq1.13.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE

Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\dOuC8iH5As.exe

Code function: 1_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,

1_2_004062FC

Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\dOuC8iH5As.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Rc Rc.cmd & Rc.cmd	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 770098	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Stunning	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "Vote" Release	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 770098\Insurance.com + Tamil + Bulgaria + Bend + Eye + Jungle + Trial + Thick + Train + Intention 770098\Insurance.com	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Dealt + ..\Buffer + ..\Pediatric + ..\Tee + ..\Simply + ..\Exceed Y	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\770098\Insurance.com Insurance.com Y	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior

Source: Insurance.com, 0000000D.00000000.1454337598.00000000009A3000.00000002.00000001.01000000.00000008.sdmp, Insurance.com.2.dr, Train.9.dr

Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning

Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\dOuC8iH5As.exe

Code function: 1_2_00406805 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,

1_2_00406805

Stealing of Sensitive Information

Yara detected Vidar stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kz8kl7vh.default\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\crashes\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\db\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\security_state\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\to-be-removed\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\crashes\events\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\events\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\pending_pings\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\bookmarkbackups\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\archived\2023-10\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\saved-telemetry-pings\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\archived\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\tmp\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\minidumps\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\sessionstore-backups\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\key4.db	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Temp\770098\Insurance.com

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

Yara detected Vidar stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	2 OS Credential Dumping	3 File and Directory Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	1 Registry Run Keys / Startup Folder	1 Extra Window Memory Injection	2 Obfuscated Files or Information	11 Input Capture	14 System Information Discovery	Remote Desktop Protocol	3 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	12 Process Injection	1 Software Packing	Security Account Manager	1 Query Registry	SMB/Windows Admin Shares	11 Input Capture	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	NTDS	1 Security Software Discovery	Distributed Component Object Model	1 Clipboard Data	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Extra Window Memory Injection	LSA Secrets	3 Process Discovery	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	121 Masquerading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Process Injection	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
dOuC8iH5As.exe	18%	Virustotal		Browse
dOuC8iH5As.exe	8%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Label	Link
C:\ProgramData\opz5f\7qiw4w	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\770098\Insurance.com	0%	ReversingLabs

Source	Detection	Scanner	Label
https://permanently-removed.invalid/RotateBoundCookieshttps://permanently-removed.invalid/oauth2/v2/	0%	Avira URL Cloud	safe
https://docs.googl0	0%	Avira URL Cloud	safe
https://issuetracker.google.com/issues/1664752731	0%	Avira URL Cloud	safe
https://drive-daily-4.c	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	172.64.41.3	true	false	high
plus.l.google.com	216.58.206.78	true	false	high
a416.dscd.akamai.net	2.19.126.152	true	false	high
t.me	149.154.167.99	true	false	high
a-0003.a-msedge.net	204.79.197.203	true	false	high
c-msn-pme.trafficmanager.net	13.74.129.1	true	false	high
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	high
ax-0001.ax-msedge.net	150.171.28.10	true	false	high
getyour.cyou	116.202.5.153	true	false	high
play.google.com	216.58.212.174	true	false	high
sb.scorecardresearch.com	18.244.18.38	true	false	high
www.google.com	216.58.212.164	true	false	high
e28578.d.akamaiedge.net	2.23.209.51	true	false	high
googlehosted.l.googleusercontent.com	172.217.16.129	true	false	high
assets.msn.com	unknown	unknown	false	high
c.msn.com	unknown	unknown	false	high
HFlakauawzP.HFlakauawzP	unknown	unknown	false	unknown
ntp.msn.com	unknown	unknown	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1738479723480&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
https://clients2.googleusercontent.com/crx/blobs/ASuc5ohfQPNzGo5SSihcSk6msC8CUKw5id-p0KCEkBKwK2LS4AjdrDP0wa1qjzCTaTWEfyM52ADmUAdPETYA5vgD87UPEj6gyG11hjsvMLHGmzQgJ9F5D8s8Lo0Lbai5BQYAxlKa5esPJXukyaicyq83JwZ0HIWqzrjN/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_86_1_0.crx	false	high
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531	false	high
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true	false	high
https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1738479724477&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
https://bzib.nelreports.net/api/report?cat=bingbusiness	false	high
https://assets.msn.com/statics/icons/favicon_newtabpage.png	false	high
https://sb.scorecardresearch.com/b2?rn=1738479721203&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2F2B8D682846685134F998EF29416959&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	chrome.exe, 00000013.00000003.2092014215.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2067766431.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, b1v3wl.13.dr, Web Data.25.dr, jm7qq1.13.dr	false		high
https://mail.google.com/mail/?usp=installed_webapp	chrome.exe, 00000013.00000002.2165948636.0000653C02E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2171395063.0000653C034AD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2096956152.0000653C0349C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/(	chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp, b1v3wl.13.dr, Web Data.25.dr, jm7qq1.13.dr	false		high
https://google-ohttp-relay-join.fastly-edge.com//	chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	false		high
https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing	chrome.exe, 00000013.00000002.2156795848.0000653C0228C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/presentation/ogld_Control_20230922aibag	chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/2	chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/oauth2/v2/tokeninfo	msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	false		high
https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b	chrome.exe, 00000013.00000002.2161552667.0000653C02920000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/J	chrome.exe, 00000013.00000002.2171395063.0000653C034AD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone	chrome.exe, 00000013.00000002.2169432510.0000653C030F4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4633	chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7382	chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/284462263	msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/9	chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	false		high
https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=be	chrome.exe, 00000013.00000002.2164387060.0000653C02B94000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/8	chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	false		high
https://deff.nelreports.net/api/report?cat=msn	Reporting and NEL.26.dr, 2cc80dabc69f58b6_0.25.dr	false		high
https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly	chrome.exe, 00000013.00000002.2170684969.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159900366.0000653C026C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162247531.0000653C02980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090014869.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074213027.0000653C03240000.00000004.00000800.00020000.00000000.sdmp	false		high
https://deff.nelreports.net/api/report	Reporting and NEL.26.dr	false		high
https://publickeyservice.gcp.privacysandboxservices.com	chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/AUTHORS.txt	chrome.exe, 00000013.00000003.2074130434.0000653C02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2164144904.0000653C02B63000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073429198.0000653C032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074743523.0000653C0340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074161669.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2072983294.0000653C032A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073133465.0000653C032B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074502852.0000653C0256C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073260034.0000653C031C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073205366.0000653C03300000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074689610.0000653C0338C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074213027.0000653C0321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074186692.0000653C03038000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/	manifest.json.25.dr	false		high
https://docs.google.com/document/:	chrome.exe, 00000013.00000002.2171395063.0000653C034AD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://publickeyservice.pa.aws.privacysandboxservices.com	chrome.exe, 00000013.00000003.2096215911.0000653C03A0C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://deff.nelreports.net/api/report?cat=msnw	Reporting and NEL.26.dr	false		high
https://photos.google.com/settings?referrer=CHROME_NTP	chrome.exe, 00000013.00000002.2164859985.0000653C02C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2072667552.0000653C0310C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7714	chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
http://unisolated.invalid/	chrome.exe, 00000013.00000002.2164442316.0000653C02BB4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://photos.google.com?referrer=CHROME_NTP	chrome.exe, 00000013.00000003.2074743523.0000653C0340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074502852.0000653C0256C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074689610.0000653C0338C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/W	chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/chrome/tips/	chrome.exe, 00000013.00000002.2166586466.0000653C02F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2163069563.0000653C02A20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2164030258.0000653C02B28000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive.google.com/?lfhs=2	chrome.exe, 00000013.00000002.2170979200.0000653C03318000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2166586466.0000653C02F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6248	chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ogs.google.com/widget/callout?eom=1	chrome.exe, 00000013.00000003.2091640268.0000653C03550000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090375717.0000653C0360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090432034.0000653C034D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090404073.0000653C03614000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/Y	chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6929	chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5281	chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.youtube.com/?feature=ytca	chrome.exe, 00000013.00000002.2166586466.0000653C02F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159473669.0000653C02623000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2064365775.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.googl0	chrome.exe, 00000013.00000002.2159134124.0000653C02510000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://google-ohttp-relay-join.fastly-edge.com/f	chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/d	chrome.exe, 00000013.00000003.2100558970.0000653C03B54000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/255411748	msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/u/0/create?usp=chrome_actions	chrome.exe, 00000013.00000002.2170684969.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2159900366.0000653C026C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162247531.0000653C02980000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2090014869.0000653C03240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162117485.0000653C02968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074213027.0000653C03240000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/oauth2/v4/token	msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7246	chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7369	chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7489	chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/presentation/	chrome.exe, 00000013.00000002.2170979200.0000653C03318000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/?q=	chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstore	chrome.exe, 00000013.00000003.2071478669.0000653C02EFC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000002.2313208212.000020B80237C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdnjs.cloudflare.com/ajax/libs/mathjax/	service_worker_bin_prod.js.25.dr, offscreendocument_main.js.25.dr	false		high
https://drive-daily-2.corp.google.com/	manifest.json.25.dr	false		high
https://issuetracker.google.com/issues/1664752731	chrome.exe, 00000013.00000002.2165948636.0000653C02E0C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://polymer.github.io/PATENTS.txt	chrome.exe, 00000013.00000003.2074130434.0000653C02E48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2164144904.0000653C02B63000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073429198.0000653C032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074743523.0000653C0340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074161669.0000653C0283C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2072983294.0000653C032A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073133465.0000653C032B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074502852.0000653C0256C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073260034.0000653C031C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2073205366.0000653C03300000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074689610.0000653C0338C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074213027.0000653C0321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074186692.0000653C03038000.00000004.00000800.00020000.00000000.sdmp	false		high
https://payments.google.com/payments/v4/js/integrator.js	chrome.exe, 00000013.00000002.2158817942.0000653C024B0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.ico	chrome.exe, 00000013.00000002.2165726197.0000653C02DB4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://unitedstates1.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.25.dr	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	b1v3wl.13.dr, Web Data.25.dr, jm7qq1.13.dr	false		high
http://www.autoitscript.com/autoit3/X	Insurance.com, 0000000D.00000000.1454750792.00000000009B5000.00000002.00000001.01000000.00000008.sdmp, Insurance.com.2.dr, Train.9.dr	false		high
https://issuetracker.google.com/161903006	msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/RotateBoundCookieshttps://permanently-removed.invalid/oauth2/v2/	msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, b1v3wl.13.dr	false		high
https://drive-daily-1.corp.google.com/	manifest.json.25.dr	false		high
https://www.youtube.com/	chrome.exe, 00000013.00000002.2165983782.0000653C02E20000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-daily-5.corp.google.com/	manifest.json.25.dr	false		high
https://duckduckgo.com/favicon.ico	chrome.exe, 00000013.00000003.2092014215.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2067766431.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2068989455.0000653C02DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2092269330.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2074471364.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2088625721.0000653C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions	chrome.exe, 00000013.00000002.2160022156.0000653C026F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2161552667.0000653C02920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2170888473.0000653C03294000.00000004.00000800.00020000.00000000.sdmp	false		high
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy	chrome.exe, 00000013.00000002.2159868294.0000653C026AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2162407496.0000653C029A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp	false		high
https://plus.google.com	chromecache_475.21.dr	false		high
https://docs.google.com/spreadsheets/	chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/chrome/blank.html	msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3078	chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/7553	chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5375	chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/v1/issuetoken	msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.youtube.com/s/notifications/manifest/cr_install.htmllt	chrome.exe, 00000013.00000002.2170888473.0000653C03294000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5371	chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4722	chrome.exe, 00000013.00000002.2160805514.0000653C0288C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069818335.0000653C03038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.2069779309.0000653C025D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
https://m.google.com/devicemanagement/data/api	chrome.exe, 00000013.00000002.2158014725.0000653C023C4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://permanently-removed.invalid/reauth/v1beta/users/	msedge.exe, 00000017.00000003.2206866322.000020B802474000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.youtube.com/s/notifications/manifest/cr_install.htmlP	chrome.exe, 00000013.00000002.2172750242.0000653C03D7C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/presentation/u/0/create?usp=chrome_actions	chrome.exe, 00000013.00000002.2160022156.0000653C026F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2161552667.0000653C02920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.2170888473.0000653C03294000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/7556	chrome.exe, 00000013.00000002.2165677751.0000653C02D68000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207643517.000020B802564000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000003.2207422737.000020B802578000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-daily-4.c	chrome.exe, 00000013.00000002.2159134124.0000653C02510000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://chromewebstore.google.com/	chrome.exe, 00000013.00000002.2156456827.0000653C0221C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000017.00000002.2313208212.000020B80237C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.25.dr	false		high
https://www.youtube.com/?feature=ytcaogl	chrome.exe, 00000013.00000002.2160378483.0000653C027C4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-preprod.corp.google.com/	manifest.json.25.dr	false		high
https://srtb.msn.cn/	2cc80dabc69f58b6_1.25.dr	false		high
https://chrome.google.com/webstore/	manifest.json0.25.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
216.58.212.164	www.google.com	United States	15169	GOOGLEUS	false
104.70.121.185	unknown	United States	20940	AKAMAI-ASN1EU	false
2.23.209.51	e28578.d.akamaiedge.net	European Union	1273	CWVodafoneGroupPLCEU	false
216.58.206.78	plus.l.google.com	United States	15169	GOOGLEUS	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
116.202.5.153	getyour.cyou	Germany	24940	HETZNER-ASDE	false
13.74.129.1	c-msn-pme.trafficmanager.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.42.73.27	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
216.58.212.174	play.google.com	United States	15169	GOOGLEUS	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
18.173.219.84	unknown	United States	3	MIT-GATEWAYSUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
172.217.16.129	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
104.70.121.179	unknown	United States	20940	AKAMAI-ASN1EU	false
18.244.18.38	sb.scorecardresearch.com	United States	16509	AMAZON-02US	false
23.209.72.28	unknown	United States	20940	AKAMAI-ASN1EU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
2.19.126.152	a416.dscd.akamai.net	European Union	16625	AKAMAI-ASUS	false
204.79.197.203	a-0003.a-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.8
127.0.0.1

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1604948
Start date and time:	2025-02-02 07:59:36 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	35
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	dOuC8iH5As.exe renamed because original name is a hash value
Original Sample Name:	ab15ed3fb089ef3562d68a210b3529cf.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@86/303@29/23
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 35 Number of non-executed functions: 37
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.227, 216.58.206.46, 64.233.167.84, 142.250.184.238, 142.250.185.78, 142.250.186.35, 142.250.185.106, 142.250.185.202, 142.250.186.42, 142.250.186.138, 172.217.23.106, 142.250.185.138, 172.217.18.10, 172.217.18.106, 142.250.185.170, 216.58.206.42, 142.250.185.234, 172.217.16.202, 142.250.185.74, 142.250.181.234, 142.250.186.74, 142.250.186.106, 2.17.190.73, 13.107.42.16, 13.107.21.239, 204.79.197.239, 142.250.186.110, 13.107.6.158, 48.209.180.244, 2.16.164.32, 2.16.164.74, 2.21.65.154, 2.21.65.132, 108.141.37.120, 142.250.176.195, 52.149.20.212, 184.28.90.27, 23.206.229.226, 94.245.104.56, 20.190.160.14, 23.40.179.38, 13.107.246.40, 23.59.251.218, 13.91.222.61, 150.171.28.10
Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, prod-agic-ne-6.northeurope.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, redirector.gvt1.com, www.bing.com.edgekey.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, th.bing.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, bingadsedgeextension-prod.trafficmanager.net, th.bing.com.edgekey.net, api.edgeoffer.microsoft.com, ogads-pa.googleapis.com, p-th.bing.com.trafficmanager.net, b-0005.b-msedge.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, prod-agic-we-5.westeurope.cloudapp.azure.com, fe3cr.delivery.mp.microsof
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
02:00:35	API Interceptor	1x Sleep call for process: dOuC8iH5As.exe modified
02:00:38	API Interceptor	26x Sleep call for process: Insurance.com modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
162.159.61.3	uykb.exe	Get hash	malicious	Vidar	Browse
	random.exe	Get hash	malicious	Vidar	Browse
	2UG4oJgDRo.lnk	Get hash	malicious	Metastealer	Browse
	1l1ohfybAf.exe	Get hash	malicious	Vidar	Browse
	random.exe	Get hash	malicious	Vidar	Browse
	Rtgs-RUATT6761105.html	Get hash	malicious	Branchlock Obfuscator, SVG Dropper	Browse
	SoftWareGX.exe	Get hash	malicious	Vidar	Browse
	82.msi	Get hash	malicious	Unknown	Browse
	archifiltre-mails-win.msi	Get hash	malicious	HTMLPhisher	Browse
	kf-dcp-download-setup.exe	Get hash	malicious	Unknown	Browse
2.23.209.51	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	Complete with Docusign andrew.pdf	Get hash	malicious	Tycoon2FA	Browse
	https://www.iodatasphere.com/apply.php?jobID=6%22%3E%3Cdiv%3E%3CSCRIpt%3E%0D%0Anartub%3D%28golx%29%3D%3Ethis%5B%27decod%27%2B%27eURICo%27%2B%27mponent%27%5D%28this%5B%27ato%27%2B%27b%27%5D%28golx%29%29%3B%0D%0Asaizo%3Dthis%5B%27doc%27%2B%27um%27%2B%27ent%27%5D%3Bsaizox%3Dthis%5B%27wi%27%2B%27nd%27%2B%27ow%27%5D%3B%0D%0Asaizo%5B%27title%27%5D%3D%27%5E.%5E%27%3B%20saizo%5B%27body%27%5D%5B%27style%27%5D%5B%27display%27%5D%3D%27none%27%3B%0D%0Asaizox%5B%27ope%27%2B%27n%27%5D%28nartub%28%27JTY4JTc0JTc0JTcwJTczJTNBJTJGJTJGJTY5JTZEJTcwJTc1JTc0JTY1JTZDJTY1JTc0JTc0JTY1JTcyJTJFJTYzJTZGJTZEJTJGJTMwJTJGJTMwJTJGJTMwJTJGJTYzJTY2JTY0JTMyJTM2JTM5JTM3JTM4JTYyJTMxJTY0JTYxJTM5JTM3JTYzJTY0JTM1JTMyJTYzJTM3JTM0JTMzJTM2JTY1JTMxJTYzJTMwJTM1JTYxJTM3JTM5JTYz%27%29%2B%27%2F9%2F293-11192%2F964-3837-18102%2F%27%2Cnartub%28%27JTVGJTczJTY1JTZDJTY2%27%29%29%3B%0D%0A%3C%2FSCRIpt%3E	Get hash	malicious	Unknown	Browse
	Inv_Scan_06_15(124).js	Get hash	malicious	IcedID	Browse
	https://www.msn.com/en-us/sports/nba/breaking-denver-nuggets-reportedly-make-a-trade-before-game-4/ar-AA1cllsb?rc=1&ocid=winp1taskbar&cvid=d0b00654e40a48619dffeac9949448a1&ei=22	Get hash	malicious	Unknown	Browse
	AWB_Invoice.exe	Get hash	malicious	FormBook, GuLoader	Browse
	Swift_mesaj.exe	Get hash	malicious	FormBook, GuLoader	Browse
149.154.167.99	http://45.142.208.144.sslip.io/blog/	Get hash	malicious	Unknown	Browse	telegram.org/img/emoji/40/F09F9889.png
	http://xn--r1a.website/s/ogorodru	Get hash	malicious	Unknown	Browse	telegram.org/img/favicon.ico
	http://cryptorabotakzz.com/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://cache.netflix.com.id1.wuush.us.kg/	Get hash	malicious	Unknown	Browse	telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
	http://investors.spotify.com.sg2.wuush.us.kg/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://bekaaviator.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegramtw1.org/	Get hash	malicious	Unknown	Browse	telegram.org/?setln=pl
	http://makkko.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegram.dog	Get hash	malicious	Unknown	Browse	telegram.dog/
	LnSNtO8JIa.exe	Get hash	malicious	Cinoshi Stealer	Browse	t.me/cinoshibot

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
chrome.cloudflare-dns.com	PiTolfRfLG.exe	Get hash	malicious	Amadey, Credential Flusher, GCleaner, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	172.64.41.3
	oaBqkImU6R.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Vidar	Browse	172.64.41.3
	uykb.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	random.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	SQ1NgqeTQy.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, KeyLogger, LummaC Stealer, Stealc, StormKitty	Browse	162.159.61.3
	0xqfQZufeQ.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, GCleaner, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	DbCMTMgeJo.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, KeyLogger, LummaC Stealer, PureLog Stealer, Stealc	Browse	172.64.41.3
	2UG4oJgDRo.lnk	Get hash	malicious	Metastealer	Browse	172.64.41.3
	AApUa7VQiy.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Socks5Systemz, Stealc, Vidar	Browse	172.64.41.3
	1l1ohfybAf.exe	Get hash	malicious	Vidar	Browse	162.159.61.3
a416.dscd.akamai.net	PiTolfRfLG.exe	Get hash	malicious	Amadey, Credential Flusher, GCleaner, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	2.22.242.11
	oaBqkImU6R.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Vidar	Browse	2.22.242.105
	uykb.exe	Get hash	malicious	Vidar	Browse	2.19.126.152
	random.exe	Get hash	malicious	Vidar	Browse	2.19.126.152
	SQ1NgqeTQy.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, KeyLogger, LummaC Stealer, Stealc, StormKitty	Browse	2.19.11.120
	0xqfQZufeQ.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, GCleaner, LummaC Stealer, Stealc, Vidar	Browse	2.19.126.152
	DbCMTMgeJo.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, KeyLogger, LummaC Stealer, PureLog Stealer, Stealc	Browse	2.19.126.152
	2UG4oJgDRo.lnk	Get hash	malicious	Metastealer	Browse	2.19.11.120
	AApUa7VQiy.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Socks5Systemz, Stealc, Vidar	Browse	2.19.11.100
	1l1ohfybAf.exe	Get hash	malicious	Vidar	Browse	2.19.126.152

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	PiTolfRfLG.exe	Get hash	malicious	Amadey, Credential Flusher, GCleaner, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	149.154.167.99
	oaBqkImU6R.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Vidar	Browse	149.154.167.99
	JmjZxSWBKZ.exe	Get hash	malicious	Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	149.154.167.99
	https://https.www-tg-telegram.org/paetsec	Get hash	malicious	Unknown	Browse	149.154.167.99
	http://www.musepay.io/	Get hash	malicious	Unknown	Browse	149.154.167.99
	tvhaqk.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	uykb.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	random.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	random.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, RedLine, Stealc, Vidar	Browse	149.154.167.99
	random.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, Stealc	Browse	149.154.167.220
CWVodafoneGroupPLCEU	uykb.exe	Get hash	malicious	Vidar	Browse	2.23.209.3
	random.exe	Get hash	malicious	Vidar	Browse	2.23.209.59
	1l1ohfybAf.exe	Get hash	malicious	Vidar	Browse	2.23.209.20
	m4JIZpBl3o.exe	Get hash	malicious	Unknown	Browse	2.23.209.50
	nklarm5.elf	Get hash	malicious	Unknown	Browse	193.164.178.75
	ATT43730.htm	Get hash	malicious	Unknown	Browse	2.23.209.34
	3336289443034028467.js	Get hash	malicious	Strela Downloader	Browse	2.23.197.184
	25613234042116019606.js	Get hash	malicious	Strela Downloader	Browse	2.23.197.184
	1487555391098431533.js	Get hash	malicious	Strela Downloader	Browse	2.23.197.184
	ATTT003.html	Get hash	malicious	HTMLPhisher	Browse	2.23.209.17
AKAMAI-ASN1EU	F0qGTeCiiA.exe	Get hash	malicious	LummaC Stealer	Browse	2.22.242.82
	4KqBEUilfm.exe	Get hash	malicious	LummaC Stealer	Browse	2.22.242.82
	0D2DZnHIY7.exe	Get hash	malicious	LummaC Stealer	Browse	2.22.242.82
	OkR84QGzx7.exe	Get hash	malicious	LummaC Stealer	Browse	2.22.242.139
	https://f6p4fxqv.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.penguinrandomhouse.com%2Fsinglepref%2Funsubscribe%3FSubscriptionGuid=69F89BE7D7330CE7E0534FD66B0AEF04%26PreferenceId=85001%26PreferenceKey=26961%26target=https:%2F%2Fioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com%2Fb4.html%23dmFoaWQubWFsZWtpQGFyeWFzYXNvbC5jb20=/1/01000194a92e94f2-f7288fec-a96c-42b8-bfff-ff55db5a5f1d-000000/_CWT2U-lHFJ9BiK4LN4DTLctxc0=410	Get hash	malicious	Unknown	Browse	172.233.158.186
	https://steamconmuntity.com/activation/gift/id=1131341079	Get hash	malicious	Unknown	Browse	95.101.149.47
	https://sock-zizifn-rixcloud.254052671.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	2.21.65.135
	https://u.to/NL2jIQ	Get hash	malicious	Unknown	Browse	95.101.149.47
	http://worker-rough-union-fahim.fahimmlbb77.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	2.16.164.10
	https://sreamccommnunlty.com/sutr/tresf/foodl	Get hash	malicious	Unknown	Browse	95.101.149.47

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	PiTolfRfLG.exe	Get hash	malicious	Amadey, Credential Flusher, GCleaner, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	116.202.5.153 149.154.167.99
	uH1vlBgtMR.exe	Get hash	malicious	Unknown	Browse	116.202.5.153 149.154.167.99
	oaBqkImU6R.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Vidar	Browse	116.202.5.153 149.154.167.99
	anov3mrRa1.lnk	Get hash	malicious	Unknown	Browse	116.202.5.153 149.154.167.99
	JmjZxSWBKZ.exe	Get hash	malicious	Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	116.202.5.153 149.154.167.99
	tvhaqk.exe	Get hash	malicious	Vidar	Browse	116.202.5.153 149.154.167.99
	uykb.exe	Get hash	malicious	Vidar	Browse	116.202.5.153 149.154.167.99
	random.exe	Get hash	malicious	Vidar	Browse	116.202.5.153 149.154.167.99
	random.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, RedLine, Stealc, Vidar	Browse	116.202.5.153 149.154.167.99
	random.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, Stealc	Browse	116.202.5.153 149.154.167.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\opz5f\7qiw4w	SQ1NgqeTQy.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, KeyLogger, LummaC Stealer, Stealc, StormKitty	Browse
	1l1ohfybAf.exe	Get hash	malicious	Vidar	Browse
	random.exe	Get hash	malicious	Vidar	Browse
	2E02vIiMfd.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, PureLog Stealer, Socks5Systemz, Vidar	Browse
	random.exe	Get hash	malicious	Vidar	Browse
	25xTHcaF7V.exe	Get hash	malicious	Vidar	Browse
	test.hta	Get hash	malicious	Vidar	Browse
	din.exe	Get hash	malicious	Vidar	Browse
	yoda.exe	Get hash	malicious	Vidar	Browse
	lem.exe	Get hash	malicious	Vidar	Browse
C:\Users\user\AppData\Local\Temp\770098\Insurance.com	oaBqkImU6R.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Vidar	Browse
	V3.13 SETUP.exe	Get hash	malicious	Amadey, LummaC Stealer	Browse
	SQ1NgqeTQy.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, KeyLogger, LummaC Stealer, Stealc, StormKitty	Browse
	DbCMTMgeJo.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, KeyLogger, LummaC Stealer, PureLog Stealer, Stealc	Browse
	AApUa7VQiy.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Socks5Systemz, Stealc, Vidar	Browse
	1l1ohfybAf.exe	Get hash	malicious	Vidar	Browse
	W6Wj4yCmmU.exe	Get hash	malicious	KeyLogger, StormKitty, VenomRAT	Browse
	New V1.0.1.exe	Get hash	malicious	RHADAMANTHYS	Browse
	setup.exe	Get hash	malicious	LummaC Stealer	Browse
	setup.exe	Get hash	malicious	LummaC Stealer	Browse

Input	Output
URL: email Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": [ "No headers provided to analyze", "Cannot make security assessment without header information", "Default to low risk score due to lack of evidence" ] }
Date: unknown

Process:	C:\Users\user\AppData\Local\Temp\770098\Insurance.com
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	10219
Entropy (8bit):	4.966520026409024
Encrypted:	false
SSDEEP:	96:NPgBOOzJMk67cY82SGrPVYRjDjXK2F6KJzLLwGXtXqWgrjj31jj6OzJMk67cY82s:UYwP62I+Wr3JjkwP62I+Ws
MD5:	381138FA1B1C4C298AD2441898677ED6
SHA1:	B8A0B0ECAAF6F3BBD7C27DD54ACD4BC3366DD0A4
SHA-256:	D4EE07BC2183E3D013B68B080B9E2F603676B27F8B0C95CCA2ED533BC671FAFA
SHA-512:	095C2B1C129C36125FE17ED096FDE58AE0F8AF61527D9AEDCAB379C3221BF09D87F28846E6FA3CF9FE05C750689A2ADFCDD1AB67409780A12A425A33219858EC
Malicious:	false
Preview:	.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly>.. <assemblyIdentity.. buildType="release".. language="neutral".. name="Microsoft-Windows-Authentication-AuthUI-Component".. processorArchitecture="*".. publicKeyToken="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. optimizePatterns="no".. offlineApply="no".. replacementSettingsVersionRange="0".. replacementVersionRange="6.2-10.0".. scope="MigWiz,Upgrade".. settingsVersion="0".. >.. <migXml xmlns="">.. <rules context="System">.. <include>.. <objectSet>.. Downlevel settings -->.. <pattern type="Registry">HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon [DefaultUserName]</pattern>.. <pattern type="Registry">HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon [DefaultDomainName]</pattern>.. <pattern type="Registry">HKLM\Software\Microsof

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45716
Entropy (8bit):	6.0878947792865565
Encrypted:	false
SSDEEP:	768:wMkbJ6eg6KzhXRLrDX1xQO9LmZL7Pb+2hS/P9nQ5QWkXtQvq4C1o/wWE7RTupzKf:wMk16zRRvDX1xgB/k9QLIo/oRTuiz
MD5:	F517A9502DBD5E569C6046C450DF4860
SHA1:	B6F3D4E24A7A9421CBEDA068CD7AC572FD0CB67A
SHA-256:	F888299E3AD2631F8AA05D9E087B6706E540F1E02C8E48C312A3C2B41CAEFA6E
SHA-512:	3CB8D31B84A0B5E9C9CA713F78B18BB4F18949925CDC28DDD0522E9DC8713538DFE8197022040D3B81381AC51539E73C7EC46B9ADB93DB01E1D1BF4A9CA6506C
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"41240b11-d53e-4f18-9b96-a4353f50d0c6"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1738479718"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report dOuC8iH5As.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Sigma Signatures

System Summary

HIPS / PFW / Operating System Protection Evasion

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\opz5f\0rqq1n

C:\ProgramData\opz5f\2n79hd

C:\ProgramData\opz5f\3ohv3ohva

C:\ProgramData\opz5f\3w47qi

C:\ProgramData\opz5f\58q9zm

C:\ProgramData\opz5f\6ppppz

C:\ProgramData\opz5f\7qiw4w

C:\ProgramData\opz5f\b1v3wl

C:\ProgramData\opz5f\euk6p8

C:\ProgramData\opz5f\f37g4o

C:\ProgramData\opz5f\g4wtrq

Windows Analysis Report
dOuC8iH5As.exe