Edit tour

Windows Analysis Report
windows.ps1

Overview

General Information

Sample name:	windows.ps1
Analysis ID:	1627419
MD5:	ce557fb254b9dd992b073351e1b43e24
SHA1:	c1c8a4ce65c9f71bf0d43beed54394ac8ddcb717
SHA256:	b30e7cf92bdb26c05c226e0d5c82ce839a90cbef61a7a5305bd3fae87905090f
Tags:	ps1user-skocherhan
Infos:

Detection

PureLog Stealer, Vidar

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Suricata IDS alerts for network traffic

Yara detected PureLog Stealer

Yara detected Vidar stealer

.NET source code contains method to dynamically call methods (often used by packers)

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Found many strings related to Crypto-Wallets (likely being stolen)

Found suspicious powershell code related to unpacking or dynamic code loading

Injects a PE file into a foreign processes

Joe Sandbox ML detected suspicious sample

Loading BitLocker PowerShell Module

Monitors registry run keys for changes

Powershell drops PE file

Searches for specific processes (likely to inject)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found decision node followed by non-executed suspicious APIs

Found evasive API chain (date check)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Browser Started with Remote Debugging

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

powershell.exe (PID: 2968 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\windows.ps1" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 1848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 4268 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

updater.exe (PID: 6100 cmdline: "C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe" MD5: 883F93EF63D8FEB7A8C49BE4A5D20B45)

updater.exe (PID: 6980 cmdline: "C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe" MD5: 883F93EF63D8FEB7A8C49BE4A5D20B45)

updater.exe (PID: 1360 cmdline: "C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe" MD5: 883F93EF63D8FEB7A8C49BE4A5D20B45)

chrome.exe (PID: 7584 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7896 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2832 --field-trial-handle=2580,i,1103045790095841079,827422717196003807,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msedge.exe (PID: 5024 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7964 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2584 --field-trial-handle=2332,i,5502495860473688060,2624162897974567414,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7812 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 1852 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2420,i,7148429710888670997,2582854956049312461,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

cmd.exe (PID: 2516 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\8gdtj" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 8052 cmdline: timeout /t 11 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

WerFault.exe (PID: 7208 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 1108 MD5: C31336C1EFC2CCB44B4326EA793040F2)

notepad.exe (PID: 6764 cmdline: "C:\Windows\System32\notepad.exe" "C:\Users\user\Desktop\windows.ps1" MD5: 27F71B12CB585541885A31BE22F61C83)

svchost.exe (PID: 7712 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

msedge.exe (PID: 8024 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5248 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1812,i,10174535690204654240,9083580343565929125,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8152 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7400 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2072,i,2634489360948284209,7902460185619878109,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 9164 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6476 --field-trial-handle=2072,i,2634489360948284209,7902460185619878109,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 9176 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6640 --field-trial-handle=2072,i,2634489360948284209,7902460185619878109,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 3092 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5864 --field-trial-handle=2072,i,2634489360948284209,7902460185619878109,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199829660832", "Botnet": "ir7am"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000004.00000000.2096446608.0000000000802000.00000002.00000001.01000000.0000000A.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000006.00000002.2714941979.0000000000400000.00000040.00000400.00020000.00000000.sdmp	infostealer_win_vidar_strings_nov23	Finds Vidar samples based on the specific strings	Sekoia.io	0x1fcca:$str01: MachineID: 0x1ef53:$str02: Work Dir: In memory 0x1fd01:$str03: [Hardware] 0x1fcb3:$str04: VideoCard: 0x1f6b5:$str05: [Processes] 0x1f6c1:$str06: [Software] 0x1efd0:$str07: information.txt 0x1fa36:$str08: %s\* 0x1fa83:$str08: %s\* 0x1f206:$str11: Software\Martin Prikryl\WinSCP 2\Configuration 0x1f59f:$str12: UseMasterPassword 0x1fd0d:$str13: Soft: WinSCP 0x1f7eb:$str14: <Pass encoding="base64"> 0x1fcf0:$str15: Soft: FileZilla 0x1efc2:$str16: passwords.txt 0x1f5ca:$str17: build_id 0x1f679:$str18: file_data
00000004.00000002.2274489224.0000000003D79000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: powershell.exe PID: 2968	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0x67296:$b2: ::FromBase64String( 0x67301:$b2: ::FromBase64String( 0x6736b:$b2: ::FromBase64String( 0x673db:$b2: ::FromBase64String( 0x6744b:$b2: ::FromBase64String( 0x674b4:$b2: ::FromBase64String( 0x67518:$b2: ::FromBase64String( 0x67275:$b3: ::UTF8.GetString( 0x672e0:$b3: ::UTF8.GetString( 0x6734a:$b3: ::UTF8.GetString( 0x673ba:$b3: ::UTF8.GetString( 0x6742a:$b3: ::UTF8.GetString( 0x67493:$b3: ::UTF8.GetString( 0x674f7:$b3: ::UTF8.GetString( 0x211f3:$s1: -join 0x2d823:$s1: -join 0x83a6b:$s1: -join 0x1098c5:$s1: -join 0x1156d8:$s1: -join 0x1227ad:$s1: -join 0x125b7f:$s1: -join
Process Memory Space: updater.exe PID: 1360	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: updater.exe PID: 1360	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
6.2.updater.exe.400000.0.unpack	infostealer_win_vidar_strings_nov23	Finds Vidar samples based on the specific strings	Sekoia.io	0x1e2ca:$str01: MachineID: 0x1d553:$str02: Work Dir: In memory 0x1e301:$str03: [Hardware] 0x1e2b3:$str04: VideoCard: 0x1dcb5:$str05: [Processes] 0x1dcc1:$str06: [Software] 0x1d5d0:$str07: information.txt 0x1e036:$str08: %s\* 0x1e083:$str08: %s\* 0x1d806:$str11: Software\Martin Prikryl\WinSCP 2\Configuration 0x1db9f:$str12: UseMasterPassword 0x1e30d:$str13: Soft: WinSCP 0x1ddeb:$str14: <Pass encoding="base64"> 0x1e2f0:$str15: Soft: FileZilla 0x1d5c2:$str16: passwords.txt 0x1dbca:$str17: build_id 0x1dc79:$str18: file_data
6.2.updater.exe.400000.0.raw.unpack	infostealer_win_vidar_strings_nov23	Finds Vidar samples based on the specific strings	Sekoia.io	0x1fcca:$str01: MachineID: 0x1ef53:$str02: Work Dir: In memory 0x1fd01:$str03: [Hardware] 0x1fcb3:$str04: VideoCard: 0x1f6b5:$str05: [Processes] 0x1f6c1:$str06: [Software] 0x1efd0:$str07: information.txt 0x1fa36:$str08: %s\* 0x1fa83:$str08: %s\* 0x1f206:$str11: Software\Martin Prikryl\WinSCP 2\Configuration 0x1f59f:$str12: UseMasterPassword 0x1fd0d:$str13: Soft: WinSCP 0x1f7eb:$str14: <Pass encoding="base64"> 0x1fcf0:$str15: Soft: FileZilla 0x1efc2:$str16: passwords.txt 0x1f5ca:$str17: build_id 0x1f679:$str18: file_data
4.2.updater.exe.3d79550.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
4.0.updater.exe.800000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
4.2.updater.exe.3d79550.0.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
4.2.updater.exe.3d79550.0.raw.unpack	infostealer_win_vidar_strings_nov23	Finds Vidar samples based on the specific strings	Sekoia.io	0x75aea:$str01: MachineID: 0x74d73:$str02: Work Dir: In memory 0x75b21:$str03: [Hardware] 0x75ad3:$str04: VideoCard: 0x754d5:$str05: [Processes] 0x754e1:$str06: [Software] 0x74df0:$str07: information.txt 0x75856:$str08: %s\* 0x758a3:$str08: %s\* 0x75026:$str11: Software\Martin Prikryl\WinSCP 2\Configuration 0x753bf:$str12: UseMasterPassword 0x75b2d:$str13: Soft: WinSCP 0x7560b:$str14: <Pass encoding="base64"> 0x75b10:$str15: Soft: FileZilla 0x74de2:$str16: passwords.txt 0x753ea:$str17: build_id 0x75499:$str18: file_data
Click to see the 1 entries

Sigma Signatures

System Summary

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe", ParentImage: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe, ParentProcessId: 1360, ParentProcessName: updater.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 7584, ProcessName: chrome.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\windows.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\windows.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5436, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\windows.ps1", ProcessId: 2968, ProcessName: powershell.exe

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Source: File created

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 2968, TargetFilename: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\windows.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\windows.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5436, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\windows.ps1", ProcessId: 2968, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7712, ProcessName: svchost.exe

Suricata Signatures

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-02T10:31:21.138116+0100	2044247	1	Malware Command and Control Activity Detected	116.202.176.139	443	192.168.2.5	49715	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-02T10:31:22.477517+0100	2051831	1	Malware Command and Control Activity Detected	116.202.176.139	443	192.168.2.5	49716	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-02T10:31:22.477228+0100	2049087	1	A Network Trojan was detected	192.168.2.5	49716	116.202.176.139	443	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-02T10:31:23.865338+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.5	49717	116.202.176.139	443	TCP
2025-03-02T10:31:25.578390+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.5	49719	116.202.176.139	443	TCP
2025-03-02T10:31:25.969980+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.5	49721	116.202.176.139	443	TCP
2025-03-02T10:31:26.959448+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.5	49724	116.202.176.139	443	TCP
2025-03-02T10:31:28.106529+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.5	49731	116.202.176.139	443	TCP
2025-03-02T10:31:37.028829+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.5	49809	116.202.176.139	443	TCP
2025-03-02T10:31:38.401186+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.5	49824	116.202.176.139	443	TCP
2025-03-02T10:31:38.665921+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.5	49817	116.202.176.139	443	TCP
2025-03-02T10:31:39.580464+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.5	49830	116.202.176.139	443	TCP
2025-03-02T10:31:40.465607+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.5	49841	116.202.176.139	443	TCP
2025-03-02T10:32:00.868451+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.5	50012	116.202.176.139	443	TCP
2025-03-02T10:32:01.430812+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.5	50035	116.202.176.139	443	TCP
2025-03-02T10:32:02.944007+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.5	50058	116.202.176.139	443	TCP
2025-03-02T10:32:03.962797+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.5	50075	116.202.176.139	443	TCP
2025-03-02T10:32:08.643377+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.5	50102	116.202.176.139	443	TCP
2025-03-02T10:32:12.037096+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.5	50129	116.202.176.139	443	TCP

ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-02T10:31:25.969980+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.5	49721	116.202.176.139	443	TCP
2025-03-02T10:31:26.959448+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.5	49724	116.202.176.139	443	TCP
2025-03-02T10:31:28.106529+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.5	49731	116.202.176.139	443	TCP
2025-03-02T10:31:38.401186+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.5	49824	116.202.176.139	443	TCP
2025-03-02T10:31:39.580464+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.5	49830	116.202.176.139	443	TCP
2025-03-02T10:31:40.465607+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.5	49841	116.202.176.139	443	TCP
2025-03-02T10:32:01.430812+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.5	50035	116.202.176.139	443	TCP
2025-03-02T10:32:02.944007+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.5	50058	116.202.176.139	443	TCP
2025-03-02T10:32:03.962797+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.5	50075	116.202.176.139	443	TCP

ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-02T10:31:18.502304+0100	2859378	1	Malware Command and Control Activity Detected	192.168.2.5	49709	116.202.176.139	443	TCP

Joe Security ANOMALY Windows PowerShell HTTP PE File Download

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-02T10:31:12.723114+0100	1810003	2	Potentially Bad Traffic	216.218.206.62	443	192.168.2.5	49704	TCP

Joe Security ANOMALY Windows PowerShell HTTP activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-02T10:31:12.659143+0100	1810000	2	Potentially Bad Traffic	192.168.2.5	49704	216.218.206.62	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000004.00000002.2274489224.0000000003D79000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199829660832", "Botnet": "ir7am"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe

ReversingLabs: Detection: 50%

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.7% probability

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_00406A10 StrStrA,lstrlenA,LocalAlloc,CryptUnprotectData,LocalAlloc,LocalFree,lstrlenA,	6_2_00406A10
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_00410830 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,GetProcessHeap,HeapFree,	6_2_00410830
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_0040A150 BCryptCloseAlgorithmProvider,BCryptDestroyKey,BCryptCloseAlgorithmProvider,	6_2_0040A150
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_00406CF0 LocalAlloc,BCryptDecrypt,	6_2_00406CF0
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_00406940 BCryptCloseAlgorithmProvider,BCryptDestroyKey,	6_2_00406940
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_0040A560 StrCmpCA,BCryptCloseAlgorithmProvider,BCryptDestroyKey,BCryptCloseAlgorithmProvider,BCryptDestroyKey,	6_2_0040A560
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_00406980 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,BCryptCloseAlgorithmProvider,BCryptDestroyKey,	6_2_00406980

Source: unknown	HTTPS traffic detected: 216.218.206.62:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.202.176.139:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.202.176.139:443 -> 192.168.2.5:49713 version: TLS 1.2

Source:	Binary string: System.Windows.Forms.pdb source: WER99F7.tmp.dmp.9.dr
Source:	Binary string: System.Windows.Forms.pdb`dl source: WER99F7.tmp.dmp.9.dr
Source:	Binary string: mscorlib.pdb source: WER99F7.tmp.dmp.9.dr
Source:	Binary string: System.ni.pdbRSDS source: WER99F7.tmp.dmp.9.dr
Source:	Binary string: mscorlib.ni.pdb source: WER99F7.tmp.dmp.9.dr
Source:	Binary string: System.pdb) source: WER99F7.tmp.dmp.9.dr
Source:	Binary string: Writers.pdb source: updater.exe, 00000004.00000000.2096446608.0000000000802000.00000002.00000001.01000000.0000000A.sdmp, updater.exe, 00000004.00000002.2274489224.0000000003D79000.00000004.00000800.00020000.00000000.sdmp, WER99F7.tmp.dmp.9.dr
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER99F7.tmp.dmp.9.dr
Source:	Binary string: System.ni.pdb source: WER99F7.tmp.dmp.9.dr
Source:	Binary string: System.pdb source: WER99F7.tmp.dmp.9.dr

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_00414E70 wsprintfA,FindFirstFileA,DeleteFileA,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,	6_2_00414E70
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_00407210 ExpandEnvironmentStringsA,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,CopyFileA,DeleteFileA,StrCmpCA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,	6_2_00407210
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_0040B6B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindClose,	6_2_0040B6B0
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_00415EB0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,	6_2_00415EB0
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_00408360 FindFirstFileA,CopyFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindClose,	6_2_00408360
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_00413FD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,	6_2_00413FD0
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_004013F0 FindFirstFileA,FindClose,FindNextFileA,strlen,FindFirstFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,DeleteFileA,FindClose,	6_2_004013F0
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_00413580 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindClose,	6_2_00413580
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_004097B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,	6_2_004097B0
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_0040ACD0 wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,lstrlenA,DeleteFileA,CopyFileA,FindClose,	6_2_0040ACD0
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_00408C90 lstrcpyA,lstrcatA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,FindClose,DeleteFileA,_invalid_parameter_noinfo_noreturn,	6_2_00408C90
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_00414950 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,strlen,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	6_2_00414950
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_00409560 ??2@YAPAXI@Z,??2@YAPAXI@Z,_invalid_parameter_noinfo_noreturn,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,	6_2_00409560

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe

Code function: 6_2_00413AF0 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,

6_2_00413AF0

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 9MB later: 38MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49717 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49719 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.5:49716 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.5:49709 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.202.176.139:443 -> 192.168.2.5:49716
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49731 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49731 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49809 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49721 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49721 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49817 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.202.176.139:443 -> 192.168.2.5:49715
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49830 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49830 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49724 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49724 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49841 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49841 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:50012 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:50035 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:50035 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:50058 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:50058 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:50075 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:50075 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49824 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49824 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:50102 -> 116.202.176.139:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:50129 -> 116.202.176.139:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://steamcommunity.com/profiles/76561199829660832

Source: global traffic

HTTP traffic detected: GET /l793oy HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 20.189.173.6 20.189.173.6
Source: Joe Sandbox View	IP Address: 2.22.242.11 2.22.242.11
Source: Joe Sandbox View	IP Address: 20.125.209.212 20.125.209.212
Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic	Suricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.5:49704 -> 216.218.206.62:443
Source: Network traffic	Suricata IDS: 1810003 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP PE File Download : 216.218.206.62:443 -> 192.168.2.5:49704

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.6
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.6
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.6
Source: unknown	TCP traffic detected without corresponding DNS query: 20.125.209.212
Source: unknown	TCP traffic detected without corresponding DNS query: 20.125.209.212
Source: unknown	TCP traffic detected without corresponding DNS query: 20.125.209.212
Source: unknown	TCP traffic detected without corresponding DNS query: 108.139.47.108
Source: unknown	TCP traffic detected without corresponding DNS query: 108.139.47.108
Source: unknown	TCP traffic detected without corresponding DNS query: 108.139.47.108
Source: unknown	TCP traffic detected without corresponding DNS query: 108.139.47.108
Source: unknown	TCP traffic detected without corresponding DNS query: 108.139.47.108
Source: unknown	TCP traffic detected without corresponding DNS query: 108.139.47.108
Source: unknown	TCP traffic detected without corresponding DNS query: 108.139.47.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.125.209.212
Source: unknown	TCP traffic detected without corresponding DNS query: 20.125.209.212
Source: unknown	TCP traffic detected without corresponding DNS query: 20.125.209.212
Source: unknown	TCP traffic detected without corresponding DNS query: 20.125.209.212
Source: unknown	TCP traffic detected without corresponding DNS query: 108.139.47.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.125.209.212
Source: unknown	TCP traffic detected without corresponding DNS query: 108.139.47.108
Source: unknown	TCP traffic detected without corresponding DNS query: 108.139.47.108
Source: unknown	TCP traffic detected without corresponding DNS query: 108.139.47.108
Source: unknown	TCP traffic detected without corresponding DNS query: 108.139.47.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.6
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.6
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.6
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.6
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.6
Source: unknown	TCP traffic detected without corresponding DNS query: 20.125.209.212
Source: unknown	TCP traffic detected without corresponding DNS query: 20.125.209.212
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.85.14
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.85.14
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.85.14
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.85.14
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.85.14
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.85.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.219
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.85.17
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.85.17
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.85.17
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.6
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.6
Source: unknown	TCP traffic detected without corresponding DNS query: 108.139.47.108
Source: unknown	TCP traffic detected without corresponding DNS query: 108.139.47.108

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe

Code function: 6_2_00403850 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,

6_2_00403850

Source: global traffic	HTTP traffic detected: GET /build.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: vx-events.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /l793oy HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0Host: z.formaxprime.co.ukConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8NP2y291iiPDmfAN0GV3dvCuqlYA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.af337c502c230a9902a8.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.6sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=36C25BAB4F1340F19E34A9A169D95054.RefC=2025-03-02T09:31:55Z; USRLOC=; MUID=041B6088E6906C42136E752BE71A6DB9; MUIDB=041B6088E6906C42136E752BE71A6DB9; _EDGE_S=F=1&SID=29A553A4AA5263C524DE4607AB706288; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.96ac23719317b1928681.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.6sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=36C25BAB4F1340F19E34A9A169D95054.RefC=2025-03-02T09:31:55Z; USRLOC=; MUID=041B6088E6906C42136E752BE71A6DB9; MUIDB=041B6088E6906C42136E752BE71A6DB9; _EDGE_S=F=1&SID=29A553A4AA5263C524DE4607AB706288; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /crx/blobs/ASuc5ohcoRYyASTWkAI21BvR0f-Aos7pzgW3GtD8ImYoX-O9Pl77join3GT-5wpD1vT_nG6xpJ0eds7JOZacv0OYNfBAee3mKSnMDx3-YDnz3J7UxfHM_wfhsyHz9Z8rajAAxlKa5T9frrLlN0KHGfJRu7Y7NseNtZ_M/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_89_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.bd02dd0f5f9b69ef8b17.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.4fa8815283fe3d88a934.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.bb241b5cf88a9a76514e.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.e283502f48dd51b29357.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b?rn=1740907919758&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=041B6088E6906C42136E752BE71A6DB9&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1740907919758&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=36c25bab4f1340f19e34a9a169d95054&activityId=36c25bab4f1340f19e34a9a169d95054&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=041B6088E6906C42136E752BE71A6DB9; _EDGE_S=F=1&SID=29A553A4AA5263C524DE4607AB706288; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":10,"imageId":"BB1msKEt","provider":"CMSImage","userSelected":false},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"myFeed","show_greet":true,"vt_opened":false,"wpo_nx":{"v":"2","wgt":{"src":"default"}}}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=36C25BAB4F1340F19E34A9A169D95054.RefC=2025-03-02T09:31:55Z; USRLOC=; MUID=041B6088E6906C42136E752BE71A6DB9; MUIDB=041B6088E6906C42136E752BE71A6DB9; _EDGE_S=F=1&SID=29A553A4AA5263C524DE4607AB706288; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=327adc22-55ad-4426-abbc-d5475dd2a346; ai_session=0SnT1IIWadrkspE+kpcEO4\|1740907919738\|1740907919738; sptmarket_restored=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=36C25BAB4F1340F19E34A9A169D95054.RefC=2025-03-02T09:31:55Z
Source: global traffic	HTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 10sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 200sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=36C25BAB4F1340F19E34A9A169D95054.RefC=2025-03-02T09:31:55Z; USRLOC=; MUID=041B6088E6906C42136E752BE71A6DB9; MUIDB=041B6088E6906C42136E752BE71A6DB9; _EDGE_S=F=1&SID=29A553A4AA5263C524DE4607AB706288; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=327adc22-55ad-4426-abbc-d5475dd2a346; ai_session=0SnT1IIWadrkspE+kpcEO4\|1740907919738\|1740907919738; sptmarket_restored=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=8\|RefA=36C25BAB4F1340F19E34A9A169D95054.RefC=2025-03-02T09:31:55Z
Source: global traffic	HTTP traffic detected: GET /b2?rn=1740907919758&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=041B6088E6906C42136E752BE71A6DB9&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1EA51bf09ed271a1925a3401740907921; XID=1EA51bf09ed271a1925a3401740907921
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1740907919758&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=36c25bab4f1340f19e34a9a169d95054&activityId=36c25bab4f1340f19e34a9a169d95054&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=1983429E5D4D47FBA0CCC65FB6494D93&MUID=041B6088E6906C42136E752BE71A6DB9 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=041B6088E6906C42136E752BE71A6DB9; _EDGE_S=F=1&SID=29A553A4AA5263C524DE4607AB706288; _EDGE_V=1; SM=T; msnup=%7B%22cnex%22%3A%22no%22%7D

Source: chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2335068592.000032FC000DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000003.2256917259.000032FC00F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2257032396.000032FC00658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2256985631.000032FC00F74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 0000000C.00000003.2256917259.000032FC00F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2257032396.000032FC00658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2256985631.000032FC00F74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.2343366246.000032FC010BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2341649595.000032FC00D44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.2341649595.000032FC00D44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytcai equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.2343366246.000032FC010BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytcaogl equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.2345937882.000032FC01B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343802719.000032FC012A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.2345937882.000032FC01B88000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlP equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.2343802719.000032FC012A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.2345937882.000032FC01B88000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlnjb equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.2338272406.000032FC006FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: vx-events.com
Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: z.formaxprime.co.uk
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----asjwlxlfkfukfusjmym7User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0Host: z.formaxprime.co.ukContent-Length: 255Connection: Keep-AliveCache-Control: no-cache

Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970b
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970f
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551e
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421c
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906(
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338596705.000032FC007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338596705.000032FC007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 0000000C.00000002.2337791643.000032FC005CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: powershell.exe, 00000000.00000002.2845291561.00000000075BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: svchost.exe, 0000000D.00000002.3319990213.0000022623600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: svchost.exe, 0000000D.00000003.2248277690.0000022623440000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: chrome.exe, 0000000C.00000002.2334807768.000032FC0006A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 0000000C.00000003.2257835894.000032FC01044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258204760.000032FC00F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258051287.000032FC01054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258365593.000032FC01070000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jsbin.com/temexa/4.
Source: powershell.exe, 00000000.00000002.2837604924.0000000005ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000000.00000002.2829947261.0000000004FC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: chrome.exe, 0000000C.00000002.2336053938.000032FC002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2257835894.000032FC01044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259257422.000032FC00658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258886215.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259559883.000032FC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259435758.000032FC0112C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258204760.000032FC00F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258844997.000032FC00770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258953623.000032FC00F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258051287.000032FC01054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258365593.000032FC01070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258803560.000032FC00C6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258114723.000032FC010A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 0000000C.00000002.2336053938.000032FC002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2257835894.000032FC01044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259257422.000032FC00658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258886215.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259559883.000032FC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259435758.000032FC0112C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258204760.000032FC00F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258844997.000032FC00770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258953623.000032FC00F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258051287.000032FC01054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258365593.000032FC01070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258803560.000032FC00C6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258114723.000032FC010A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 0000000C.00000002.2336053938.000032FC002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2257835894.000032FC01044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259257422.000032FC00658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258886215.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259559883.000032FC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259435758.000032FC0112C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258204760.000032FC00F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258844997.000032FC00770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258953623.000032FC00F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258051287.000032FC01054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258365593.000032FC01070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258803560.000032FC00C6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258114723.000032FC010A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 0000000C.00000002.2336053938.000032FC002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2257835894.000032FC01044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259257422.000032FC00658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258886215.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259559883.000032FC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259435758.000032FC0112C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258204760.000032FC00F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258844997.000032FC00770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258953623.000032FC00F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258051287.000032FC01054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258365593.000032FC01070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258803560.000032FC00C6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2258114723.000032FC010A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 0000000C.00000002.2339388823.000032FC0096C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: chrome.exe, 0000000C.00000002.2339486109.000032FC009AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 0000000C.00000002.2339486109.000032FC009AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs2
Source: powershell.exe, 00000000.00000002.2829947261.0000000005158000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000000.00000002.2829947261.0000000004E71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000000.00000002.2829947261.0000000005158000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: chrome.exe, 0000000C.00000002.2339530159.000032FC009CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 0000000C.00000002.2339530159.000032FC009CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/U
Source: Amcache.hve.9.dr	String found in binary or memory: http://upx.sf.net
Source: powershell.exe, 00000000.00000002.2829947261.0000000004FC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: chrome.exe, 0000000C.00000002.2339573146.000032FC009E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.gstatic.com/generate_204
Source: updater.exe, 00000006.00000002.2721092356.0000000004191000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338528752.000032FC00794000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 0000000C.00000002.2334991465.000032FC000AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2336559026.000032FC003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2340552564.000032FC00BA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 0000000C.00000002.2334576974.000032FC00012000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout%
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 0000000C.00000003.2275295657.000032FC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 0000000C.00000003.2275295657.000032FC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 0000000C.00000003.2275295657.000032FC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 0000000C.00000002.2335028056.000032FC000C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 0000000C.00000002.2335028056.000032FC000C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 0000000C.00000002.2335028056.000032FC000C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 0000000C.00000002.2334991465.000032FC000AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: powershell.exe, 00000000.00000002.2829947261.0000000004E71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lBjq
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161m
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319$
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320z
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847n
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254797398.000032FC00AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253310977.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2254736422.000032FC0038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2378058676.000018D000354000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000003.2373578514.000018D000368000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2483489044.000015FC00444000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 0000000C.00000003.2275295657.000032FC002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2275399458.000032FC0142C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2276277219.000032FC01460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: chrome.exe, 0000000C.00000002.2345800477.000032FC01AE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes
Source: msedge.exe, 00000010.00000002.2384815477.000002427D753000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.com
Source: msedge.exe, 00000014.00000002.2534759050.00000263474AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comse
Source: updater.exe, 00000006.00000002.2719175296.0000000003DE0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, uk6f3e.6.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: updater.exe, 00000006.00000002.2719175296.0000000003DE0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, uk6f3e.6.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: chrome.exe, 0000000C.00000002.2336968526.000032FC00448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338351061.000032FC00734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343042317.000032FC00FCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 0000000C.00000002.2340504100.000032FC00B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: updater.exe, 00000006.00000002.2721092356.0000000004191000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: chrome.exe, 0000000C.00000002.2340599800.000032FC00BC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 0000000C.00000002.2340599800.000032FC00BC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: updater.exe, 00000006.00000002.2721092356.0000000004191000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: chrome.exe, 0000000C.00000002.2340275061.000032FC00B18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 0000000C.00000002.2340275061.000032FC00B18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 0000000C.00000002.2340275061.000032FC00B18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 0000000C.00000002.2337896890.000032FC00618000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 0000000C.00000003.2248355632.000032FC0043C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.2385911298.000018D00017C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2548840744.000015FC0017C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: manifest.json.22.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: chrome.exe, 0000000C.00000002.2337791643.000032FC005CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 0000000C.00000002.2339573146.000032FC009E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343690726.000032FC0111C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2340897825.000032FC00C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343542729.000032FC010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2340599800.000032FC00BC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 0000000C.00000003.2254082199.000032FC00CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2253988788.000032FC00C6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2263520823.000032FC00CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2256403964.000032FC00CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2255440898.000032FC00CB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 0000000C.00000002.2334091620.0000213400920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2245257431.0000213400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2244922228.000021340071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 0000000C.00000002.2334091620.0000213400920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2245257431.0000213400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2244922228.000021340071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 0000000C.00000002.2334091620.0000213400920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 0000000C.00000003.2285686746.000032FC01950000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2334091620.0000213400920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2245257431.0000213400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2244922228.000021340071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 0000000C.00000003.2285686746.000032FC01950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 0000000C.00000002.2334765448.000032FC0003C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.2385911298.000018D00017C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2548840744.000015FC0017C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.22.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 0000000C.00000002.2342407218.000032FC00E70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/g%
Source: 249349de-800e-4a01-ac74-78c280025be2.tmp.24.dr	String found in binary or memory: https://clients2.google.com
Source: chrome.exe, 0000000C.00000003.2239014305.00001114002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2239048642.00001114002E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338319827.000032FC0071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2339388823.000032FC0096C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2334765448.000032FC0003C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2248355632.000032FC0043C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.2385139738.000018D000040000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2547496989.000015FC00040000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 249349de-800e-4a01-ac74-78c280025be2.tmp.24.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: chrome.exe, 0000000C.00000002.2339486109.000032FC009AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 0000000C.00000002.2339486109.000032FC009AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 0000000C.00000002.2338351061.000032FC00734000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 0000000C.00000002.2337791643.000032FC005CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: updater.exe, 00000006.00000002.2719175296.0000000003DE0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, uk6f3e.6.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: updater.exe, 00000006.00000002.2719175296.0000000003DE0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, uk6f3e.6.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: powershell.exe, 00000000.00000002.2837604924.0000000005ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000000.00000002.2837604924.0000000005ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000000.00000002.2837604924.0000000005ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: chrome.exe, 0000000C.00000002.2339966567.000032FC00A70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: 2cc80dabc69f58b6_0.22.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: chrome.exe, 0000000C.00000002.2336231179.000032FC0030C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.goog
Source: chrome.exe, 0000000C.00000002.2336231179.000032FC0030C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.googl0
Source: chrome.exe, 0000000C.00000003.2248355632.000032FC0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 0000000C.00000002.2343366246.000032FC010BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2293834797.000032FC01C6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2346300562.000032FC01C70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/
Source: chrome.exe, 0000000C.00000002.2344105294.000032FC01487000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 0000000C.00000002.2342407218.000032FC00E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343614748.000032FC010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2345877421.000032FC01B3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2344105294.000032FC01487000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 0000000C.00000002.2344105294.000032FC01487000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
Source: chrome.exe, 0000000C.00000002.2343366246.000032FC010BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/dogl
Source: chrome.exe, 0000000C.00000002.2345937882.000032FC01B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2341649595.000032FC00D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2344105294.000032FC01487000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000C.00000002.2345937882.000032FC01B88000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultP
Source: chrome.exe, 0000000C.00000002.2341649595.000032FC00D44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultlt
Source: chrome.exe, 0000000C.00000002.2345937882.000032FC01B88000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult
Source: chrome.exe, 0000000C.00000003.2293834797.000032FC01C6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2346300562.000032FC01C70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/njb
Source: chrome.exe, 0000000C.00000002.2338528752.000032FC00794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2337022215.000032FC00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338561806.000032FC007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2342863148.000032FC00F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000000C.00000002.2338528752.000032FC00794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2337022215.000032FC00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338561806.000032FC007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2342863148.000032FC00F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000000C.00000002.2338528752.000032FC00794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2337022215.000032FC00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338561806.000032FC007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2342863148.000032FC00F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 0000000C.00000003.2293834797.000032FC01C6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2346300562.000032FC01C70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/
Source: chrome.exe, 0000000C.00000002.2344105294.000032FC01487000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 0000000C.00000002.2342407218.000032FC00E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2344105294.000032FC01487000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2340897825.000032FC00C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 0000000C.00000002.2344105294.000032FC01487000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 0000000C.00000002.2345937882.000032FC01B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2344105294.000032FC01487000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000C.00000002.2345937882.000032FC01B88000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_defaultP
Source: chrome.exe, 0000000C.00000002.2345937882.000032FC01B88000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_defaultag
Source: chrome.exe, 0000000C.00000003.2293834797.000032FC01C6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2346300562.000032FC01C70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/ogl
Source: chrome.exe, 0000000C.00000002.2336968526.000032FC00448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338351061.000032FC00734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343042317.000032FC00FCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000000C.00000002.2338351061.000032FC00734000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actionsRun
Source: chrome.exe, 0000000C.00000002.2343419654.000032FC010D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/
Source: chrome.exe, 0000000C.00000002.2343419654.000032FC010D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/2
Source: chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 0000000C.00000002.2342407218.000032FC00E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343614748.000032FC010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 0000000C.00000002.2342407218.000032FC00E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2345937882.000032FC01B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000C.00000002.2345937882.000032FC01B88000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_defaultP
Source: chrome.exe, 0000000C.00000002.2343419654.000032FC010D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/oglp
Source: chrome.exe, 0000000C.00000002.2336968526.000032FC00448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338351061.000032FC00734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343042317.000032FC00FCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000000C.00000003.2248355632.000032FC0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 0000000C.00000003.2248355632.000032FC0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 0000000C.00000003.2248355632.000032FC0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 0000000C.00000002.2336231179.000032FC0030C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-2.corp
Source: chrome.exe, 0000000C.00000003.2248355632.000032FC0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 0000000C.00000002.2336231179.000032FC0030C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 0000000C.00000003.2248355632.000032FC0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 0000000C.00000002.2336231179.000032FC0030C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-4.c
Source: chrome.exe, 0000000C.00000003.2248355632.000032FC0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 0000000C.00000002.2336231179.000032FC0030C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.go
Source: chrome.exe, 0000000C.00000003.2248355632.000032FC0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 0000000C.00000003.2248355632.000032FC0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 0000000C.00000003.2248355632.000032FC0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 0000000C.00000003.2248355632.000032FC0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 0000000C.00000003.2259435758.000032FC0112C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 0000000C.00000003.2248355632.000032FC0043C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/=
Source: chrome.exe, 0000000C.00000002.2343366246.000032FC010BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 0000000C.00000002.2343366246.000032FC010BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2ation.Result
Source: chrome.exe, 0000000C.00000002.2343366246.000032FC010BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2dice
Source: chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/O
Source: chrome.exe, 0000000C.00000002.2345877421.000032FC01B3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2340897825.000032FC00C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338272406.000032FC006FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2342863148.000032FC00F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000C.00000002.2339388823.000032FC0096C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2340599800.000032FC00BC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 0000000C.00000002.2339388823.000032FC0096C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 0000000C.00000002.2338528752.000032FC00794000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: updater.exe, 00000006.00000002.2721092356.0000000004191000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2340599800.000032FC00BC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 0000000C.00000002.2340599800.000032FC00BC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: updater.exe, 00000006.00000002.2721092356.0000000004191000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chrome.exe, 0000000C.00000002.2340599800.000032FC00BC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icondTripTime
Source: 249349de-800e-4a01-ac74-78c280025be2.tmp.24.dr	String found in binary or memory: https://edgeassetservice.azureedge.net
Source: HubApps Icons.22.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: HubApps Icons.22.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: HubApps Icons.22.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: HubApps Icons.22.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: HubApps Icons.22.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: HubApps Icons.22.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: HubApps Icons.22.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: HubApps Icons.22.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: svchost.exe, 0000000D.00000003.2248277690.00000226234B3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 0000000D.00000003.2248277690.0000022623440000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: powershell.exe, 00000000.00000002.2829947261.0000000004FC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000000.00000002.2848931801.0000000008554000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://go.micros
Source: chrome.exe, 0000000C.00000003.2285686746.000032FC01950000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2334091620.0000213400920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 0000000C.00000003.2285686746.000032FC01950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/%
Source: chrome.exe, 0000000C.00000003.2285686746.000032FC01950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/(
Source: chrome.exe, 0000000C.00000003.2285686746.000032FC01950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com//
Source: chrome.exe, 0000000C.00000003.2285686746.000032FC01950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2245257431.0000213400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2244922228.000021340071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 0000000C.00000003.2285686746.000032FC01950000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/K
Source: chrome.exe, 0000000C.00000003.2285686746.000032FC01950000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2334091620.0000213400920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2245257431.0000213400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2244922228.000021340071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2334576974.000032FC00012000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.2386528768.000018D000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2549783225.000015FC002C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 0000000C.00000002.2337791643.000032FC005CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: uk6f3e.6.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: msedge.exe, 00000014.00000003.2482617211.000015FC00430000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 0000000C.00000002.2338528752.000032FC00794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2337022215.000032FC00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338561806.000032FC007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2342863148.000032FC00F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 0000000C.00000002.2338528752.000032FC00794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2337022215.000032FC00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338561806.000032FC007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2342863148.000032FC00F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 0000000C.00000003.2282279603.000032FC01D9C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 0000000C.00000003.2282279603.000032FC01D9C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 0000000C.00000003.2282279603.000032FC01D9C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 0000000C.00000003.2245257431.0000213400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2244922228.000021340071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 0000000C.00000002.2334023286.0000213400904000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 0000000C.00000003.2244922228.000021340071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 0000000C.00000002.2336639773.000032FC0040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 0000000C.00000003.2259257422.000032FC00658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259559883.000032FC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259435758.000032FC0112C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 0000000C.00000003.2259257422.000032FC00658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259559883.000032FC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259435758.000032FC0112C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 0000000C.00000003.2245257431.0000213400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2244922228.000021340071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 0000000C.00000003.2245918558.000021340087C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2334091620.0000213400920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 0000000C.00000003.2244922228.000021340071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 0000000C.00000002.2334091620.0000213400920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_202309180=
Source: chrome.exe, 0000000C.00000002.2334091620.0000213400920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusP
Source: chrome.exe, 0000000C.00000002.2333981766.00002134008D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2247498713.000032FC001C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 0000000C.00000002.2340552564.000032FC00BA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/
Source: chrome.exe, 0000000C.00000002.2340552564.000032FC00BA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/2
Source: chrome.exe, 0000000C.00000002.2344105294.000032FC01487000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 0000000C.00000002.2336639773.000032FC0040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: chrome.exe, 0000000C.00000002.2342407218.000032FC00E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343614748.000032FC010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2344105294.000032FC01487000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2340897825.000032FC00C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 0000000C.00000002.2344105294.000032FC01487000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 0000000C.00000002.2342407218.000032FC00E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343614748.000032FC010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2335100861.000032FC000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2344105294.000032FC01487000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338272406.000032FC006FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: msedge.exe, 00000010.00000002.2386528768.000018D000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2549783225.000015FC002C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.cn/
Source: msedge.exe, 00000010.00000002.2386528768.000018D000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2549783225.000015FC002C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.com/
Source: chrome.exe, 0000000C.00000002.2336968526.000032FC00448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338351061.000032FC00734000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343042317.000032FC00FCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 0000000C.00000002.2338528752.000032FC00794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2337551706.000032FC0054C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2337350560.000032FC004BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 0000000C.00000002.2337551706.000032FC0054C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyf
Source: chrome.exe, 0000000C.00000002.2337551706.000032FC0054C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2337350560.000032FC004BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
Source: chrome.exe, 0000000C.00000002.2337551706.000032FC0054C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2337350560.000032FC004BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 0000000C.00000002.2339388823.000032FC00987000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2339486109.000032FC009AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: 2cc80dabc69f58b6_0.22.dr	String found in binary or memory: https://ntp.msn.com
Source: 000003.log0.22.dr	String found in binary or memory: https://ntp.msn.com/
Source: 2cc80dabc69f58b6_0.22.dr	String found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
Source: powershell.exe, 00000000.00000002.2837604924.0000000005ED9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: msedge.exe, 00000010.00000002.2386528768.000018D000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2549783225.000015FC002C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://office.net/
Source: chrome.exe, 0000000C.00000003.2276240246.000032FC01384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2275699128.000032FC013D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2275399458.000032FC0142C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2276277219.000032FC01460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 0000000C.00000002.2340275061.000032FC00B18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 0000000C.00000003.2276240246.000032FC01384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2275699128.000032FC013D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2275399458.000032FC0142C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2276277219.000032FC01460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 0000000C.00000003.2276240246.000032FC01384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2275699128.000032FC013D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2275399458.000032FC0142C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2276277219.000032FC01460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 0000000C.00000002.2341852195.000032FC00DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2341922758.000032FC00DC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2341887365.000032FC00DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343802719.000032FC012A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 0000000C.00000002.2342596214.000032FC00ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2334877790.000032FC00074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2339573146.000032FC009E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2341922758.000032FC00DC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2342144860.000032FC00E18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2341887365.000032FC00DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2337022215.000032FC00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2335799048.000032FC0027C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 0000000C.00000002.2341922758.000032FC00DC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2342144860.000032FC00E18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2341887365.000032FC00DB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 0000000C.00000002.2341922758.000032FC00DC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2341887365.000032FC00DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343802719.000032FC012A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 0000000C.00000002.2341922758.000032FC00DC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2342144860.000032FC00E18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2341887365.000032FC00DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343802719.000032FC012A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 0000000C.00000003.2256219856.000032FC00770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2336017091.000032FC002D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2341922758.000032FC00DC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2341887365.000032FC00DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343802719.000032FC012A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 0000000C.00000002.2340157433.000032FC00ABC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2341922758.000032FC00DC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2341887365.000032FC00DB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 0000000C.00000002.2340504100.000032FC00B68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2340018869.000032FC00A94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 0000000C.00000002.2337022215.000032FC00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: msedge.exe, 00000010.00000003.2372662979.000018D000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482239415.000015FC00274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2481964583.000015FC00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/AddSession
Source: msedge.exe, 00000010.00000003.2372662979.000018D000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482239415.000015FC00274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2481964583.000015FC00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/Logout
Source: msedge.exe, 00000014.00000003.2482239415.000015FC00274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2481964583.000015FC00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/LogoutYxAB
Source: msedge.exe, 00000010.00000003.2372662979.000018D000270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
Source: msedge.exe, 00000010.00000003.2372662979.000018D000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482239415.000015FC00274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2481964583.000015FC00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/MergeSession
Source: msedge.exe, 00000010.00000003.2372662979.000018D000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482239415.000015FC00274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2481964583.000015FC00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/OAuthLogin
Source: msedge.exe, 00000010.00000003.2372662979.000018D000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482239415.000015FC00274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2481964583.000015FC00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
Source: msedge.exe, 00000010.00000003.2372662979.000018D000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482239415.000015FC00274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2481964583.000015FC00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
Source: msedge.exe, 00000010.00000003.2372662979.000018D000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482239415.000015FC00274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2481964583.000015FC00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
Source: msedge.exe, 00000010.00000003.2372662979.000018D000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482239415.000015FC00274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2481964583.000015FC00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
Source: msedge.exe, 00000010.00000003.2372662979.000018D000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482239415.000015FC00274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2481964583.000015FC00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
Source: msedge.exe, 00000010.00000003.2372662979.000018D000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482239415.000015FC00274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2481964583.000015FC00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
Source: msedge.exe, 00000010.00000003.2372662979.000018D000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482239415.000015FC00274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2481964583.000015FC00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
Source: msedge.exe, 00000010.00000003.2372662979.000018D000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482239415.000015FC00274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2481964583.000015FC00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
Source: msedge.exe, 00000010.00000003.2372662979.000018D000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2482239415.000015FC00274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2481964583.000015FC00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
Source: chrome.exe, 0000000C.00000002.2339388823.000032FC00987000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2339486109.000032FC009AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 0000000C.00000003.2259257422.000032FC00658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259559883.000032FC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2259435758.000032FC0112C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 0000000C.00000002.2343802719.000032FC012A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chrome.exe, 0000000C.00000002.2343614748.000032FC010F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2342596214.000032FC00ED4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true2
Source: chrome.exe, 0000000C.00000002.2339486109.000032FC009AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 0000000C.00000002.2334991465.000032FC000AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 0000000C.00000002.2334877790.000032FC00074000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comb
Source: chrome.exe, 0000000C.00000002.2338528752.000032FC00794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2337022215.000032FC00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338561806.000032FC007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2342863148.000032FC00F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000000C.00000002.2338528752.000032FC00794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2337022215.000032FC00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338561806.000032FC007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2342863148.000032FC00F64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 0000000C.00000003.2275295657.000032FC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 0000000C.00000002.2336639773.000032FC0040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: updater.exe, updater.exe, 00000006.00000002.2714941979.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199829660832
Source: updater.exe, 00000006.00000002.2714941979.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199829660832ir7amMozilla/5.0
Source: updater.exe, 00000006.00000002.2733640837.00000000047E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: updater.exe, 00000006.00000002.2733640837.00000000047E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: updater.exe, 00000006.00000002.2715644110.0000000000FB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: updater.exe, updater.exe, 00000006.00000002.2715644110.0000000000F60000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000006.00000002.2714941979.0000000000400000.00000040.00000400.00020000.00000000.sdmp, updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/l793oy
Source: updater.exe, 00000006.00000002.2714941979.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/l793oyir7amMozilla/5.0
Source: chrome.exe, 0000000C.00000002.2339573146.000032FC009E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tasks.googleapis.com/
Source: powershell.exe, 00000000.00000002.2829947261.0000000004FC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vx-events.com
Source: powershell.exe, 00000000.00000002.2829947261.0000000004FC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vx-events.com/build.exe
Source: updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: updater.exe, 00000006.00000002.2719175296.0000000003DE0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, uk6f3e.6.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: updater.exe, 00000006.00000002.2719175296.0000000003DE0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, uk6f3e.6.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: updater.exe, 00000006.00000002.2721092356.0000000004191000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2340552564.000032FC00BA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 0000000C.00000002.2340504100.000032FC00B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 0000000C.00000002.2340504100.000032FC00B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 0000000C.00000002.2340504100.000032FC00B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 0000000C.00000003.2264223105.000032FC002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2275295657.000032FC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 0000000C.00000003.2264223105.000032FC002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2275295657.000032FC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 0000000C.00000003.2275295657.000032FC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: chrome.exe, 0000000C.00000003.2248355632.000032FC0043C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2337350560.000032FC004BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 0000000C.00000002.2340552564.000032FC00BA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 0000000C.00000002.2338596705.000032FC007D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/CharPk3
Source: chrome.exe, 0000000C.00000002.2342407218.000032FC00E70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 0000000C.00000002.2343690726.000032FC0111C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 0000000C.00000002.2343690726.000032FC0111C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_promospH
Source: content_new.js.22.dr	String found in binary or memory: https://www.google.com/chrome
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2339306866.000032FC0093C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338596705.000032FC007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2342328482.000032FC00E48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 0000000C.00000002.2335653612.000032FC001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2339306866.000032FC0093C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338596705.000032FC007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2342328482.000032FC00E48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: updater.exe, 00000006.00000002.2721092356.0000000004191000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2337791643.000032FC005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2336968526.000032FC00448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338351061.000032FC00734000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 0000000C.00000002.2336639773.000032FC0040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en&tab=ri&ogbl
Source: chrome.exe, 0000000C.00000002.2336639773.000032FC0040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 0000000C.00000003.2259435758.000032FC0112C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 0000000C.00000002.2337022215.000032FC00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 0000000C.00000002.2339721034.000032FC00A24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 0000000C.00000003.2264223105.000032FC002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: 249349de-800e-4a01-ac74-78c280025be2.tmp.24.dr	String found in binary or memory: https://www.googleapis.com
Source: chrome.exe, 0000000C.00000002.2334576974.000032FC00012000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 0000000C.00000003.2281097262.000032FC0180C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 0000000C.00000002.2335728834.000032FC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 0000000C.00000003.2275295657.000032FC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 0000000C.00000003.2275295657.000032FC002A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 0000000C.00000002.2337022215.000032FC00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 0000000C.00000003.2275950471.000032FC013B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 0000000C.00000003.2275724304.000032FC01044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2275221819.000032FC01368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2276066574.000032FC01368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2276240246.000032FC01384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343919855.000032FC013BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2276277219.000032FC01460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2275950471.000032FC013B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 0000000C.00000003.2276240246.000032FC01384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2275699128.000032FC013D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2275399458.000032FC0142C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2276277219.000032FC01460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.ewNYOTtoM3M.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 0000000C.00000003.2276240246.000032FC01384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2275699128.000032FC013D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2275399458.000032FC0142C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2276277219.000032FC01460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.D8RxnyMyyQs.L.W.O/m=qmd
Source: updater.exe, 00000006.00000002.2733640837.00000000047E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: updater.exe, 00000006.00000002.2733640837.00000000047E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: updater.exe, 00000006.00000002.2733640837.00000000047E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: updater.exe, 00000006.00000002.2733640837.00000000047E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: updater.exe, 00000006.00000002.2733640837.00000000047E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: updater.exe, 00000006.00000002.2733640837.00000000047E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: chrome.exe, 0000000C.00000002.2340938226.000032FC00C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 0000000C.00000002.2343366246.000032FC010BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2341649595.000032FC00D44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 0000000C.00000002.2341649595.000032FC00D44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytcai
Source: chrome.exe, 0000000C.00000002.2343366246.000032FC010BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytcaogl
Source: chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 0000000C.00000002.2345937882.000032FC01B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2343802719.000032FC012A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2335068592.000032FC000DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: chrome.exe, 0000000C.00000002.2345937882.000032FC01B88000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlP
Source: chrome.exe, 0000000C.00000002.2343802719.000032FC012A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt
Source: chrome.exe, 0000000C.00000002.2345937882.000032FC01B88000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlnjb
Source: updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk
Source: updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/
Source: updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://z.formaxprime.co.uk/=

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50139
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50141
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443

Source: unknown	HTTPS traffic detected: 216.218.206.62:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.202.176.139:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.202.176.139:443 -> 192.168.2.5:49713 version: TLS 1.2

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe

Code function: 6_2_00410A90 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,malloc,StrCmpCW,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,

6_2_00410A90

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe

Code function: 6_2_00406480 memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,CreateProcessA,Sleep,CloseDesktop,

6_2_00406480

System Summary

Malicious sample detected (through community Yara rule)

Source: 6.2.updater.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: 6.2.updater.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: 4.2.updater.exe.3d79550.0.raw.unpack, type: UNPACKEDPE	Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: 00000006.00000002.2714941979.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
Source: Process Memory Space: powershell.exe PID: 2968, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen

Powershell drops PE file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe

Jump to dropped file

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 4_2_011D6B08	4_2_011D6B08
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 4_2_011D2BB8	4_2_011D2BB8
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 4_2_011D6764	4_2_011D6764
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_00404A20	6_2_00404A20
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_00418630	6_2_00418630
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_0041B770	6_2_0041B770
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_0041B300	6_2_0041B300
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_0041C100	6_2_0041C100
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_004193D0	6_2_004193D0
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 6_2_0041A7D0	6_2_0041A7D0

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: String function: 00410D00 appears 42 times
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: String function: 0040F5B0 appears 135 times

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 1108

Source: 6.2.updater.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: 6.2.updater.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: 4.2.updater.exe.3d79550.0.raw.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: 00000006.00000002.2714941979.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
Source: Process Memory Space: powershell.exe PID: 2968, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution

Source: updater.exe.0.dr	Static PE information: Section: .CSS ZLIB complexity 1.0003622159090908
Source: updater.exe.0.dr	Static PE information: Section: .CSS ZLIB complexity 1.0003622159090908

Source: updater.exe.0.dr, Q5Ig8mfCVyZvvyXFAg.cs	Cryptographic APIs: 'CreateDecryptor'
Source: updater.exe.0.dr, Q5Ig8mfCVyZvvyXFAg.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 4.2.updater.exe.3d79550.0.raw.unpack, Q5Ig8mfCVyZvvyXFAg.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 4.2.updater.exe.3d79550.0.raw.unpack, Q5Ig8mfCVyZvvyXFAg.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winPS1@90/304@29/25

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe

Code function: 6_2_00411250 CreateToolhelp32Snapshot,Process32First,StrCmpCA,Process32Next,StrCmpCA,CloseHandle,

6_2_00411250

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6100
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1848:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2616:120:WilError_03

Source: chrome.exe, 0000000C.00000002.2338010741.000032FC00646000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: pz5x4wbas.6.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: unknown	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\windows.ps1"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\notepad.exe "C:\Windows\System32\notepad.exe" "C:\Users\user\Desktop\windows.ps1"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe "C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe"
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Process created: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe "C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe"
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Process created: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe "C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe"
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 1108
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2832 --field-trial-handle=2580,i,1103045790095841079,827422717196003807,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2584 --field-trial-handle=2332,i,5502495860473688060,2624162897974567414,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1812,i,10174535690204654240,9083580343565929125,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2420,i,7148429710888670997,2582854956049312461,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2072,i,2634489360948284209,7902460185619878109,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6476 --field-trial-handle=2072,i,2634489360948284209,7902460185619878109,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6640 --field-trial-handle=2072,i,2634489360948284209,7902460185619878109,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\8gdtj" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 11
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5864 --field-trial-handle=2072,i,2634489360948284209,7902460185619878109,262144 /prefetch:8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe "C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Process created: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe "C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Process created: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe "C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\8gdtj" & exit	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2832 --field-trial-handle=2580,i,1103045790095841079,827422717196003807,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2584 --field-trial-handle=2332,i,5502495860473688060,2624162897974567414,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1812,i,10174535690204654240,9083580343565929125,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2420,i,7148429710888670997,2582854956049312461,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2072,i,2634489360948284209,7902460185619878109,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6476 --field-trial-handle=2072,i,2634489360948284209,7902460185619878109,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6640 --field-trial-handle=2072,i,2634489360948284209,7902460185619878109,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5864 --field-trial-handle=2072,i,2634489360948284209,7902460185619878109,262144 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 11

Source: Google Drive.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: updater.exe.0.dr, Q5Ig8mfCVyZvvyXFAg.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 4.2.updater.exe.3d79550.0.raw.unpack, Q5Ig8mfCVyZvvyXFAg.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

Source: updater.exe.0.dr	Static PE information: section name: .CSS
Source: updater.exe.0.dr	Static PE information: section name: .CSS

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 0_2_06EB8E30 push FFFFFFC3h; ret	0_2_06EB8E48
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 0_2_06EB0FA0 push eax; ret	0_2_06EB0FAA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 0_2_06EB0FB0 push eax; ret	0_2_06EB0FBA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 0_2_06EB0F90 push eax; ret	0_2_06EB0F9A
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 0_2_06EB0F62 push eax; ret	0_2_06EB0F8A
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 0_2_06EB0F50 push eax; ret	0_2_06EB0F3A
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 0_2_06EB0F20 push eax; ret	0_2_06EB0F3A

Source: updater.exe.0.dr, Q5Ig8mfCVyZvvyXFAg.cs	High entropy of concatenated method names: 'LlkQeSLn9p', 'nW4lBacjpc', 'LHPQ4GTdBG', 'PhfQCwiaLD', 'BEPQ9Me6mA', 'DhuQzDEEr3', 'ACbc8uuZoI', 'YyOWgvKlZ', 'BZalVOWNA', 'o6kS4kmCQ'
Source: updater.exe.0.dr, PSW7RdFBXkIOW3MDXDE.cs	High entropy of concatenated method names: 'YabFnBuv9v', 'z30FPkSge4', 'pWYFvvuwx5', 'dGYF7LISn9', 'gqcFioFXjV', 'hZoFGhLnNr', 'J7PFoxgrrS', 'ulyFbAB7l7', 'zt8Ft45Ptm', 'rHmFjbp6jE'
Source: 4.2.updater.exe.3d79550.0.raw.unpack, Q5Ig8mfCVyZvvyXFAg.cs	High entropy of concatenated method names: 'LlkQeSLn9p', 'nW4lBacjpc', 'LHPQ4GTdBG', 'PhfQCwiaLD', 'BEPQ9Me6mA', 'DhuQzDEEr3', 'ACbc8uuZoI', 'YyOWgvKlZ', 'BZalVOWNA', 'o6kS4kmCQ'
Source: 4.2.updater.exe.3d79550.0.raw.unpack, PSW7RdFBXkIOW3MDXDE.cs	High entropy of concatenated method names: 'YabFnBuv9v', 'z30FPkSge4', 'pWYFvvuwx5', 'dGYF7LISn9', 'gqcFioFXjV', 'hZoFGhLnNr', 'J7PFoxgrrS', 'ulyFbAB7l7', 'zt8Ft45Ptm', 'rHmFjbp6jE'

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Memory allocated: 11D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Memory allocated: 2D70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Memory allocated: 2AD0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5618			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4105			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6540	Thread sleep time: -17524406870024063s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4984	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7776	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\SysWOW64\timeout.exe TID: 7992	Thread sleep count: 80 > 30

Source: Amcache.hve.9.dr	Binary or memory string: VMware
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: Amcache.hve.9.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3320196017.0000022623654000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWl
Source: Amcache.hve.9.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Amcache.hve.9.dr	Binary or memory string: vmci.sys
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Amcache.hve.9.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.9.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.9.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.9.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: Amcache.hve.9.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.9.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.9.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: updater.exe, 00000006.00000002.2715644110.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: od_VMware_SATA_C
Source: Amcache.hve.9.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.9.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.9.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: Amcache.hve.9.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: Amcache.hve.9.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.9.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.9.dr	Binary or memory string: VMware, Inc.
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: Amcache.hve.9.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.9.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.9.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: svchost.exe, 0000000D.00000002.3317209574.000002261E02B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWPqe#&
Source: Amcache.hve.9.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: msedge.exe, 00000010.00000003.2367879138.000018D000380000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware20,1(
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: updater.exe, 00000006.00000002.2715644110.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Amcache.hve.9.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: Amcache.hve.9.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: powershell.exe, 00000000.00000002.2848619630.00000000084A0000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2328223697.00000189CB9A7000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000010.00000002.2383663696.000002427B844000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2529719706.0000026347445000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Amcache.hve.9.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.9.dr	Binary or memory string: vmci.syshbin`
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Amcache.hve.9.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: Amcache.hve.9.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Amcache.hve.9.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: updater.exe, 00000006.00000002.2724803487.00000000043EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: chrome.exe, 0000000C.00000002.2335841166.000032FC00290000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=758f6857-b5d0-4e45-93bc-5b330b5afedc
Source: chrome.exe, 0000000C.00000002.2329378335.00000189CF531000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_@cT

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 4_2_02D752B9 mov edi, dword ptr fs:[00000030h]		4_2_02D752B9
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Code function: 4_2_02D75436 mov edi, dword ptr fs:[00000030h]		4_2_02D75436

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report windows.ps1

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Protection of GUI

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
windows.ps1

Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\notepad.exe	Queries volume information: C:\Users\user\Desktop\windows.ps1 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Queries volume information: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation

Source: Amcache.hve.9.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.9.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.9.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.9.dr	Binary or memory string: MsMpEng.exe

Source: Yara match	File source: 4.2.updater.exe.3d79550.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.updater.exe.800000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.updater.exe.3d79550.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000000.2096446608.0000000000802000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2274489224.0000000003D79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\156066a1-3449-4780-beac-b1fdd13f48c1\updater.exe, type: DROPPED

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: updater.exe PID: 1360, type: MEMORYSTR

Source: updater.exe, 00000006.00000002.2715644110.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: wallet.,seed.,btc.,key.,2fa.,crypto.,coin.,private.,2fa.,auth.,ledger.,trezor.,pass.,wal.,upbit.,bcex.,bithimb.,hitbtc.,bitflyer.,kucoin.,huobi.,poloniex.,kraken.,okex.,binance.,bitfinex.,gdax.,ethereum.,exodus.,metamask.,myetherwallet.,electrum.,bitcoin.,blockchain.,coinomi.,words.,meta.,mask.,eth.,recovery.
Source: updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum\wallets\
Source: updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: exodus.conf.json
Source: updater.exe, 00000006.00000002.2721092356.00000000041D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\
Source: updater.exe, 00000006.00000002.2721092356.00000000041D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: info.seco
Source: updater.exe, 00000006.00000002.2721092356.00000000041D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ElectrumLTC
Source: updater.exe, 00000006.00000002.2721092356.00000000041D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: updater.exe, 00000006.00000002.2721092356.00000000041D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Ethereum\
Source: updater.exe, 00000006.00000002.2715644110.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: wallet.,seed.,btc.,key.,2fa.,crypto.,coin.,private.,2fa.,auth.,ledger.,trezor.,pass.,wal.,upbit.,bcex.,bithimb.,hitbtc.,bitflyer.,kucoin.,huobi.,poloniex.,kraken.,okex.,binance.,bitfinex.,gdax.,ethereum.,exodus.,metamask.,myetherwallet.,electrum.,bitcoin.,blockchain.,coinomi.,words.,meta.,mask.,eth.,recovery.
Source: updater.exe, 00000006.00000002.2715644110.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: wallet.,seed.,btc.,key.,2fa.,crypto.,coin.,private.,2fa.,auth.,ledger.,trezor.,pass.,wal.,upbit.,bcex.,bithimb.,hitbtc.,bitflyer.,kucoin.,huobi.,poloniex.,kraken.,okex.,binance.,bitfinex.,gdax.,ethereum.,exodus.,metamask.,myetherwallet.,electrum.,bitcoin.,blockchain.,coinomi.,words.,meta.,mask.,eth.,recovery.
Source: updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: updater.exe, 00000006.00000002.2721092356.00000000041D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \MultiDoge\
Source: updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: updater.exe, 00000006.00000002.2721092356.00000000041D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: seed.seco
Source: powershell.exe, 00000000.00000002.2847820756.0000000007980000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: sqlcolumnencryptionkeystoreprovider
Source: updater.exe, 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum-LTC\wallets\

Source: Yara match	File source: 00000006.00000002.2715644110.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: updater.exe PID: 1360, type: MEMORYSTR

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	1 Create Account	1 Extra Window Memory Injection	11 Deobfuscate/Decode Files or Information	1 Credentials in Registry	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	311 Process Injection	2 Obfuscated Files or Information	Security Account Manager	4 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Registry Run Keys / Startup Folder	21 Software Packing	NTDS	45 System Information Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	11 Query Registry	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	141 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Extra Window Memory Injection	DCSync	51 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Masquerading	Proc Filesystem	12 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	51 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	311 Process Injection	Network Sniffing	1 System Owner/User Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement