Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe
Analysis ID:1627627
MD5:fc56a30780f873616933d67c072169d0
SHA1:55c5d927e163e31903895012c410cf93e9c3317b
SHA256:069a58a7ed424c5da0fedc7310f757d1080f5baeb731465552518c6fbb3d9d2f
Tags:exeuser-SecuriteInfoCom
Infos:

Detection

Score:84
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Joe Sandbox ML detected suspicious sample
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect virtual machines (SLDT)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe (PID: 3552 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe" MD5: FC56A30780F873616933D67C072169D0)
    • SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe (PID: 4712 cmdline: "C:\Windows\TEMP\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe" -burn.clean.room="C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe" -burn.filehandle.attached=620 -burn.filehandle.self=632 MD5: EB7B7E4070F3204CD47F1177E4DB1B9B)
      • RoboTaskLite.exe (PID: 6000 cmdline: C:\Windows\TEMP\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exe MD5: 6EE5F7F9F0016B5CC4F93A949A08F0DC)
        • RoboTaskLite.exe (PID: 1400 cmdline: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exe MD5: 6EE5F7F9F0016B5CC4F93A949A08F0DC)
          • cmd.exe (PID: 3252 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 5760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • ToolSecurityBvg.exe (PID: 5044 cmdline: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe MD5: 967F4470627F823F4D7981E511C9824F)
              • msedge.exe (PID: 5948 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
                • msedge.exe (PID: 3224 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2124,i,16003338811107414363,9838939343670632493,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • RoboTaskLite.exe (PID: 3116 cmdline: "C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exe" MD5: 6EE5F7F9F0016B5CC4F93A949A08F0DC)
    • cmd.exe (PID: 1864 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 4712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • ToolSecurityBvg.exe (PID: 5252 cmdline: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe MD5: 967F4470627F823F4D7981E511C9824F)
  • msedge.exe (PID: 6444 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 3680 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2120,i,6787236163346224157,5306025125740223423,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7784 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4388 --field-trial-handle=2120,i,6787236163346224157,5306025125740223423,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7816 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6988 --field-trial-handle=2120,i,6787236163346224157,5306025125740223423,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 1356 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6936 --field-trial-handle=2120,i,6787236163346224157,5306025125740223423,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-02T23:34:52.115164+010020283713Unknown Traffic192.168.2.549897172.67.137.87443TCP
2025-03-02T23:34:53.368144+010020283713Unknown Traffic192.168.2.549903172.67.137.87443TCP
2025-03-02T23:34:54.332050+010020283713Unknown Traffic192.168.2.549910172.67.137.87443TCP
2025-03-02T23:35:12.071507+010020283713Unknown Traffic192.168.2.550034172.67.137.87443TCP
2025-03-02T23:35:14.786122+010020283713Unknown Traffic192.168.2.550079172.67.137.87443TCP
2025-03-02T23:35:31.660958+010020283713Unknown Traffic192.168.2.550101172.67.137.87443TCP
2025-03-02T23:35:33.542658+010020283713Unknown Traffic192.168.2.550103172.67.137.87443TCP
2025-03-02T23:35:34.311726+010020283713Unknown Traffic192.168.2.550104172.67.137.87443TCP
2025-03-02T23:35:35.091240+010020283713Unknown Traffic192.168.2.550105172.67.137.87443TCP
2025-03-02T23:35:35.921081+010020283713Unknown Traffic192.168.2.550106172.67.137.87443TCP
2025-03-02T23:35:36.855354+010020283713Unknown Traffic192.168.2.550107172.67.137.87443TCP
2025-03-02T23:35:38.091601+010020283713Unknown Traffic192.168.2.550108172.67.137.87443TCP
2025-03-02T23:35:39.092479+010020283713Unknown Traffic192.168.2.550109172.67.137.87443TCP
2025-03-02T23:35:40.591184+010020283713Unknown Traffic192.168.2.550110172.67.137.87443TCP
2025-03-02T23:35:41.528300+010020283713Unknown Traffic192.168.2.550111172.67.137.87443TCP
2025-03-02T23:35:42.228787+010020283713Unknown Traffic192.168.2.550112172.67.137.87443TCP
2025-03-02T23:35:43.294690+010020283713Unknown Traffic192.168.2.550113172.67.137.87443TCP
2025-03-02T23:35:44.543058+010020283713Unknown Traffic192.168.2.550114172.67.137.87443TCP
2025-03-02T23:35:45.516459+010020283713Unknown Traffic192.168.2.550115172.67.137.87443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeVirustotal: Detection: 42%Perma Link
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeReversingLabs: Detection: 28%
Joe Sandbox ML detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B8ED3B DecryptFileW,0_2_00B8ED3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BCA2D0 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,0_2_00BCA2D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B8DA0E CreateFileW,GetLastError,DecryptFileW,CloseHandle,0_2_00B8DA0E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B8EA4B DecryptFileW,0_2_00B8EA4B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B8DB8F CreateFileW,GetLastError,DecryptFileW,CloseHandle,0_2_00B8DB8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B8ECE9 DecryptFileW,0_2_00B8ECE9
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A0ED3B DecryptFileW,1_2_00A0ED3B
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A4A2D0 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,1_2_00A4A2D0
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A0DA0E CreateFileW,GetLastError,DecryptFileW,CloseHandle,1_2_00A0DA0E
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A0EA4B DecryptFileW,1_2_00A0EA4B
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A0DB8F CreateFileW,GetLastError,DecryptFileW,CloseHandle,1_2_00A0DB8F
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A0ECE9 DecryptFileW,1_2_00A0ECE9
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:49897 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:49903 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:49910 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50034 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50079 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50101 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50103 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50104 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50105 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50106 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50107 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50108 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50109 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50110 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50111 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50112 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50113 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50114 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50115 version: TLS 1.2
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\wix4\wix4\build\burn\Release\x86\burn.pdb source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000002.2090864201.0000000000BDE000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000000.2054346331.0000000000BDE000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000002.2088453134.0000000000A5E000.00000002.00000001.01000000.00000005.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000000.2065684362.0000000000A5E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local State source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2621346605.0000000000AD4000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State source: ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local StateT source: ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntkrnlmp.pdb source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2622896001.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local StateC source: ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: lC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdbUGP source: RoboTaskLite.exe, 00000002.00000002.2126409445.000000000A1B1000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000002.2127699444.000000000A510000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429299081.0000000004CB2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2430521300.00000000055B0000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2620860649.0000000004BEF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621759813.00000000054E0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: RoboTaskLite.exe, 00000002.00000002.2126409445.000000000A1B1000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000002.2127699444.000000000A510000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429299081.0000000004CB2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2430521300.00000000055B0000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2620860649.0000000004BEF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621759813.00000000054E0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\wix4\wix4\build\burn\Release\x86\burn.pdb> source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000002.2090864201.0000000000BDE000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000000.2054346331.0000000000BDE000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000002.2088453134.0000000000A5E000.00000002.00000001.01000000.00000005.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000000.2065684362.0000000000A5E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2# source: ToolSecurityBvg.exe, 0000000B.00000003.2620322272.0000000000A72000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2610949855.0000000000A6F000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: winload_prod.pdb source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2622896001.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831z source: ToolSecurityBvg.exe, 0000000B.00000003.2606642707.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2607744908.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: hC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ State source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2621346605.0000000000AD4000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: ToolSecurityBvg.exe, 0000000B.00000003.2609423091.0000000000A8B000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2606642707.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2607744908.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: [\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2>$ source: ToolSecurityBvg.exe, 0000000B.00000003.2609423091.0000000000A8B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: vcruntime140.i386.pdb source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000002.2089083492.000000006E581000.00000020.00000001.01000000.00000006.sdmp
Source: Binary string: vcruntime140.i386.pdbGCTL source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000003.2055144664.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000003.2055110721.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000003.2055023511.00000000033E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000002.2089083492.000000006E581000.00000020.00000001.01000000.00000006.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: ToolSecurityBvg.exe, 0000000B.00000003.2622896001.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2614575114.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2606642707.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2607744908.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2613692854.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: ToolSecurityBvg.exe, 0000000B.00000003.2622896001.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2614575114.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2606642707.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2607744908.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2613692854.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: m\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2621346605.0000000000AD4000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local Stateb source: ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2h source: ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State2 source: ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: ToolSecurityBvg.exe, 0000000B.00000003.2620322272.0000000000A72000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2610949855.0000000000A6F000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: a\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2x\NGL source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: ToolSecurityBvg.exe, 0000000B.00000003.2609423091.0000000000A8B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ]C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: ToolSecurityBvg.exe, 0000000B.00000003.2609423091.0000000000A8B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2621346605.0000000000AD4000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2621346605.0000000000AD4000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntkrnlmp.pdb?i% source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2622896001.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831w source: ToolSecurityBvg.exe, 0000000B.00000003.2622896001.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2614575114.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2606642707.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2607744908.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2613692854.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: i\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local State source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2621346605.0000000000AD4000.00000004.00000001.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B75C81 GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,GetLastError,DeleteFileW,MoveFileExW,MoveFileExW,GetLastError,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,0_2_00B75C81
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BC1290 FindFirstFileExW,0_2_00BC1290
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BD343B FindFirstFileW,FindClose,0_2_00BD343B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B8E72A FindFirstFileW,FindNextFileW,FindClose,0_2_00B8E72A
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A41290 FindFirstFileExW,1_2_00A41290
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A5343B FindFirstFileW,FindClose,1_2_00A5343B
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A0E72A FindFirstFileW,FindNextFileW,FindClose,1_2_00A0E72A
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_009F5C81 GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,GetLastError,DeleteFileW,MoveFileExW,MoveFileExW,GetLastError,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,1_2_009F5C81
Source: Joe Sandbox ViewIP Address: 18.164.96.18 18.164.96.18
Source: Joe Sandbox ViewIP Address: 20.189.173.8 20.189.173.8
Source: Joe Sandbox ViewIP Address: 2.22.242.11 2.22.242.11
Source: Joe Sandbox ViewIP Address: 18.244.18.27 18.244.18.27
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49903 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49910 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49897 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50034 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50079 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50101 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50103 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50105 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50104 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50108 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50109 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50106 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50107 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50111 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50115 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50110 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50113 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50112 -> 172.67.137.87:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50114 -> 172.67.137.87:443
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15Content-Length: 147Host: piaktrip.online
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 53Host: piaktrip.online
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 208Host: piaktrip.online
Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.af337c502c230a9902a8.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.55sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=6A55BF1828E8464EA291972DDF4F1E0F.RefC=2025-03-02T22:35:06Z; USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; MUIDB=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.96ac23719317b1928681.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.55sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=6A55BF1828E8464EA291972DDF4F1E0F.RefC=2025-03-02T22:35:06Z; USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; MUIDB=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1
Source: global trafficHTTP traffic detected: OPTIONS /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveOrigin: https://business.bing.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: POST /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveContent-Length: 472Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.bd02dd0f5f9b69ef8b17.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.4fa8815283fe3d88a934.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.bb241b5cf88a9a76514e.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.e283502f48dd51b29357.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1
Source: global trafficHTTP traffic detected: GET /crx/blobs/ASuc5ohcoRYyASTWkAI21BvR0f-Aos7pzgW3GtD8ImYoX-O9Pl77join3GT-5wpD1vT_nG6xpJ0eds7JOZacv0OYNfBAee3mKSnMDx3-YDnz3J7UxfHM_wfhsyHz9Z8rajAAxlKa5T9frrLlN0KHGfJRu7Y7NseNtZ_M/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_89_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1740954909934&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=6a55bf1828e8464ea291972ddf4f1e0f&activityId=6a55bf1828e8464ea291972ddf4f1e0f&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1
Source: global trafficHTTP traffic detected: GET /b?rn=1740954909934&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=20D9FECD8DE260CF167EEB6E8CE561CF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15Content-Length: 147Host: piaktrip.online
Source: global trafficHTTP traffic detected: GET /b2?rn=1740954909934&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=20D9FECD8DE260CF167EEB6E8CE561CF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1F96b0082b8d072a5b7ad781740954911; XID=1F96b0082b8d072a5b7ad781740954911
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1740954909932&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 3856sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1740954909934&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=6a55bf1828e8464ea291972ddf4f1e0f&activityId=6a55bf1828e8464ea291972ddf4f1e0f&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=6D056B75205D458CA69B91ED216D05CD&MUID=20D9FECD8DE260CF167EEB6E8CE561CF HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1; SM=T
Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 5.05sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 200sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=6A55BF1828E8464EA291972DDF4F1E0F.RefC=2025-03-02T22:35:06Z; USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; MUIDB=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=16861926-2ddc-4702-a36c-35ea7be93a0e; ai_session=0N+5O3ePzPdTHz0TA32xEb|1740954909930|1740954909930; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=6A55BF1828E8464EA291972DDF4F1E0F.RefC=2025-03-02T22:35:06Z
Source: global trafficHTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":36,"imageId":"BB1msKSj","provider":"CMSImage","userSelected":false},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"myFeed","show_greet":true,"vt_opened":false,"wpo_nx":{"v":"2","wgt":{"src":"default"}}}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=6A55BF1828E8464EA291972DDF4F1E0F.RefC=2025-03-02T22:35:06Z; USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; MUIDB=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=16861926-2ddc-4702-a36c-35ea7be93a0e; ai_session=0N+5O3ePzPdTHz0TA32xEb|1740954909930|1740954909930; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=6A55BF1828E8464EA291972DDF4F1E0F.RefC=2025-03-02T22:35:06Z
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1740954912705&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 10959sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1; _C_ETH=1
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1740954912771&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 4715sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1; _C_ETH=1
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 53Host: piaktrip.online
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1740954913365&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 5368sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1740954913824&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 9573sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 692817Host: piaktrip.online
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 745Host: piaktrip.online
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 212Host: piaktrip.online
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 380Host: piaktrip.online
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 22133Host: piaktrip.online
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 74041Host: piaktrip.online
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 35Host: piaktrip.online
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 694897Host: piaktrip.online
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 745Host: piaktrip.online
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 212Host: piaktrip.online
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 380Host: piaktrip.online
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 22133Host: piaktrip.online
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 74010Host: piaktrip.online
Source: global trafficHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15gm: DF8eH7uqeTtC4klPAjk/pXn1z5PtcIYA9z0JmzXFwrORTy+5LywCFzRF7uoL3y/I0oL0B4u/+T1hR/6vSiphp/7cIwh/l0YContent-Length: 35Host: piaktrip.online
Source: global trafficHTTP traffic detected: OPTIONS /api/report?cat=msn HTTP/1.1Host: deff.nelreports.netConnection: keep-aliveOrigin: https://assets.msn.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: OPTIONS /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveOrigin: https://business.bing.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: POST /api/report?cat=msn HTTP/1.1Host: deff.nelreports.netConnection: keep-aliveContent-Length: 1471Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: POST /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveContent-Length: 466Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.13
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.13
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.13
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.13
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.13
Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.13
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.225
Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.af337c502c230a9902a8.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.55sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=6A55BF1828E8464EA291972DDF4F1E0F.RefC=2025-03-02T22:35:06Z; USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; MUIDB=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.96ac23719317b1928681.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.55sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=6A55BF1828E8464EA291972DDF4F1E0F.RefC=2025-03-02T22:35:06Z; USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; MUIDB=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.bd02dd0f5f9b69ef8b17.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.4fa8815283fe3d88a934.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.bb241b5cf88a9a76514e.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.e283502f48dd51b29357.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1
Source: global trafficHTTP traffic detected: GET /crx/blobs/ASuc5ohcoRYyASTWkAI21BvR0f-Aos7pzgW3GtD8ImYoX-O9Pl77join3GT-5wpD1vT_nG6xpJ0eds7JOZacv0OYNfBAee3mKSnMDx3-YDnz3J7UxfHM_wfhsyHz9Z8rajAAxlKa5T9frrLlN0KHGfJRu7Y7NseNtZ_M/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_89_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1740954909934&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=6a55bf1828e8464ea291972ddf4f1e0f&activityId=6a55bf1828e8464ea291972ddf4f1e0f&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1
Source: global trafficHTTP traffic detected: GET /b?rn=1740954909934&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=20D9FECD8DE260CF167EEB6E8CE561CF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /b2?rn=1740954909934&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=20D9FECD8DE260CF167EEB6E8CE561CF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1F96b0082b8d072a5b7ad781740954911; XID=1F96b0082b8d072a5b7ad781740954911
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1740954909934&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=6a55bf1828e8464ea291972ddf4f1e0f&activityId=6a55bf1828e8464ea291972ddf4f1e0f&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=6D056B75205D458CA69B91ED216D05CD&MUID=20D9FECD8DE260CF167EEB6E8CE561CF HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1; SM=T
Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 5.05sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 200sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=6A55BF1828E8464EA291972DDF4F1E0F.RefC=2025-03-02T22:35:06Z; USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; MUIDB=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=16861926-2ddc-4702-a36c-35ea7be93a0e; ai_session=0N+5O3ePzPdTHz0TA32xEb|1740954909930|1740954909930; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=6A55BF1828E8464EA291972DDF4F1E0F.RefC=2025-03-02T22:35:06Z
Source: global trafficHTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":36,"imageId":"BB1msKSj","provider":"CMSImage","userSelected":false},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"myFeed","show_greet":true,"vt_opened":false,"wpo_nx":{"v":"2","wgt":{"src":"default"}}}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=6A55BF1828E8464EA291972DDF4F1E0F.RefC=2025-03-02T22:35:06Z; USRLOC=; MUID=20D9FECD8DE260CF167EEB6E8CE561CF; MUIDB=20D9FECD8DE260CF167EEB6E8CE561CF; _EDGE_S=F=1&SID=1F2195787EE6676B262C80DB7FC166C1; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=16861926-2ddc-4702-a36c-35ea7be93a0e; ai_session=0N+5O3ePzPdTHz0TA32xEb|1740954909930|1740954909930; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=6A55BF1828E8464EA291972DDF4F1E0F.RefC=2025-03-02T22:35:06Z
Source: global trafficDNS traffic detected: DNS query: piaktrip.online
Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global trafficDNS traffic detected: DNS query: c.msn.com
Source: global trafficDNS traffic detected: DNS query: assets.msn.com
Source: global trafficDNS traffic detected: DNS query: api.msn.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownHTTP traffic detected: POST /aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15Content-Length: 147Host: piaktrip.online
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeString found in binary or memory: http://appsyndication.org/2006/appsyn
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: ToolSecurityBvg.exe, 0000000B.00000003.2818884502.0000000000AEC000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: ToolSecurityBvg.exe, 0000000B.00000003.2818884502.0000000000AEC000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt0
Source: RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: ToolSecurityBvg.exe, 0000000B.00000003.2818884502.0000000000AEC000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: ToolSecurityBvg.exe, 0000000B.00000003.2818884502.0000000000AEC000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: ToolSecurityBvg.exe, 0000000B.00000003.2818884502.0000000000AEC000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://e5.i.lencr.org/0A
Source: ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://e5.o.lencr.org0
Source: RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: ToolSecurityBvg.exe, 0000000B.00000003.2818884502.0000000000AEC000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: ToolSecurityBvg.exe, 0000000B.00000003.2818884502.0000000000AEC000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com06
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000003.2055144664.000000000342A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000003.2090123059.000000000342A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000003.2089656287.0000000005825000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000003.2055110721.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000003.2055023511.00000000033E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000002.2089009068.0000000004C60000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000002.2088846583.00000000049B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/v4/2008/Burn
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000002.2089009068.0000000004C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/v4/2008/BurnHd
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085622562.0000000000900000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085676238.0000000000900000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/v4/BootstrapperApplicationData
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/v4/BundleExtensionData
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000000.2385861414.00000001401E0000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.???.xx/?search=%s
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2818884502.0000000000AEC000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000000.2086419161.00000000005C0000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.geocities.com/SiliconValley/Network/2114/zipbeta.html
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009AC8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.0000000005016000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
Source: ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.
Source: RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000000.2086419161.00000000005C0000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.robotask.com/
Source: RoboTaskLite.exe, 00000002.00000000.2086179373.0000000000401000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.robotask.com/?ref=rtliteopenX5OP8O
Source: RoboTaskLite.exe, 00000002.00000000.2086179373.0000000000401000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.robotask.com/bugreport/
Source: RoboTaskLite.exe, 00000002.00000000.2086179373.0000000000401000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.robotask.com/support/?ref=rtliteopen
Source: RoboTaskLite.exe, 00000002.00000000.2086179373.0000000000401000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.robotask.com/upgradefromlite/open
Source: RoboTaskLite.exe, 00000002.00000000.2086179373.0000000000401000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.robotask.com/upgradefromlite/openU
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000000.2385861414.00000001401E0000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.softwareok.com
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000000.2385861414.00000001401E0000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.softwareok.de
Source: cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.surfok.de/
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
Source: RoboTaskLite.exe, 00000002.00000002.2128835893.0000000050051000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://%s:%u/d.phpP
Source: ToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FFF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com%22
Source: ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/common-windows-widget-shared.ebe8f21260b7d79ff
Source: ToolSecurityBvg.exe, 0000000B.00000003.2818104284.0000000008031000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/libs_ad-service_dist_NativeAdService_js-web-co
Source: ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/nurturing-placement-manager.fc7b7cad27260d2f6a
Source: ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/weather-card-data-connector.c490877a0a3478ece4
Source: ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://azureedge.net
Source: ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FFF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://bingretailmsndata.azureedge.net/msndata/
Source: ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-strea
Source: ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://c.msn.com/c.gif?rnd=1740954909934&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&t
Source: ToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: ToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: ToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
Source: ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report
Source: ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: ToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: ToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: ToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ecs.nel.measure.office.net/api/report?TenantId=Edge&DestinationEndpoint=Edge-Prod-EWR30r4c&F
Source: ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/assetMbP?
Source: ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/assetet8f.
Source: ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset/
Source: ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/assetss
Source: ToolSecurityBvg.exe, 0000000B.00000003.2814478385.0000000007FFF000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FFF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ent-api.msn.com/%22
Source: ToolSecurityBvg.exe, 0000000B.00000003.2818104284.0000000008031000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://msn.com
Source: ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com
Source: ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2800745166.0000000008076000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2795733764.0000000008061000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/
Source: ToolSecurityBvg.exe, 0000000B.00000003.2814478385.0000000007FFF000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FFF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/bundles/v1/edgeChromium/latest/web-worker.96ac23719317b1928681.js#lang=en-us&ads
Source: ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2801418332.0000000000AEC000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2818884502.0000000000AEC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.comcache-control:public
Source: ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.comreport-to:
Source: ToolSecurityBvg.exe, 0000000B.00000003.2552336986.000000000052A000.00000004.00000020.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2542810591.000000000052A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://piaktrip.online/
Source: ToolSecurityBvg.exe, 0000000B.00000003.2552336986.000000000052A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://piaktrip.online//
Source: ToolSecurityBvg.exe, 0000000B.00000003.2552336986.000000000052A000.00000004.00000020.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2542810591.000000000052A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://piaktrip.online/K
Source: ToolSecurityBvg.exe, 0000000B.00000003.2552336986.000000000052A000.00000004.00000020.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2542810591.000000000052A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://piaktrip.online/S
Source: ToolSecurityBvg.exe, 0000000B.00000003.2542810591.00000000004E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://piaktrip.online/aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGul
Source: ToolSecurityBvg.exe, 0000000B.00000003.2552336986.000000000052A000.00000004.00000020.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2542810591.000000000052A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://piaktrip.online/o
Source: RoboTaskLite.exe, 00000002.00000000.2086179373.0000000000401000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://robotask.com/help/
Source: RoboTaskLite.exe, 00000002.00000000.2086179373.0000000000401000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://robotask.com/openhelp/?id=%d.openSV
Source: RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2099974498.000000000A8D7000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000003.2096226790.000000000A8DD000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: ToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
Source: ToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50119
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 443
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:49897 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:49903 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:49910 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50034 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50079 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50101 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50103 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50104 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50105 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50106 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50107 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50108 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50109 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50110 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50111 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50112 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50113 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50114 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.137.87:443 -> 192.168.2.5:50115 version: TLS 1.2
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8570 @Vcl@Consts@_SCannotOpenClipboard,@Vcl@Consts@_SMCIWaveAudio,@Vcl@Consts@_SMCIUnknownError,@Vcl@Consts@_SBoldItalicFont,@Vcl@Consts@_SBoldFont,@Vcl@Consts@_SItalicFont,@Vcl@Consts@_SExecute,@Vcl@Consts@_SStart,@Vcl@Consts@_SStop,@Vcl@Consts@_SPause,@Vcl@Consts@_SContinue,@Vcl@Consts@_SServiceInstallOK,@Vcl@Consts@_SServiceInstallFailed,@Vcl@Consts@_SServiceUninstallOK,@Vcl@Consts@_SServiceUninstallFailed,@Vcl@Consts@_SDockedCtlNeedsName,@Vcl@Consts@_SDockZoneVersionConflict,@Vcl@Consts@_SAllCommands,@Vcl@Consts@_SDuplicateItem,@Vcl@Consts@_STextNotFound,@Vcl@Consts@_SBrowserExecError,@Vcl@Consts@_SPromptArrayEmpty,@Vcl@Consts@_SUsername,@Vcl@Consts@_SPassword,@Vcl@Consts@_SDomain,@Vcl@Consts@_SLogin,@Vcl@Consts@_SKeyNotFound,@Vcl@Consts@_SNoColumnMoving,@Vcl@Consts@_SNoEqualsInKey,@Vcl@Consts@_SSendError,@Vcl@Consts@_SAssignSubItemError,@Vcl@Consts@_SMoreButtons,@Vcl@Consts@_SErrorDownloadingURL,@Vcl@Consts@_SUrlMonDllMissing,@Vcl@Consts@_SAllActions,@Vcl@Consts@_SNoCategory,@Vcl@Consts@_SErrorLoadingFile,@Vcl@Consts@_SResetUsageData,@Vcl@Consts@_SFileRunDialogTitle,@Vcl@Consts@_SNoName,@Vcl@Consts@_SErrorActionManagerNotAssigned,2_2_50CB8570
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CC7D80 @Vcl@Graphics@TMetafile@LoadFromClipboardFormat$qqrusuip10HPALETTE__,GetClipboardData,@Vcl@Graphics@TMetafile@NewImage$qqrv,CopyEnhMetaFileW,GetEnhMetaFileHeader,2_2_50CC7D80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeFile deleted: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BC42FB0_2_00BC42FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BC93980_2_00BC9398
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B794F00_2_00B794F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BA24F70_2_00BA24F7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B914C40_2_00B914C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BA940D0_2_00BA940D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B9469C0_2_00B9469C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B7F7880_2_00B7F788
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B818D80_2_00B818D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BBC80C0_2_00BBC80C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BADAA40_2_00BADAA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BAEC050_2_00BAEC05
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BC3E500_2_00BC3E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B85F140_2_00B85F14
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A442FB1_2_00A442FB
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A493981_2_00A49398
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A224F71_2_00A224F7
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A114C41_2_00A114C4
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_009F94F01_2_009F94F0
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A2940D1_2_00A2940D
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A1469C1_2_00A1469C
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_009FF7881_2_009FF788
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A018D81_2_00A018D8
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A3C80C1_2_00A3C80C
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A2DAA41_2_00A2DAA4
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A2EC051_2_00A2EC05
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A43E501_2_00A43E50
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A05F141_2_00A05F14
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_6E5868171_2_6E586817
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_6E58CE601_2_6E58CE60
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_6E58BFA41_2_6E58BFA4
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_6E58BB8C1_2_6E58BB8C
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_6E58C80E1_2_6E58C80E
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_6E58B6901_2_6E58B690
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_6E58C3D91_2_6E58C3D9
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CC41002_2_50CC4100
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe B22BF1210B5FD173A210EBFA9092390AA0513C41E1914CBE161EB547F049EF91
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: String function: 00BD01DE appears 91 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: String function: 00B72ACF appears 56 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: String function: 00BB7210 appears 33 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: String function: 00B7A2D7 appears 83 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: String function: 00B71225 appears 865 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: String function: 00B71228 appears 1402 times
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: String function: 009F2ACF appears 56 times
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: String function: 00A501DE appears 91 times
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: String function: 009F1225 appears 865 times
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: String function: 009F1228 appears 1402 times
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: String function: 009FA2D7 appears 83 times
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: String function: 00A37210 appears 33 times
Source: ToolSecurityBvg.exe.4.drStatic PE information: Resource name: ZIP type: Zip archive data (empty)
Source: eco.9.drStatic PE information: Number of sections : 12 > 10
Source: RoboTaskLite.exe.1.drStatic PE information: Number of sections : 11 > 10
Source: RoboTaskLite.exe.2.drStatic PE information: Number of sections : 11 > 10
Source: icakjwcxbhenbx.4.drStatic PE information: Number of sections : 12 > 10
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000002.2090965533.0000000000C10000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebooze.exe0 vs SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000002.2088512975.0000000000A90000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamebooze.exe0 vs SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVCL280.BPL@ vs SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000002.2089128727.000000006E593000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
Source: classification engineClassification label: mal84.spyw.evad.winEXE@64/265@19/20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BCA747 FormatMessageW,GetLastError,LocalFree,0_2_00BCA747
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BCB884 LookupPrivilegeValueW,GetLastError,OpenProcessToken,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError,CloseHandle,0_2_00BCB884
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A4B884 LookupPrivilegeValueW,GetLastError,OpenProcessToken,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError,CloseHandle,1_2_00A4B884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BCFE01 GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,0_2_00BCFE01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BD699C FindResourceExA,GetLastError,LoadResource,GetLastError,SizeofResource,GetLastError,LockResource,GetLastError,0_2_00BD699C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BA98F9 ChangeServiceConfigW,GetLastError,0_2_00BA98F9
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeFile created: C:\Users\user\AppData\Roaming\SupersyncJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5760:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4712:120:WilError_03
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeFile created: C:\Users\user\AppData\Local\Temp\Myology_20250302173403.cleanroom.logJump to behavior
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSystem information queried: HandleInformationJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: ToolSecurityBvg.exe, 0000000B.00000003.2613692854.0000000000A7D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeVirustotal: Detection: 42%
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeReversingLabs: Detection: 28%
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeProcess created: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe "C:\Windows\TEMP\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe" -burn.clean.room="C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe" -burn.filehandle.attached=620 -burn.filehandle.self=632
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeProcess created: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exe C:\Windows\TEMP\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exe
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeProcess created: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exe C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exe
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exe "C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exe"
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2124,i,16003338811107414363,9838939343670632493,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2120,i,6787236163346224157,5306025125740223423,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4388 --field-trial-handle=2120,i,6787236163346224157,5306025125740223423,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6988 --field-trial-handle=2120,i,6787236163346224157,5306025125740223423,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6936 --field-trial-handle=2120,i,6787236163346224157,5306025125740223423,262144 /prefetch:8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeProcess created: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe "C:\Windows\TEMP\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe" -burn.clean.room="C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe" -burn.filehandle.attached=620 -burn.filehandle.self=632Jump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeProcess created: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exe C:\Windows\TEMP\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeProcess created: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exe C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2124,i,16003338811107414363,9838939343670632493,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2120,i,6787236163346224157,5306025125740223423,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4388 --field-trial-handle=2120,i,6787236163346224157,5306025125740223423,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6988 --field-trial-handle=2120,i,6787236163346224157,5306025125740223423,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6936 --field-trial-handle=2120,i,6787236163346224157,5306025125740223423,262144 /prefetch:8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: feclient.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: feclient.dllJump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: pla.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: pdh.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: tdh.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: pla.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: tdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: pla.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: tdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dll
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32Jump to behavior
Source: ojgugqybdd.4.drLNK file: ..\..\Roaming\Supersync\RoboTaskLite.exe
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic file information: File size 10082132 > 1048576
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\wix4\wix4\build\burn\Release\x86\burn.pdb source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000002.2090864201.0000000000BDE000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000000.2054346331.0000000000BDE000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000002.2088453134.0000000000A5E000.00000002.00000001.01000000.00000005.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000000.2065684362.0000000000A5E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local State source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2621346605.0000000000AD4000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State source: ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local StateT source: ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntkrnlmp.pdb source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2622896001.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local StateC source: ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: lC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdbUGP source: RoboTaskLite.exe, 00000002.00000002.2126409445.000000000A1B1000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000002.2127699444.000000000A510000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429299081.0000000004CB2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2430521300.00000000055B0000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2620860649.0000000004BEF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621759813.00000000054E0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: RoboTaskLite.exe, 00000002.00000002.2126409445.000000000A1B1000.00000004.00000020.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000002.2127699444.000000000A510000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429299081.0000000004CB2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2430521300.00000000055B0000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2620860649.0000000004BEF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621759813.00000000054E0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\wix4\wix4\build\burn\Release\x86\burn.pdb> source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000002.2090864201.0000000000BDE000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000000.2054346331.0000000000BDE000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000002.2088453134.0000000000A5E000.00000002.00000001.01000000.00000005.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000000.2065684362.0000000000A5E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2# source: ToolSecurityBvg.exe, 0000000B.00000003.2620322272.0000000000A72000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2610949855.0000000000A6F000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: winload_prod.pdb source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2622896001.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831z source: ToolSecurityBvg.exe, 0000000B.00000003.2606642707.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2607744908.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: hC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ State source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2621346605.0000000000AD4000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: ToolSecurityBvg.exe, 0000000B.00000003.2609423091.0000000000A8B000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2606642707.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2607744908.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: [\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2>$ source: ToolSecurityBvg.exe, 0000000B.00000003.2609423091.0000000000A8B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: vcruntime140.i386.pdb source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000002.2089083492.000000006E581000.00000020.00000001.01000000.00000006.sdmp
Source: Binary string: vcruntime140.i386.pdbGCTL source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000003.2055144664.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000003.2055110721.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000003.2055023511.00000000033E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000002.2089083492.000000006E581000.00000020.00000001.01000000.00000006.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: ToolSecurityBvg.exe, 0000000B.00000003.2622896001.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2614575114.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2606642707.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2607744908.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2613692854.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: ToolSecurityBvg.exe, 0000000B.00000003.2622896001.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2614575114.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2606642707.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2607744908.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2613692854.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: m\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2621346605.0000000000AD4000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local Stateb source: ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2h source: ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State2 source: ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: ToolSecurityBvg.exe, 0000000B.00000003.2620322272.0000000000A72000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2610949855.0000000000A6F000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: a\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2x\NGL source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: ToolSecurityBvg.exe, 0000000B.00000003.2609423091.0000000000A8B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ]C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: ToolSecurityBvg.exe, 0000000B.00000003.2609423091.0000000000A8B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2621346605.0000000000AD4000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2609609047.0000000000A65000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2621346605.0000000000AD4000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntkrnlmp.pdb?i% source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2622896001.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831w source: ToolSecurityBvg.exe, 0000000B.00000003.2622896001.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2614575114.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2606642707.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2607744908.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2613692854.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AA2000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: i\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local State source: ToolSecurityBvg.exe, 0000000B.00000003.2608693465.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2612968488.0000000000AAA000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2621346605.0000000000AD4000.00000004.00000001.00020000.00000000.sdmp
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x99a710
Source: vcl280.bpl.2.drStatic PE information: real checksum: 0x405dec should be: 0x40417c
Source: eco.9.drStatic PE information: real checksum: 0x2a50d8 should be: 0x2a6015
Source: vcl280.bpl.1.drStatic PE information: real checksum: 0x405dec should be: 0x40417c
Source: icakjwcxbhenbx.4.drStatic PE information: real checksum: 0x2a50d8 should be: 0x2a6015
Source: Overtrick.dll.1.drStatic PE information: real checksum: 0x15f50 should be: 0x16754
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: real checksum: 0x0 should be: 0x9aa662
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: section name: .didat
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeStatic PE information: section name: .wixburn
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe.0.drStatic PE information: section name: .didat
Source: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe.0.drStatic PE information: section name: .wixburn
Source: Overtrick.dll.1.drStatic PE information: section name: _RDATA
Source: RoboTaskLite.exe.1.drStatic PE information: section name: .didata
Source: rtl280.bpl.1.drStatic PE information: section name: .didata
Source: vcl280.bpl.1.drStatic PE information: section name: .didata
Source: RoboTaskLite.exe.2.drStatic PE information: section name: .didata
Source: rtl280.bpl.2.drStatic PE information: section name: .didata
Source: vcl280.bpl.2.drStatic PE information: section name: .didata
Source: ToolSecurityBvg.exe.4.drStatic PE information: section name: Shared
Source: icakjwcxbhenbx.4.drStatic PE information: section name: .xdata
Source: icakjwcxbhenbx.4.drStatic PE information: section name: nbdm
Source: eco.9.drStatic PE information: section name: .xdata
Source: eco.9.drStatic PE information: section name: nbdm
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BDCAD3 push ecx; ret 0_2_00BDCAE6
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A8E07C push es; ret 1_2_00A8E07D
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A5CAD3 push ecx; ret 1_2_00A5CAE6
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_6E58E8F0 push eax; ret 1_2_6E58E90E
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_6E58E666 push ecx; ret 1_2_6E58E679
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB89D8 push eax; retn 00FEh2_2_50CB89EC
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB81D8 push eax; retn 00FFh2_2_50CB81EC
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB81E8 push eax; retn 00FFh2_2_50CB81EC
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB89E8 push eax; retn 00FEh2_2_50CB89EC
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB89E0 push eax; retn 00FEh2_2_50CB89EC
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB81E0 push eax; retn 00FFh2_2_50CB81EC
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB81F0 push eax; ret 2_2_50CB81F4
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB89F0 push eax; ret 2_2_50CB89F4
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8248 push eax; iretd 2_2_50CB8254
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8A48 push eax; iretd 2_2_50CB8A54
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8240 push eax; iretd 2_2_50CB8254
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8A40 push eax; iretd 2_2_50CB8A54
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8250 push eax; iretd 2_2_50CB8254
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8A50 push eax; iretd 2_2_50CB8A54
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8218 push eax; retf 00FFh2_2_50CB822C
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8A18 push eax; retf 00FEh2_2_50CB8A2C
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8A28 push eax; retf 00FEh2_2_50CB8A2C
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8228 push eax; retf 00FFh2_2_50CB822C
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8A20 push eax; retf 00FEh2_2_50CB8A2C
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8220 push eax; retf 00FFh2_2_50CB822C
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8A38 push eax; iretd 2_2_50CB8A54
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8238 push eax; iretd 2_2_50CB8254
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8A30 push eax; retf 2_2_50CB8A34
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8230 push eax; retf 2_2_50CB8234
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CC2C68 push ecx; mov dword ptr [esp], ecx2_2_50CC2C6C
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CC25A8 push ecx; mov dword ptr [esp], edx2_2_50CC25AA
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeJump to dropped file
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeFile created: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeJump to dropped file
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeFile created: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\Overtrick.dllJump to dropped file
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeFile created: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\rtl280.bplJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\icakjwcxbhenbxJump to dropped file
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeFile created: C:\Users\user\AppData\Roaming\Supersync\rtl280.bplJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeFile created: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeJump to dropped file
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeFile created: C:\Users\user\AppData\Roaming\Supersync\vcl280.bplJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\ecoJump to dropped file
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeFile created: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeJump to dropped file
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeFile created: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\vcl280.bplJump to dropped file
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeFile created: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeJump to dropped file
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeFile created: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\Overtrick.dllJump to dropped file
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeFile created: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\rtl280.bplJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeFile created: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeJump to dropped file
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeFile created: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\vcl280.bplJump to dropped file
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeFile created: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\rtl280.bplJump to dropped file
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeFile created: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\vcl280.bplJump to dropped file
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeFile created: C:\Users\user\AppData\Roaming\Supersync\rtl280.bplJump to dropped file
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeFile created: C:\Users\user\AppData\Roaming\Supersync\vcl280.bplJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\icakjwcxbhenbxJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\ecoJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Found hidden mapped module (file has been removed from disk)
Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\ICAKJWCXBHENBX
Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\ECO
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Switches to a custom stack to bypass stack traces
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeAPI/Special instruction interceptor: Address: 6CE77C44
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeAPI/Special instruction interceptor: Address: 6CE77C44
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeAPI/Special instruction interceptor: Address: 6CE77945
Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6CE73B54
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB9060 sldt word ptr [eax]2_2_50CB9060
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeDropped PE file which has not been started: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\Overtrick.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\icakjwcxbhenbxJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ecoJump to dropped file
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeEvasive API call chain: GetLocalTime,DecisionNodes
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleep
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe TID: 2656Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe TID: 5340Thread sleep time: -90000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe TID: 5444Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe TID: 7580Thread sleep time: -180000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe TID: 7576Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BCA805 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00BCA8A0h0_2_00BCA805
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BCA805 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00BCA899h0_2_00BCA805
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A4A805 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00A4A8A0h1_2_00A4A805
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A4A805 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00A4A899h1_2_00A4A805
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B75C81 GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,GetLastError,DeleteFileW,MoveFileExW,MoveFileExW,GetLastError,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,0_2_00B75C81
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BC1290 FindFirstFileExW,0_2_00BC1290
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BD343B FindFirstFileW,FindClose,0_2_00BD343B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B8E72A FindFirstFileW,FindNextFileW,FindClose,0_2_00B8E72A
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A41290 FindFirstFileExW,1_2_00A41290
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A5343B FindFirstFileW,FindClose,1_2_00A5343B
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A0E72A FindFirstFileW,FindNextFileW,FindClose,1_2_00A0E72A
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_009F5C81 GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,GetLastError,DeleteFileW,MoveFileExW,MoveFileExW,GetLastError,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,1_2_009F5C81
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BDC535 VirtualQuery,GetSystemInfo,0_2_00BDC535
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeThread delayed: delay time: 30000Jump to behavior
Source: cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
Source: cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
Source: cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
Source: cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
Source: ToolSecurityBvg.exe, 0000000B.00000003.2552336986.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2542810591.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2534202817.00000000004E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
Source: msedge.exe, 0000000E.00000003.2628417587.0000313C002B0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
Source: cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
Source: RoboTaskLite.exe, 00000002.00000002.2128835893.0000000050051000.00000020.00000001.01000000.00000008.sdmpBinary or memory string: VirtualMachine
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BBD3EE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BBD3EE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B7540B GetProcessHeap,RtlAllocateHeap,0_2_00B7540B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BB7142 SetUnhandledExceptionFilter,0_2_00BB7142
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BBD3EE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BBD3EE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BB6B18 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00BB6B18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BB6FAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BB6FAF
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A37142 SetUnhandledExceptionFilter,1_2_00A37142
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A3D3EE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00A3D3EE
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A36B18 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00A36B18
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_00A36FAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00A36FAF
Source: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 1_2_6E58E910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_6E58E910

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtQueryValueKey: Direct from: 0x7FF6887E3736Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF688734EE3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtTerminateProcess: Direct from: 0x7FF6887C98C1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtQueryValueKey: Direct from: 0x14011D93EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtDeviceIoControlFile: Direct from: 0x7FF68884BAA2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF6888AB483Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF688721E92Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtClose: Indirect: 0x14012000F
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtReadVirtualMemory: Direct from: 0x7FF688942A0DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF68872AF36Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF8C88A26A1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtClose: Direct from: 0x7FF68894820A
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF6887217FCJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtQueryVolumeInformationFile: Direct from: 0x7FF6887D2F87Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtClose: Direct from: 0x7FF6887CB116
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF68886A13BJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtClose: Direct from: 0x7FF688818187
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF6887288D2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF68889CB4BJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtQueryInformationProcess: Direct from: 0x7FF6887BCA1AJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeNtQuerySystemInformation: Direct from: 0x50CB3054Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtReadVirtualMemory: Direct from: 0x7FF6888947D3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x14011D808Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtClose: Direct from: 0x7FF68894821E
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtSetInformationProcess: Direct from: 0x7FF6887CA8ADJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtSetInformationProcess: Direct from: 0x7FF6887B731BJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtCreateFile: Direct from: 0x7FF688945D69Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF688728DD1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF6888AD324Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtCreateThreadEx: Direct from: 0x7FF6888F8C78Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtCreateFile: Direct from: 0x7FF6887C4B37Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtQueryInformationProcess: Direct from: 0x7FF688893C92Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtReadVirtualMemory: Direct from: 0x7FF6888950F4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF6887D2460Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtQueryInformationProcess: Direct from: 0x7FF6887BD326Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtDelayExecution: Direct from: 0x7FF6888BD88CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtMapViewOfSection: Direct from: 0x7FF6887AE176Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtClose: Direct from: 0x7FF68894822C
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF688815BEFJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtQueryValueKey: Direct from: 0x7FF6887E4443Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF688714B32Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF688865B79Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtSetInformationProcess: Direct from: 0x7FF688894011Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF6888980D1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF68871E435Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF688946FB7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtSetInformationProcess: Direct from: 0x7FF6887BEFD5Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtMapViewOfSection: Direct from: 0x7FF688946B96Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtClose: Direct from: 0x7FF688945D87
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtQueryValueKey: Direct from: 0x7FF6887E4212Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtQueryInformationProcess: Direct from: 0x7FF688892F3BJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF688737589Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtReadVirtualMemory: Direct from: 0x7FF688899CA7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtMapViewOfSection: Direct from: 0x7FF6887ADFA6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF68889A0DCJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtMapViewOfSection: Direct from: 0x7FF688770687Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtClose: Direct from: 0x14011D864
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtMapViewOfSection: Direct from: 0x7FF6887D8A04Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF68889F05FJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF6887DB253Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF6887C4C2FJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeNtProtectVirtualMemory: Direct from: 0x6CA4D411Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtDelayExecution: Direct from: 0x7FF6888C2206Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtReadVirtualMemory: Direct from: 0x7FF688899C1AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtOpenKeyEx: Direct from: 0x7FF6887B4365Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtCreateThreadEx: Direct from: 0x7FF688714F8BJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtCreateThreadEx: Direct from: 0x7FF688714DE2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF6888A22A3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtSetInformationProcess: Direct from: 0x7FF688893EFEJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtSetInformationThread: Direct from: 0x7FF68895235FJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF688811AA6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtQueryInformationProcess: Direct from: 0x7FF6887CAF0AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF6887D62BDJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtQueryInformationProcess: Direct from: 0x7FF6887BD482Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF6887DC35AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtReadFile: Direct from: 0x14011D832Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtEnumerateValueKey: Direct from: 0x7FF688881AB4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtQueryInformationProcess: Direct from: 0x7FF68883FAB3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF688724454Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF6887C4677Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF8C88C4B5EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtReadFile: Direct from: 0x7FF6887C4C8CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtReadVirtualMemory: Direct from: 0x7FF6888A505DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtSetInformationProcess: Direct from: 0x7FF6887B7857Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtReadVirtualMemory: Direct from: 0x7FF688899A63Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtCreateFile: Direct from: 0x7FF6887BC81BJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtCreateFile: Direct from: 0x14011D7A4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF6887BCD16Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtQueryValueKey: Direct from: 0x7FF6887E3843Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF688814641Jump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeNtProtectVirtualMemory: Direct from: 0x6CE42BB5Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtDelayExecution: Direct from: 0x7FF6888CDF3AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtSetInformationProcess: Direct from: 0x7FF6887CB63CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF68872B3B9Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtDelayExecution: Direct from: 0x7FF6888C366BJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF6887DA9A2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtReadVirtualMemory: Direct from: 0x7FF688894AF1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x140120A3CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF6888A4FD5Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeNtAllocateVirtualMemory: Direct from: 0x7FF6887C671EJump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe protection: read writeJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe protection: read write
Writes to foreign memory regions
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe base: 14011BC08Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe base: 25A010Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe base: 14011BC08
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe base: 3BF010
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeProcess created: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe "C:\Windows\TEMP\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe" -burn.clean.room="C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe" -burn.filehandle.attached=620 -burn.filehandle.self=632Jump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeProcess created: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe "c:\windows\temp\{791d2bcf-ed73-43f0-9b7d-7127b95bfb3e}\.cr\securiteinfo.com.trojan.inject5.17530.4675.11921.exe" -burn.clean.room="c:\users\user\desktop\securiteinfo.com.trojan.inject5.17530.4675.11921.exe" -burn.filehandle.attached=620 -burn.filehandle.self=632
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeProcess created: C:\Windows\Temp\{791D2BCF-ED73-43F0-9B7D-7127B95BFB3E}\.cr\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe "c:\windows\temp\{791d2bcf-ed73-43f0-9b7d-7127b95bfb3e}\.cr\securiteinfo.com.trojan.inject5.17530.4675.11921.exe" -burn.clean.room="c:\users\user\desktop\securiteinfo.com.trojan.inject5.17530.4675.11921.exe" -burn.filehandle.attached=620 -burn.filehandle.self=632Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BCDA1F InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree,0_2_00BCDA1F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BCB493 AllocateAndInitializeSid,CheckTokenMembership,0_2_00BCB493
Source: RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: )[%d] Shell_TrayWndTrayNotifyWnd
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BB7255 cpuid 0_2_00BB7255
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B8BB84 ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,CloseHandle,LocalFree,0_2_00B8BB84
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BCA805 EnterCriticalSection,GetCurrentProcessId,GetCurrentThreadId,GetLocalTime,LeaveCriticalSection,0_2_00BCA805
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00B79360 GetUserNameW,GetLastError,0_2_00B79360
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeCode function: 0_2_00BDBA41 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,0_2_00BDBA41
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal Bitcoin Wallet information
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeKey opened: HKEY_CURRENT_USER\Software\monero-project\monero-coreJump to behavior
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SessionsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2 OverrideJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SessionsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2 OverrideJump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\yiaxs5ej.defaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-releaseJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exeCode function: 2_2_50CB8080 @Vcl@Consts@_SInvalidTabIndex,@Vcl@Consts@_SInvalidTabStyle,@Vcl@Consts@_SInvalidBitmap,2_2_50CB8080

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Native API		11
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Deobfuscate/Decode Files or Information		1
OS Credential Dumping		12
System Time Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts12
Command and Scripting Interpreter		1
Windows Service		11
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Credentials in Registry		1
Account Discovery		Remote Desktop Protocol11
Data from Local System		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Service Execution		Logon Script (Windows)1
Access Token Manipulation		2
Obfuscated Files or Information		Security Account Manager12
File and Directory Discovery		SMB/Windows Admin Shares2
Clipboard Data		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Windows Service		11
DLL Side-Loading		NTDS136
System Information Discovery		Distributed Component Object ModelInput Capture14
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script213
Process Injection		1
File Deletion		LSA Secrets121
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
Masquerading		Cached Domain Credentials3
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
Virtualization/Sandbox Evasion		DCSync21
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Access Token Manipulation		Proc Filesystem1
System Owner/User Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt213
Process Injection		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1627627 Sample: SecuriteInfo.com.Trojan.Inj... Startdate: 02/03/2025 Architecture: WINDOWS Score: 84 84 piaktrip.online 2->84 110 Multi AV Scanner detection for submitted file 2->110 112 Joe Sandbox ML detected suspicious sample 2->112 13 SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe 8 2->13         started        16 RoboTaskLite.exe 1 2->16         started        19 msedge.exe 2->19         started        signatures3 process4 dnsIp5 82 SecuriteInfo.com.T...7530.4675.11921.exe, PE32 13->82 dropped 22 SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe 16 13->22         started        98 Maps a DLL or memory area into another process 16->98 100 Found direct / indirect Syscall (likely to bypass EDR) 16->100 25 cmd.exe 16->25         started        86 192.168.2.5, 443, 49897, 49903 unknown unknown 19->86 88 239.255.255.250 unknown Reserved 19->88 28 msedge.exe 19->28         started        31 msedge.exe 19->31         started        33 msedge.exe 19->33         started        35 msedge.exe 19->35         started        file6 signatures7 process8 dnsIp9 72 C:\Windows\Temp\...\vcl280.bpl, PE32 22->72 dropped 74 C:\Windows\Temp\...\rtl280.bpl, PE32 22->74 dropped 76 C:\Windows\Temp\...\RoboTaskLite.exe, PE32 22->76 dropped 78 C:\Windows\Temp\...\Overtrick.dll, PE32 22->78 dropped 37 RoboTaskLite.exe 6 22->37         started        80 C:\Users\user\AppData\Local\Temp\eco, PE32+ 25->80 dropped 128 Writes to foreign memory regions 25->128 130 Maps a DLL or memory area into another process 25->130 41 ToolSecurityBvg.exe 25->41         started        43 conhost.exe 25->43         started        92 18.164.96.18, 443, 50040, 50051 MIT-GATEWAYSUS United States 28->92 94 c-msn-pme.trafficmanager.net 13.74.129.1, 443, 50001 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 28->94 96 29 other IPs or domains 28->96 file10 signatures11 process12 file13 66 C:\Users\user\AppData\Roaming\...\vcl280.bpl, PE32 37->66 dropped 68 C:\Users\user\AppData\...\RoboTaskLite.exe, PE32 37->68 dropped 70 C:\Users\user\AppData\Roaming\...\rtl280.bpl, PE32 37->70 dropped 120 Switches to a custom stack to bypass stack traces 37->120 122 Found direct / indirect Syscall (likely to bypass EDR) 37->122 45 RoboTaskLite.exe 1 37->45         started        124 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 41->124 126 Tries to harvest and steal browser information (history, passwords, etc) 41->126 signatures14 process15 signatures16 132 Maps a DLL or memory area into another process 45->132 134 Switches to a custom stack to bypass stack traces 45->134 136 Found direct / indirect Syscall (likely to bypass EDR) 45->136 48 cmd.exe 5 45->48         started        process17 file18 62 C:\Users\user\AppData\...\ToolSecurityBvg.exe, PE32+ 48->62 dropped 64 C:\Users\user\AppData\...\icakjwcxbhenbx, PE32+ 48->64 dropped 102 Writes to foreign memory regions 48->102 104 Found hidden mapped module (file has been removed from disk) 48->104 106 Maps a DLL or memory area into another process 48->106 108 Switches to a custom stack to bypass stack traces 48->108 52 ToolSecurityBvg.exe 48->52         started        56 conhost.exe 48->56         started        signatures19 process20 dnsIp21 90 piaktrip.online 172.67.137.87, 443, 49897, 49903 CLOUDFLARENETUS United States 52->90 114 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 52->114 116 Tries to harvest and steal Bitcoin Wallet information 52->116 118 Found direct / indirect Syscall (likely to bypass EDR) 52->118 58 msedge.exe 52->58         started        signatures22 process23 process24 60 msedge.exe 58->60         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe43%VirustotalBrowse
SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe29%ReversingLabsWin32.Trojan.Nekark

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Supersync\RoboTaskLite.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Supersync\rtl280.bpl0%ReversingLabs
C:\Users\user\AppData\Roaming\Supersync\vcl280.bpl12%ReversingLabs
C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\Overtrick.dll4%ReversingLabs
C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\RoboTaskLite.exe0%ReversingLabs
C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\rtl280.bpl0%ReversingLabs
C:\Windows\Temp\{C862410A-D102-4DC3-B8E9-A8DBFE503D95}\.ba\vcl280.bpl12%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://piaktrip.online/K0%Avira URL Cloudsafe
https://piaktrip.online/S0%Avira URL Cloudsafe
https://piaktrip.online/0%Avira URL Cloudsafe
http://www.robotask.com/support/?ref=rtliteopen0%Avira URL Cloudsafe
http://www.robotask.com/bugreport/0%Avira URL Cloudsafe
https://piaktrip.online/o0%Avira URL Cloudsafe
https://%s:%u/d.phpP0%Avira URL Cloudsafe
http://www.robotask.com/?ref=rtliteopenX5OP8O0%Avira URL Cloudsafe
https://piaktrip.online/aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3D0%Avira URL Cloudsafe
https://piaktrip.online/aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGul0%Avira URL Cloudsafe
https://robotask.com/openhelp/?id=%d.openSV0%Avira URL Cloudsafe
https://assets.msn.com%220%Avira URL Cloudsafe
http://www.robotask.com/0%Avira URL Cloudsafe
https://piaktrip.online//0%Avira URL Cloudsafe
https://robotask.com/help/0%Avira URL Cloudsafe
http://www.robotask.com/upgradefromlite/openU0%Avira URL Cloudsafe
http://www.robotask.com/upgradefromlite/open0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
162.159.61.3
truefalse
    		high
    a416.dscd.akamai.net
    		2.22.242.11
    		truefalse
      		high
      piaktrip.online
      		172.67.137.87
      		truefalse
        		unknown
        a-0003.a-msedge.net
        		204.79.197.203
        		truefalse
          		high
          c-msn-pme.trafficmanager.net
          		13.74.129.1
          		truefalse
            		high
            ssl.bingadsedgeextension-prod-europe.azurewebsites.net
            		94.245.104.56
            		truefalse
              		high
              sb.scorecardresearch.com
              		18.244.18.27
              		truefalse
                		high
                ax-0001.ax-msedge.net
                		150.171.28.10
                		truefalse
                  		high
                  e28578.d.akamaiedge.net
                  		95.101.182.106
                  		truefalse
                    		high
                    bzib.nelreports.net
                    		unknown
                    		unknownfalse
                      		high
                      assets.msn.com
                      		unknown
                      		unknownfalse
                        		high
                        c.msn.com
                        		unknown
                        		unknownfalse
                          		high
                          ntp.msn.com
                          		unknown
                          		unknownfalse
                            		high
                            api.msn.com
                            		unknown
                            		unknownfalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1740954913365&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                		high
                                https://sb.scorecardresearch.com/b2?rn=1740954909934&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=20D9FECD8DE260CF167EEB6E8CE561CF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                  		high
                                  https://c.msn.com/c.gif?rnd=1740954909934&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=6a55bf1828e8464ea291972ddf4f1e0f&activityId=6a55bf1828e8464ea291972ddf4f1e0f&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0false
                                    		high
                                    https://assets.msn.com/bundles/v1/edgeChromium/latest/vendors.bd02dd0f5f9b69ef8b17.jsfalse
                                      		high
                                      https://deff.nelreports.net/api/report?cat=msnfalse
                                        		high
                                        https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1740954913824&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                          		high
                                          https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531false
                                            		high
                                            https://ntp.msn.com/bundles/v1/edgeChromium/latest/SSR-extension.af337c502c230a9902a8.jsfalse
                                              		high
                                              https://piaktrip.online/aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulQPXGH1mDhQ8vuituTWRuVRHCr5PFngH8fYg%3D%3Dfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=truefalse
                                                		high
                                                https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1740954912771&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                  		high
                                                  https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=truefalse
                                                    		high
                                                    https://sb.scorecardresearch.com/b?rn=1740954909934&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=20D9FECD8DE260CF167EEB6E8CE561CF&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                                      		high
                                                      https://bzib.nelreports.net/api/report?cat=bingbusinessfalse
                                                        		high
                                                        https://c.msn.com/c.gif?rnd=1740954909934&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=6a55bf1828e8464ea291972ddf4f1e0f&activityId=6a55bf1828e8464ea291972ddf4f1e0f&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=6D056B75205D458CA69B91ED216D05CD&MUID=20D9FECD8DE260CF167EEB6E8CE561CFfalse
                                                          		high
                                                          https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.4fa8815283fe3d88a934.jsfalse
                                                            		high
                                                            https://chrome.cloudflare-dns.com/dns-queryfalse
                                                              		high
                                                              https://assets.msn.com/statics/icons/favicon_newtabpage.pngfalse
                                                                		high
                                                                https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1740954912705&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                                  		high
                                                                  https://assets.msn.com/bundles/v1/edgeChromium/latest/common.bb241b5cf88a9a76514e.jsfalse
                                                                    		high
                                                                    https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1740954909932&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                                      		high
                                                                      https://ntp.msn.com/bundles/v1/edgeChromium/latest/web-worker.96ac23719317b1928681.jsfalse
                                                                        		high

                                                                        URLs from Memory and Binaries

                                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                                        https://duckduckgo.com/chrome_newtabToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://ntp.msn.com/bundles/v1/edgeChromium/latest/web-worker.96ac23719317b1928681.js#lang=en-us&adsToolSecurityBvg.exe, 0000000B.00000003.2814478385.0000000007FFF000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FFF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://piaktrip.online/KToolSecurityBvg.exe, 0000000B.00000003.2552336986.000000000052A000.00000004.00000020.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2542810591.000000000052A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://duckduckgo.com/ac/?q=ToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.vmware.com/0RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://%s:%u/d.phpPRoboTaskLite.exe, 00000002.00000002.2128835893.0000000050051000.00000020.00000001.01000000.00000008.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://msn.comToolSecurityBvg.exe, 0000000B.00000003.2818104284.0000000008031000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://ocsp.sectigo.com0RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://piaktrip.online/SToolSecurityBvg.exe, 0000000B.00000003.2552336986.000000000052A000.00000004.00000020.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2542810591.000000000052A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://wixtoolset.org/schemas/v4/2008/BurnHdSecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000002.2089009068.0000000004C60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://deff.nelreports.net/api/reportToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://wixtoolset.org/schemas/v4/BootstrapperApplicationDataSecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085622562.0000000000900000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085676238.0000000000900000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://ntp.msn.comToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://wixtoolset.org/schemas/v4/2008/BurnSecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000003.2055144664.000000000342A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000003.2090123059.000000000342A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000003.2089656287.0000000005825000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000003.2055110721.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000000.00000003.2055023511.00000000033E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000002.2089009068.0000000004C60000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000002.2088846583.00000000049B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.robotask.com/support/?ref=rtliteopenRoboTaskLite.exe, 00000002.00000000.2086179373.0000000000401000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.softwareok.deRoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000000.2385861414.00000001401E0000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                      		high
                                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://c.msn.com/c.gif?rnd=1740954909934&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://piaktrip.online/oToolSecurityBvg.exe, 0000000B.00000003.2552336986.000000000052A000.00000004.00000020.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2542810591.000000000052A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://piaktrip.online/ToolSecurityBvg.exe, 0000000B.00000003.2552336986.000000000052A000.00000004.00000020.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2542810591.000000000052A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://www.robotask.com/?ref=rtliteopenX5OP8ORoboTaskLite.exe, 00000002.00000000.2086179373.0000000000401000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://e5.o.lencr.org0ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://ntp.msn.com/ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2800745166.0000000008076000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2795733764.0000000008061000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://ent-api.msn.com/%22ToolSecurityBvg.exe, 0000000B.00000003.2814478385.0000000007FFF000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FFF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-streaToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2801418332.0000000000AEC000.00000004.00000001.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000003.2818884502.0000000000AEC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://assets.msn.com/bundles/v1/edgeChromium/latest/nurturing-placement-manager.fc7b7cad27260d2f6aToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://sectigo.com/CPS0RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://wixtoolset.org/schemas/v4/BundleExtensionDataSecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe, 00000001.00000003.2085426906.0000000000909000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://piaktrip.online/aofchic.htm?zbvekz9gzr=e2anLGjWQlfNlWSpiKPUZflc5Y%2FfWFlFyz44R65XekKGLN7kGulToolSecurityBvg.exe, 0000000B.00000003.2542810591.00000000004E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.robotask.com/bugreport/RoboTaskLite.exe, 00000002.00000000.2086179373.0000000000401000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://assets.msn.com/bundles/v1/edgeChromium/latest/common-windows-widget-shared.ebe8f21260b7d79ffToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.vmware.com/0/RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=ToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.microsoft.ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.???.xx/?search=%sRoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000000.2385861414.00000001401E0000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://assets.msn.com/bundles/v1/edgeChromium/latest/libs_ad-service_dist_NativeAdService_js-web-coToolSecurityBvg.exe, 0000000B.00000003.2818104284.0000000008031000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://robotask.com/openhelp/?id=%d.openSVRoboTaskLite.exe, 00000002.00000000.2086179373.0000000000401000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://www.ecosia.org/newtab/ToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.symauth.com/cps0(RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://assets.msn.com%22ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FFF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://ac.ecosia.org/autocomplete?q=ToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tRoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0yRoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.symauth.com/rpa00RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://ecs.nel.measure.office.net/api/report?TenantId=Edge&DestinationEndpoint=Edge-Prod-EWR30r4c&FToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.geocities.com/SiliconValley/Network/2114/zipbeta.htmlRoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000000.2086419161.00000000005C0000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.robotask.com/RoboTaskLite.exe, 00000002.00000003.2095163997.000000000A8DF000.00000004.00000001.00020000.00000000.sdmp, RoboTaskLite.exe, 00000002.00000000.2086419161.00000000005C0000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://piaktrip.online//ToolSecurityBvg.exe, 0000000B.00000003.2552336986.000000000052A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://robotask.com/help/RoboTaskLite.exe, 00000002.00000000.2086179373.0000000000401000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://e5.i.lencr.org/0AToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.info-zip.org/RoboTaskLite.exe, 00000002.00000002.2122047430.0000000009AC8000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.0000000005016000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F48000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://assets.msn.com/bundles/v1/edgeChromium/latest/weather-card-data-connector.c490877a0a3478ece4ToolSecurityBvg.exe, 0000000B.00000003.2865712524.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://ntp.msn.comreport-to:ToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://www.robotask.com/upgradefromlite/openURoboTaskLite.exe, 00000002.00000000.2086179373.0000000000401000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://ntp.msn.comcache-control:publicToolSecurityBvg.exe, 0000000B.00000003.2817486043.0000000007FE1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.surfok.de/cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.robotask.com/upgradefromlite/openRoboTaskLite.exe, 00000002.00000000.2086179373.0000000000401000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=ToolSecurityBvg.exe, 0000000B.00000003.2622760343.0000000000AF4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://www.softwareok.comRoboTaskLite.exe, 00000002.00000002.2122047430.0000000009B1E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000004.00000002.2429770178.000000000505F000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2621113380.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, ToolSecurityBvg.exe, 0000000B.00000000.2385861414.00000001401E0000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://appsyndication.org/2006/appsynSecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exefalse
                                                                                                                                                                              		high

                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                              Public IPs

                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                              18.164.96.18
                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                              		3MIT-GATEWAYSUSfalse
                                                                                                                                                                              20.189.173.8
                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                              2.22.242.11
                                                                                                                                                                              		a416.dscd.akamai.netEuropean Union
                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                              18.244.18.27
                                                                                                                                                                              		sb.scorecardresearch.comUnited States
                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                              142.251.40.225
                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                              162.159.61.3
                                                                                                                                                                              		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                              23.219.82.72
                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                              13.74.129.1
                                                                                                                                                                              		c-msn-pme.trafficmanager.netUnited States
                                                                                                                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                              23.200.0.9
                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                              95.101.182.106
                                                                                                                                                                              		e28578.d.akamaiedge.netEuropean Union
                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                              204.79.197.219
                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                              23.44.201.42
                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                              52.231.230.148
                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                              23.200.0.38
                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                              23.49.251.13
                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                              		16625AKAMAI-ASUSfalse
                                                                                                                                                                              23.219.82.89
                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                              172.67.137.87
                                                                                                                                                                              		piaktrip.onlineUnited States
                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                              239.255.255.250
                                                                                                                                                                              		unknownReserved
                                                                                                                                                                              		unknownunknownfalse
                                                                                                                                                                              204.79.197.203
                                                                                                                                                                              		a-0003.a-msedge.netUnited States
                                                                                                                                                                              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                                                                                                                                                              Private

                                                                                                                                                                              IP
                                                                                                                                                                              192.168.2.5

                                                                                                                                                                              General Information

                                                                                                                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                              Analysis ID:1627627
                                                                                                                                                                              Start date and time:2025-03-02 23:33:12 +01:00
                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                              Overall analysis duration:0h 10m 16s
                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                              Report type:full
                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                              Number of analysed new started processes analysed:26
                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                              Technologies:
                                                                                                                                                                              • HCA enabled
                                                                                                                                                                              • EGA enabled
                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                              Sample name:SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe
                                                                                                                                                                              Detection:MAL
                                                                                                                                                                              Classification:mal84.spyw.evad.winEXE@64/265@19/20
                                                                                                                                                                              EGA Information:
                                                                                                                                                                              • Successful, ratio: 50%
                                                                                                                                                                              HCA Information:
                                                                                                                                                                              • Successful, ratio: 93%
                                                                                                                                                                              • Number of executed functions: 90
                                                                                                                                                                              • Number of non-executed functions: 275
                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                              Warnings

                                                                                                                                                                              • Exclude process from analysis (whitelisted): RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 199.232.210.172, 2.23.77.188, 13.107.42.16, 13.107.6.158, 142.250.186.174, 13.107.21.239, 204.79.197.239, 108.141.15.7, 2.23.227.208, 2.23.227.215, 2.16.164.32, 2.16.164.74, 23.15.178.226, 23.15.178.147, 2.19.96.26, 2.19.96.82, 2.19.96.91, 2.19.96.128, 2.19.96.90, 142.250.176.195, 142.250.65.163, 142.250.80.99, 172.202.163.200, 13.107.246.60, 23.1.237.91, 2.16.185.191, 94.245.104.56, 20.190.160.64, 172.183.192.109, 150.171.28.10, 13.107.246.72, 23.204.152.36, 23.200.3.13
                                                                                                                                                                              • Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, prod-agic-we-6.westeurope.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, th.bing.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, th.bing.com.edgekey.net, otelrules.azureedge.net, api.edgeoffer.microsoft.com, ctldl.windowsupdate.com, p-th.bing.com.trafficmanager.net, b-0005.b-msedge.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, edge.microsoft.com, fe3cr.delivery.mp.microsoft.com, a1834.dscg2.akamai.net, l-0007.config.skype.c
                                                                                                                                                                              • Execution Graph export aborted for target RoboTaskLite.exe, PID 6000 because there are no executed function
                                                                                                                                                                              • Execution Graph export aborted for target ToolSecurityBvg.exe, PID 5252 because there are no executed function
                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                              • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                              • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                              • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                              • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                              Simulations

                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                              17:34:06API Interceptor1x Sleep call for process: SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exe modified
                                                                                                                                                                              17:34:40API Interceptor2x Sleep call for process: cmd.exe modified
                                                                                                                                                                              17:34:42API Interceptor23x Sleep call for process: ToolSecurityBvg.exe modified
                                                                                                                                                                              23:34:27AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hqb_Daemon.lnk

                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                              IPs

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              18.164.96.180af4a52e.0cce76886785b0ff1283f346.workers.devemailantonio.cataneo@axactor.com.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                http://earnandexcel.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  https://ioa.pages.dev/account/js-reporting/?crumb=uZ4.07kERLI&message=javascript_not_enabled&ref=%2Faccount%2Fchallenge%2FpasswordIP:Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    https://nitricwell.com/0/0/0/2734ac06a6295ef72c4f8a72588f86fd/19/8/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                      https://tinyurl.com/29efvw3vGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        https://eu-west-1.protection.sophos.com?d=canadapost-postescanada.ca&u=aHR0cHM6Ly90Lm5vdGlmaWNhdGlvbnMuY2FuYWRhcG9zdC1wb3N0ZXNjYW5hZGEuY2EvaW5mbzUvci8_aWQ9aGIxNDU4ZjgsOWRlODU3ZSw0NTBjYzE0JnAxPTEwMjMyNjg2MjI0MTg3NTk=&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjYy&t=N1RKVWZjVU5wUEdMeThHOFVLVldldUxxa0dvVDlXZTNJRSs5Qk8xaERKUT0=&h=f26f8d0f15a54e998681403293c2fd70&s=AVNPUEhUT0NFTkNSWVBUSVYmVARZSkCC_Iz90uns0oQMxssiinz9YV-0YkeuFba4Kg7GXitYO5oj5O9L1mvS6_cGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          https://aolserv.pages.dev/robots.txtIP:Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                            https://www.canva.com/link?target=https%3A%2F%2Fez1di49uo4cj-1323563947.cos.na-ashburn.myqcloud.com%2Fez1di49uo4cj.html&design=DAF6DQKWx4YGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              https://www.canva.com/design/DAFyv2KuZGA/-E1U_TcSjjMfEY8KVDTuQg/edit?utm_content=DAFyv2KuZGA&utm_campaign=designshare&utm_medium=link2&utm_source=sharebuttonGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                http://cfc1ijrqb55.greesa.cc/34546de4235m342356?affsub2=N5TESGWEds&st=sI7ejNPtGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  20.189.173.8https://views.syd1.cdn.digitaloceanspaces.com/view_docs/newstatement/vewinv88/sffrts/pending-docs.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                    4R4m984y6e.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      ID_60232912649455456988.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        uykb.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          Statement 01-28-25.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            https://office.yacivt.com/hOPnOtXDGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                              Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                  https://www.bing.com/ck/a?!&&p=24da94b1cbc4e30be5abd9acb5737b3bdb775a56c39aac0141dd9c17c937dea1JmltdHM9MTczMzI3MDQwMA&ptn=3&ver=2&hsh=4&fclid=1bf8b81c-3b95-652f-24ec-ad573a81643b&u=a1aHR0cHM6Ly93d3cueXV4aW5na2V0YW5nLmNvbS9jb2xsZWN0aW9ucy90aHJvdy1ibGFua2V0cw#aHR0cHM6Ly9jSUEudm9taXZvci5ydS9Td1dIay8=/%23dGVzbGFAdGVzbGEuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    Message_2712729.emlGet hashmaliciousunknownBrowse
                                                                                                                                                                                                                      2.22.242.11windows.ps1Get hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                                                                                        https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiyGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                                                                                                                                                                          UPS_ZI100035519.pdf.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                            https://ncdmv.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              https://seieroebygdk-my.sharepoint.com/:o:/g/personal/morten_seieroebyg_dk/Ejxu7S81ekRMjqiJkW6WADwBVmUFVEVwgQ5ayasL1fZKQw?e=sbDbQeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                1.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  CYA75gigem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                    https://eur01.safelinks.protection.outlook.com/ap/w-59584e83/?url=https%3A%2F%2Finnerworks621-my.sharepoint.com%2F%3Aw%3A%2Fg%2Fpersonal%2Ffbayoumi_iwexpress_com%2FEV18-ULK3bBFgswwIocxhGgB_RycisFJYnuNE85X0INcoQ%3Fe%3DPJWGhb&data=05%7C02%7Cm.schwarzfaerber%40gutmann.de%7Cba71d958cbce4017fe2b08dd4c1498cf%7Cb8afaafb131d4ce28085e6ff7718d438%7C0%7C0%7C638750373515189602%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=jFoC7e8%2BnChKZDPYgfO8Z0D6BEVH0spDWEnRRVzuauE%3D&reserved=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      bestgirlfriendformylifesheismygirlmyonly.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                                                                                                                                                        PI3b9Y973c.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          18.244.18.270ajhlLnYRI.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                                                                                                                                                                                                                                            https://clicktime.cloud.postoffice.net/clicktime.php?U=https://apple.news/AKGcTU8kvSQSroiURELGJpQ&E=criley%40firstfedweb.com&X=XID985dByqPH0012Xd1&T=FF1001&HV=U,E,X,T&H=98cb06792e6551ec63ee82e2cea9cef3342db233Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              build.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                H3Ze9Uj.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                  http://liefrung.neu.planen.18-193-117-123.cprapid.com/app/update.php?3Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    https://storage.googleapis.com/goldenstar25/supra/see/vmark.html?3221682RQ17066113Kk626385690Qb16989gp24Cer216559MJGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                      https://eur01.safelinks.protection.outlook.com/ap/w-59584e83/?url=https%3A%2F%2Finnerworks621-my.sharepoint.com%2F%3Aw%3A%2Fg%2Fpersonal%2Ffbayoumi_iwexpress_com%2FEV18-ULK3bBFgswwIocxhGgB_RycisFJYnuNE85X0INcoQ%3Fe%3DPJWGhb&data=05%7C02%7Cm.schwarzfaerber%40gutmann.de%7Cba71d958cbce4017fe2b08dd4c1498cf%7Cb8afaafb131d4ce28085e6ff7718d438%7C0%7C0%7C638750373515189602%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=jFoC7e8%2BnChKZDPYgfO8Z0D6BEVH0spDWEnRRVzuauE%3D&reserved=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        https://innerworks621-my.sharepoint.com/:w:/g/personal/fbayoumi_iwexpress_com/EV18-ULK3bBFgswwIocxhGgB_RycisFJYnuNE85X0INcoQ?rtime=X7A0bhVM3UgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          bestgirlfriendformylifesheismygirlmyonly.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                                                                                                                                                                            PI3b9Y973c.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                              chrome.cloudflare-dns.comPayment_Activity_0079_2025-2-23.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                              xn3nGSFdRn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                              windows.ps1Get hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                              VRChat_ERP_Setup 1.0.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                              0ajhlLnYRI.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                              ynBVHwu6gx.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                              https://www.asiafont.com/asfont/am_dl.php?font=win_FontTong3Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                              Tanveer Sethi_Voice-REC-481680954386772.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                              New Missed Call Notification for jim.huber 2252025 84809 PM.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                              dwpk5JGAxF.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                              a416.dscd.akamai.netPayment_Activity_0079_2025-2-23.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 2.22.242.11
                                                                                                                                                                                                                                                              xn3nGSFdRn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 2.19.11.120
                                                                                                                                                                                                                                                              windows.ps1Get hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                                              • 2.22.242.11
                                                                                                                                                                                                                                                              0ajhlLnYRI.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                              • 104.124.11.32
                                                                                                                                                                                                                                                              ynBVHwu6gx.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                              • 2.22.242.105
                                                                                                                                                                                                                                                              VtrZVhhVGV.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                              • 2.19.11.100
                                                                                                                                                                                                                                                              New Missed Call Notification for jim.huber 2252025 84809 PM.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 2.19.11.120
                                                                                                                                                                                                                                                              dwpk5JGAxF.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 2.22.242.105
                                                                                                                                                                                                                                                              F2024065877 (1).htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 2.19.11.100
                                                                                                                                                                                                                                                              Tokenova.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 2.16.164.104
                                                                                                                                                                                                                                                              c-msn-pme.trafficmanager.netxn3nGSFdRn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 13.74.129.1
                                                                                                                                                                                                                                                              windows.ps1Get hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                                              • 13.74.129.1
                                                                                                                                                                                                                                                              0ajhlLnYRI.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                              • 13.74.129.1
                                                                                                                                                                                                                                                              ynBVHwu6gx.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                              • 13.74.129.1
                                                                                                                                                                                                                                                              VtrZVhhVGV.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                              • 13.74.129.1
                                                                                                                                                                                                                                                              https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=3Wd3ltM-bUOVZnlm7nv0O8eQ2FDHZ6VJgfxzI_vnF21UNk1PTEhUOFRUTkFaWElISERVS0RJWDYyNS4uGet hashmaliciousHTMLPhisher, Invisible JSBrowse
                                                                                                                                                                                                                                                              • 13.74.129.1
                                                                                                                                                                                                                                                              https://forms.office.com/e/YZrLdkg1x4Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 13.74.129.1
                                                                                                                                                                                                                                                              https://streetfurniture.com/r-u-ok/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 20.110.205.119
                                                                                                                                                                                                                                                              https://push.fm/fl/xltuwagyGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                              • 13.74.129.1
                                                                                                                                                                                                                                                              Deborah Hardwick shared Carter Towler New Project with you. (17.8 KB).msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 13.74.129.1
                                                                                                                                                                                                                                                              a-0003.a-msedge.netxn3nGSFdRn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 204.79.197.203
                                                                                                                                                                                                                                                              windows.ps1Get hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                                              • 204.79.197.203
                                                                                                                                                                                                                                                              1ZXaFij.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                                              • 204.79.197.203
                                                                                                                                                                                                                                                              0ajhlLnYRI.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                              • 204.79.197.203
                                                                                                                                                                                                                                                              ynBVHwu6gx.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                              • 204.79.197.203
                                                                                                                                                                                                                                                              VtrZVhhVGV.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                              • 204.79.197.203
                                                                                                                                                                                                                                                              new order pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                              • 204.79.197.203
                                                                                                                                                                                                                                                              dwpk5JGAxF.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 204.79.197.203
                                                                                                                                                                                                                                                              Tokenova.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 204.79.197.203
                                                                                                                                                                                                                                                              crypted.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                              • 204.79.197.203

                                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                              AMAZON-02USsend.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 45.112.123.126
                                                                                                                                                                                                                                                              main_x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 34.249.145.219
                                                                                                                                                                                                                                                              arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 34.249.145.219
                                                                                                                                                                                                                                                              ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                              • 157.175.218.15
                                                                                                                                                                                                                                                              m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                              • 34.249.121.196
                                                                                                                                                                                                                                                              debug.dbg.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                              • 157.175.218.254
                                                                                                                                                                                                                                                              sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                              • 157.175.218.205
                                                                                                                                                                                                                                                              sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 18.167.100.44
                                                                                                                                                                                                                                                              sora.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 63.32.205.149
                                                                                                                                                                                                                                                              sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 13.245.236.65
                                                                                                                                                                                                                                                              MICROSOFT-CORP-MSN-AS-BLOCKUShttps://nam.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fportal.partner.microsoftonline.cn%2FAdminPortal%2FHome%3Fref%3Dbilloverview%2Finvoice-list%26source%3Dtcemail%23%2Fhomepage&p=bT1lMzk0YTBkMC0yMmQyLTRmMzktYjNlZS04ODZlNWZiZDQ4ZjEmcz0wMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAmdT1hZW8mbD1Ib21lGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                              • 13.107.246.60
                                                                                                                                                                                                                                                              mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                              • 13.84.111.124
                                                                                                                                                                                                                                                              arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                              • 20.118.24.122
                                                                                                                                                                                                                                                              arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                              • 157.56.241.232
                                                                                                                                                                                                                                                              sora.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 207.68.157.206
                                                                                                                                                                                                                                                              sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 20.156.125.53
                                                                                                                                                                                                                                                              sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 13.107.188.148
                                                                                                                                                                                                                                                              sora.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 65.54.145.173
                                                                                                                                                                                                                                                              sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 104.214.22.69
                                                                                                                                                                                                                                                              z0r0.i686.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                              • 20.160.134.144
                                                                                                                                                                                                                                                              MIT-GATEWAYSUSarm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                              • 19.214.221.89
                                                                                                                                                                                                                                                              x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                              • 18.102.20.127
                                                                                                                                                                                                                                                              sora.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 19.89.89.193
                                                                                                                                                                                                                                                              sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 19.10.136.164
                                                                                                                                                                                                                                                              sora.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 19.11.150.207
                                                                                                                                                                                                                                                              sora.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 19.115.82.178
                                                                                                                                                                                                                                                              sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 19.198.191.123
                                                                                                                                                                                                                                                              sora.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 19.213.252.1
                                                                                                                                                                                                                                                              Payment_Activity_0079_2025-2-23.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 18.173.132.92
                                                                                                                                                                                                                                                              cbr.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 18.11.122.40
                                                                                                                                                                                                                                                              AKAMAI-ASN1EU418Wtr75920.svgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                              • 95.101.182.112
                                                                                                                                                                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.24714.14996.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                                                              x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                              • 184.27.119.14
                                                                                                                                                                                                                                                              Adobe_Creative_Installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                                                              AhMyth.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                                                              Anarchy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                                                              Payment_Activity_0079_2025-2-23.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 23.219.82.40
                                                                                                                                                                                                                                                              xn3nGSFdRn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 95.101.182.74
                                                                                                                                                                                                                                                              windows.ps1Get hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                                              • 104.70.121.177
                                                                                                                                                                                                                                                              cbr.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 104.80.9.199

                                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                              a0e9f5d64349fb13191bc781f81f42e1striped.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                              • 172.67.137.87
                                                                                                                                                                                                                                                              SecuriteInfo.com.W32.Rugmi.APQ.tr.dldr.23786.13680.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 172.67.137.87
                                                                                                                                                                                                                                                              DataAnalyzer.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 172.67.137.87
                                                                                                                                                                                                                                                              D5biXrj4Yc.ps1Get hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                              • 172.67.137.87
                                                                                                                                                                                                                                                              posh_injected_payload.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                              • 172.67.137.87
                                                                                                                                                                                                                                                              #U8fc5#U731b#U9f99-1.1.5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 172.67.137.87
                                                                                                                                                                                                                                                              #U8fc5#U731b#U9f99-1.1.5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 172.67.137.87
                                                                                                                                                                                                                                                              random.exeGet hashmaliciousAmadey, Credential Flusher, GCleaner, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                              • 172.67.137.87
                                                                                                                                                                                                                                                              GHpWbrQ.exeGet hashmaliciousLummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                              • 172.67.137.87
                                                                                                                                                                                                                                                              E3WGlpL.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                              • 172.67.137.87

                                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\ToolSecurityBvg.exeSecuriteInfo.com.W32.Rugmi.APQ.tr.dldr.23786.13680.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                zCi9aFTGlS.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  zCi9aFTGlS.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    61.brr.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      12.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                                        VtrZVhhVGV.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                                          4R4m984y6e.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            1.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              H3Ze9Uj.exeGet hashmaliciousXWormBrowse

                                                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\289f7dad-312c-47f5-a28e-17a8381221cb.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):45672
                                                                                                                                                                                                                                                                                Entropy (8bit):6.09009347084493
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:768:mMkbJ6eg6KzhXRLtkV9f4R2hDO6vP6OFYuyRZCx89wBUBDKg7dxi6CAohGoup1Xz:mMk16zRRSV9fG6ERZOg7Li6Rohhu3Vln
                                                                                                                                                                                                                                                                                MD5:9992D28D9BCA9E7045A37568EE6B191E
                                                                                                                                                                                                                                                                                SHA1:8188124DA4D3FB7B66B46AC0537405C0FE0B0214
                                                                                                                                                                                                                                                                                SHA-256:1B0A28AAEFF316906E8BA74B17923B6B3B1F1132A858E52692B1649B864ADD0D
                                                                                                                                                                                                                                                                                SHA-512:54B5EFF8B79F2E109CC9447671F8F8A405B9B7E7246948D325B198CC30F5E59AB8A3F0883976451443E5CB8FB28644EB4297663505AC4C02A309448740687898
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\39a7d0ba-b559-4746-800a-d4aee73aa625.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):44654
                                                                                                                                                                                                                                                                                Entropy (8bit):6.096285252780032
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkBxwu9hDO6vP6OFYuyRZCx89wBUBDKcGoup1Xl3jVu:z/Ps+wsI7yOEC6ERZOchu3VlXr4CRo1
                                                                                                                                                                                                                                                                                MD5:177B056D9DDCFA6587B303B3411BE30E
                                                                                                                                                                                                                                                                                SHA1:7A7B60CBCA2B6ED8737DE6A422FC1B128064F700
                                                                                                                                                                                                                                                                                SHA-256:2DD68DDCB8122D258E29DBF391A4B903FD7E95874280E95F734C826A8ADC10BA
                                                                                                                                                                                                                                                                                SHA-512:F79A5BB96292F6B302368F15B555B714A4A54FA7D6657B7876956B0BBD72C181FEF2166B020A6DEDC46892C26E6EBD8BEA36AE813C0DB69138522E30B4685A58
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\69b11a89-c40c-4edb-8eb6-eaea252a7186.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):44137
                                                                                                                                                                                                                                                                                Entropy (8bit):6.090745438969963
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMGwuF9hDO6vP6O+jtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE46mtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                MD5:857D803B1D35A0377FA4416328F734AB
                                                                                                                                                                                                                                                                                SHA1:ABB20E4541ADEB0E66556ACF23B1DE8D88822164
                                                                                                                                                                                                                                                                                SHA-256:295BE8D58499A620D6718BCA271B333E2758D5F1680B1E5F19BAB002DA4DAB16
                                                                                                                                                                                                                                                                                SHA-512:4CB22DF0EB7A77C47694CDD4CBB09ADC62484BFBE085D022782304EEB63182A4DCDFBE765C50893C26A47D5D3BD596D63C34C2402B04352016F3045AA3A34696
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\a6d6cb6d-5c82-44ce-a772-6b92f5a1f7f0.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):107893
                                                                                                                                                                                                                                                                                Entropy (8bit):4.640137257437767
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7l:fwUQC5VwBIiElEd2K57P7l
                                                                                                                                                                                                                                                                                MD5:7129D4BC1D980217D137BA5631FDBB5A
                                                                                                                                                                                                                                                                                SHA1:DDDC2B18DC0AC8E3821605EEDC7ABA53E0996218
                                                                                                                                                                                                                                                                                SHA-256:C9EE27A10E08696ABCECBCABE93C043602C809B73289013B9CD82B95C023C272
                                                                                                                                                                                                                                                                                SHA-512:3415532083D5BD995F369CBA228358C1EA74E62237E2945C82591535EF9FDA29BC66198A96AE12B80EA2B6634AE1DDE01F0B73163697D5CA1F4FC8FD13348623
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):107893
                                                                                                                                                                                                                                                                                Entropy (8bit):4.640137257437767
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7l:fwUQC5VwBIiElEd2K57P7l
                                                                                                                                                                                                                                                                                MD5:7129D4BC1D980217D137BA5631FDBB5A
                                                                                                                                                                                                                                                                                SHA1:DDDC2B18DC0AC8E3821605EEDC7ABA53E0996218
                                                                                                                                                                                                                                                                                SHA-256:C9EE27A10E08696ABCECBCABE93C043602C809B73289013B9CD82B95C023C272
                                                                                                                                                                                                                                                                                SHA-512:3415532083D5BD995F369CBA228358C1EA74E62237E2945C82591535EF9FDA29BC66198A96AE12B80EA2B6634AE1DDE01F0B73163697D5CA1F4FC8FD13348623
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67C4DD15-192C.pma

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 2048.000000, slope 17753217332035315519916605440.000000
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                                                Entropy (8bit):0.4482101600146811
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3072:zCsvwHco4eR4aWjedjNLThoeHT84ryvTOfquAGHQNWv8g1HF:rvw2egjexNLTlHeLoquAGHQNWv8aH
                                                                                                                                                                                                                                                                                MD5:0ED62A8BA796DE4DE17153FC40226240
                                                                                                                                                                                                                                                                                SHA1:1FAFBF0F4A1A079E35FA133A513FB0BBBC50C93B
                                                                                                                                                                                                                                                                                SHA-256:A344E3BA91EDEA4D21461139BCB0014D769A858E1E2589A1562398E4FCCAC109
                                                                                                                                                                                                                                                                                SHA-512:2A770A3A4BE90487E442E8F6739C4B18DEB5FD0A3BF200FB29FF1370ED977C07712A04C71818AAAFE431F279149EBD37AE159E133165BD08C84C5CC255A1EAE7
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:...@..@...@.....C.].....@...................@...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".bqpyex20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G..>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2......._...... .2...........

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):280
                                                                                                                                                                                                                                                                                Entropy (8bit):4.132041621771752
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
                                                                                                                                                                                                                                                                                MD5:845CFA59D6B52BD2E8C24AC83A335C66
                                                                                                                                                                                                                                                                                SHA1:6882BB1CE71EB14CEF73413EFC591ACF84C63C75
                                                                                                                                                                                                                                                                                SHA-256:29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
                                                                                                                                                                                                                                                                                SHA-512:8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2d580649-4fd3-48ca-b1f0-10854758352d.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):10454
                                                                                                                                                                                                                                                                                Entropy (8bit):5.151305426776264
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:192:stMkdpws1OI+KsZihUkkpY6yQ8cbV+FpZQwr66WVaFIMYfPCYJ:stMQws1OI+KfhIbGjQw26WVaTYT
                                                                                                                                                                                                                                                                                MD5:D03DBD557437F2EA07E71A52108A8446
                                                                                                                                                                                                                                                                                SHA1:B3A479E2053E892EC45C0249C6C0A93A14A656A0
                                                                                                                                                                                                                                                                                SHA-256:D3281B7DBBFD6441FDC339C80CEF4DB0EC34A9F9B1B60BF5666375993B96BBD0
                                                                                                                                                                                                                                                                                SHA-512:2301CD8D07CC83EA672F04F93473E187AE210A1BA65B151CAEB03BD7F32C5ACC291D84C21B9ED986C0750B08630A00259BA2A580D669B0B972CF337E549C0F43
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13385428502223106","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\32d4e959-1998-4b38-85cb-5933290ace43.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\55ee5251-500b-4342-8152-f5185d8d661b.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):25185
                                                                                                                                                                                                                                                                                Entropy (8bit):5.570339302056451
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:768:D8me3dWPpxfJE8F1+UoAYDCx9Tuqh0VfUC9xbog/OVcPrX1rwjCpztuF:D8me3dWPpxfJEu1jafjX+ytm
                                                                                                                                                                                                                                                                                MD5:5A0EC24466625977A4748C8C5DF13E7D
                                                                                                                                                                                                                                                                                SHA1:C3DA35DAE1DE2A60D4285E34C5BD1A9D5CB4AF6A
                                                                                                                                                                                                                                                                                SHA-256:F6E6EB4B24E6E6F1D197B55D05EF0EA935D1A3B5E86E3E10ADEAC07BB8D6FEF1
                                                                                                                                                                                                                                                                                SHA-512:6B823872A168DEE0624E8697856D861825EB2825A29E80E6518F75C0122CE860D5BA70BF90B08525436F6C4F9EF640B781A509A8BBC760241D83A4E06D7AD34B
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13385428501512327","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13385428501512327","location":5,"ma

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\57b790c9-5890-49d8-96f2-db1b9a6b55a8.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\59a27ab8-75e3-48da-af44-582bfae3d397.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):14032
                                                                                                                                                                                                                                                                                Entropy (8bit):5.29381031841172
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:384:stMPGKSu4ws1OI+KfhrIbGjQw26WVaTYT:s+OxuQaKfibGc5ZaTYT
                                                                                                                                                                                                                                                                                MD5:2E8CC97683F99FAAD89EBAC9BCB52BA8
                                                                                                                                                                                                                                                                                SHA1:A3C29BEC05CFF7F88FBDFD4980D7EE8A87D91340
                                                                                                                                                                                                                                                                                SHA-256:5AA13D2237977AE3432097745CF57710F276F91F522BB9E0ED73B2BAF160BC65
                                                                                                                                                                                                                                                                                SHA-512:2F3B76E8468F51471E2F8A7A96F2F67C83F24AC4A1627A900D3D77B85CAEC42AB154A846C33608EB9AA80CCC472279562ABF89066FB968EBD79BDA806A5C3A89
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13385428502223106","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\68b585b6-c4b2-411f-8805-57c8aa8c77be.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):115717
                                                                                                                                                                                                                                                                                Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7e8011b8-1b93-4419-99e4-945210e0230e.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):40504
                                                                                                                                                                                                                                                                                Entropy (8bit):5.5608008871717525
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:768:D1kebh7pLGLxzdWPpxf0E8F1+UoAYDCx9Tuqh0VfUC9xbog/OVF6IPrk1rwCE6Bx:D1kebXcxzdWPpxf0Eu1ja46Ijk+CBBlT
                                                                                                                                                                                                                                                                                MD5:2E52F448CED4CD6F576DBEDB6E97B82F
                                                                                                                                                                                                                                                                                SHA1:9335F9166BDEB452E215B000035AD59DED06D9E7
                                                                                                                                                                                                                                                                                SHA-256:345955971E93DEB55F035C7E04CBE3C15A898ED4AC0484E9CEEDDB3085509211
                                                                                                                                                                                                                                                                                SHA-512:95C5345085F8567283137D178F7F07172BF3038F77E6411BC1FC88B270EBC715691492B8EB99AC19FA60A0873CBEA84396340AD14F967F5C04F82A0F35114724
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13385428501512327","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13385428501512327","location":5,"ma

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\97f885f8-f182-419b-81fe-f21aeca7e7e3.tmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):14197
                                                                                                                                                                                                                                                                                Entropy (8bit):5.291138295760486
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:384:stMPGKSu4ws1OI+KfhrIbGjQw26WjlaTYT:s+OxuQaKfibGc5laTYT
                                                                                                                                                                                                                                                                                MD5:6984A2720461B20552D149FC21AAD693
                                                                                                                                                                                                                                                                                SHA1:7D953FE0405BD986B9AE1E582986CA66774EBC53
                                                                                                                                                                                                                                                                                SHA-256:0643A903B45438DBADF3DE7B486665C02963A326269D14F2D30D536724FB4713
                                                                                                                                                                                                                                                                                SHA-512:3991C07439DB1D38B308BD33A9C2728EDE9329DDCCC8C68818801825900C5EE54C52FADFBA7B024F8684CC2B964709A1BB5F5FAE510A64F8EA54ED6220F41454
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13385428502223106","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):33
                                                                                                                                                                                                                                                                                Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):307
                                                                                                                                                                                                                                                                                Entropy (8bit):5.226706136392354
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOZCjQLR1923oH+Tcwtp3hBtB2KLlDCDSQWM+q2P923oH+Tcwtp3hBWsIFUv:7lL8Yebp3dFL3Q+v4Yebp3eFUv
                                                                                                                                                                                                                                                                                MD5:9CCAFD5989830F1FBEC9209F8899FFB0
                                                                                                                                                                                                                                                                                SHA1:59BC7E9EDD646D9CCC626DBD45A6812020442ADA
                                                                                                                                                                                                                                                                                SHA-256:081F50D5358299051798A4A9662D4B0DA00E1B95EF3C76E5C557BBD2E7B06B3F
                                                                                                                                                                                                                                                                                SHA-512:65A5921542126E06C776051F18E7AC3B8C4C239021C21B069A5A0DE2F79B501924CB0F7B968DA7885E8689D1D0E845B33D7541F07DA4891DAE07D22939FD9035
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/02-17:35:08.251 7ac Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2025/03/02-17:35:08.319 7ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                Size (bytes):2163821
                                                                                                                                                                                                                                                                                Entropy (8bit):5.222878083797209
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:24576:v+/PN8FifI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8Afx2mjF
                                                                                                                                                                                                                                                                                MD5:349CE34C63D2910AE4B60D8BD5E140CA
                                                                                                                                                                                                                                                                                SHA1:B0A9A91CC92F6160500DFEBBF15E42F57BBE3369
                                                                                                                                                                                                                                                                                SHA-256:1CA4903F692B37DCDB40A61A1C9BE0B9EF99797B5DBC8AB22C9C203AFF1AFCE5
                                                                                                                                                                                                                                                                                SHA-512:DDCED118BF48D3F9C54C1855A2ED1C3E9A26FEA547E5FFDCCB7DDE4A11899B81A7D05BD9F59B1A8FE5206006591A264A967323DD23061CBB5EBA94E04E2CDC18
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):336
                                                                                                                                                                                                                                                                                Entropy (8bit):5.104161935485108
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOZC/Oq2P923oH+Tcwt9Eh1tIFUtTCmZmwFC93kwO923oH+Tcwt9Eh15LJ:7KOv4Yeb9Eh16FUtp/W5LYeb9Eh1VJ
                                                                                                                                                                                                                                                                                MD5:6595DF769E0E09779ACB16DFCA897E9F
                                                                                                                                                                                                                                                                                SHA1:2DB595337673D900DF8FA5AB4F890CDB9EC7EC18
                                                                                                                                                                                                                                                                                SHA-256:26B245DBB36C2A6144656CA35F9F7F350E44A1DC2DAB29BAF9216BE140867C2A
                                                                                                                                                                                                                                                                                SHA-512:C0DE7018649F70CE5F67087D339AECC7CCBAC1129AF2E15E71B3A874E65F1A447AC3C92C62B93B2AA0D019D315AE11EE3D5692BD52FA20BFCC79B6F4F6966A64
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/02-17:35:08.917 1ec0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2025/03/02-17:35:08.918 1ec0 Recovering log #3.2025/03/02-17:35:08.922 1ec0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):336
                                                                                                                                                                                                                                                                                Entropy (8bit):5.104161935485108
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOZC/Oq2P923oH+Tcwt9Eh1tIFUtTCmZmwFC93kwO923oH+Tcwt9Eh15LJ:7KOv4Yeb9Eh16FUtp/W5LYeb9Eh1VJ
                                                                                                                                                                                                                                                                                MD5:6595DF769E0E09779ACB16DFCA897E9F
                                                                                                                                                                                                                                                                                SHA1:2DB595337673D900DF8FA5AB4F890CDB9EC7EC18
                                                                                                                                                                                                                                                                                SHA-256:26B245DBB36C2A6144656CA35F9F7F350E44A1DC2DAB29BAF9216BE140867C2A
                                                                                                                                                                                                                                                                                SHA-512:C0DE7018649F70CE5F67087D339AECC7CCBAC1129AF2E15E71B3A874E65F1A447AC3C92C62B93B2AA0D019D315AE11EE3D5692BD52FA20BFCC79B6F4F6966A64
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/02-17:35:08.917 1ec0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2025/03/02-17:35:08.918 1ec0 Recovering log #3.2025/03/02-17:35:08.922 1ec0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                                                                                Entropy (8bit):0.46306782891081316
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuPy:TouQq3qh7z3bY2LNW9WMcUvBuPy
                                                                                                                                                                                                                                                                                MD5:E4461D4862CD9C0AAF47BA5DC05EFC4C
                                                                                                                                                                                                                                                                                SHA1:E72A0B79FE886411175349E20AE24D46012D33B3
                                                                                                                                                                                                                                                                                SHA-256:8882CDBAA4B6ED7BD5BEF545AB8DC4C316702EF7EBE5ACD06C74A29A700268BC
                                                                                                                                                                                                                                                                                SHA-512:1A4E9C9B253C0FC048581575DFA42C9462068E921E2178B5130C9B4FC5E1205A8196586887DAE3D8101E68B84B1147CE602EFA9060F41EC6D4F0019D5E2E205E
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):10240
                                                                                                                                                                                                                                                                                Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                                MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                                SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                                SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                                SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):348
                                                                                                                                                                                                                                                                                Entropy (8bit):5.170578380789623
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOZ9939+q2P923oH+TcwtnG2tMsIFUtT9rCJZmwF9rC9VkwO923oH+TcwtnG2tM2:7x9+v4Yebn9GFUttCJ/rC9V5LYebn95J
                                                                                                                                                                                                                                                                                MD5:ADC30CC9A875BEFC30B66BCC00869D9A
                                                                                                                                                                                                                                                                                SHA1:B3BC9212239B27B64DB402B5B2DF45EBEDD09F13
                                                                                                                                                                                                                                                                                SHA-256:E7C5E652BC3638C9B7DD70BA583F35A94C3976D8E2D1F1BC1CC11CEA6FF942CC
                                                                                                                                                                                                                                                                                SHA-512:ACB22078F439D4535232F3BFE889653E8902C0498F0BD8F7DF0D6447B08488669E98CBC128549A0AD4D289F8052A6C78C9F38387DAD8DC8ACA9B8860289174F7
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/02-17:35:01.554 18dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2025/03/02-17:35:01.555 18dc Recovering log #3.2025/03/02-17:35:01.555 18dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):348
                                                                                                                                                                                                                                                                                Entropy (8bit):5.170578380789623
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOZ9939+q2P923oH+TcwtnG2tMsIFUtT9rCJZmwF9rC9VkwO923oH+TcwtnG2tM2:7x9+v4Yebn9GFUttCJ/rC9V5LYebn95J
                                                                                                                                                                                                                                                                                MD5:ADC30CC9A875BEFC30B66BCC00869D9A
                                                                                                                                                                                                                                                                                SHA1:B3BC9212239B27B64DB402B5B2DF45EBEDD09F13
                                                                                                                                                                                                                                                                                SHA-256:E7C5E652BC3638C9B7DD70BA583F35A94C3976D8E2D1F1BC1CC11CEA6FF942CC
                                                                                                                                                                                                                                                                                SHA-512:ACB22078F439D4535232F3BFE889653E8902C0498F0BD8F7DF0D6447B08488669E98CBC128549A0AD4D289F8052A6C78C9F38387DAD8DC8ACA9B8860289174F7
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/02-17:35:01.554 18dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2025/03/02-17:35:01.555 18dc Recovering log #3.2025/03/02-17:35:01.555 18dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                Entropy (8bit):0.6128886179131717
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:TLs9pRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWi8+MAqA8Jc:TLapR+DDNzWjJ0npnyXKUO8+jH3pRMmL
                                                                                                                                                                                                                                                                                MD5:6C84F615D404A87B0A4A76CA332E3D02
                                                                                                                                                                                                                                                                                SHA1:5EEE2DE8A84A1AE194D954CFB9BDF747D9043D76
                                                                                                                                                                                                                                                                                SHA-256:DBE9DC50AD0365EF4B86CEF516E7E6DC79EADA0351F40EBBE81E633B4B2D0112
                                                                                                                                                                                                                                                                                SHA-512:019A64D41E02FF374FD41DD0D0B80B1AFD85894E36767731B85F2C4EE23991168663152848A36CFD19DE1BE0D516D54A744203AD40911ECECB9071202A7FE7E3
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):375520
                                                                                                                                                                                                                                                                                Entropy (8bit):5.35413686940813
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6144:wA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:wFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                MD5:EA545F1111C9561BE1D4AA883679EC58
                                                                                                                                                                                                                                                                                SHA1:00666657A2D88C873B28D15A6AA0B75E4E89644C
                                                                                                                                                                                                                                                                                SHA-256:6A85971E03A8CA007D159DEE29423102768DBC68D22F12E047514D5CF39895E1
                                                                                                                                                                                                                                                                                SHA-512:70C0F418B6584F764678A9B1F227FC2A5EE75E6B81F779D37B34742554D45E185C34F7079ECDED5E5EC7BD97FC45622D9EAC8C4F35094B6D738C764B556C11A8
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1..l.q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13385428509478824..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):311
                                                                                                                                                                                                                                                                                Entropy (8bit):5.183853713949945
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOZC91923oH+Tcwtk2WwnvB2KLlDCno0L+q2P923oH+Tcwtk2WwnvIFUv:7XYebkxwnvFLlpv4YebkxwnQFUv
                                                                                                                                                                                                                                                                                MD5:DAF2D88F8A705869CBA7EE2BAD2E1E95
                                                                                                                                                                                                                                                                                SHA1:AB29DE8C4C20833E54D09DDA5B52D30EAC90D4AF
                                                                                                                                                                                                                                                                                SHA-256:E98FE44C74F54A2295156C0BE44266A30535A8CCDD84C812B01A79B674B757E9
                                                                                                                                                                                                                                                                                SHA-512:90069FBD244F0AA6E8EF16260C4CAF6E46F3CA2F4E6A9FDF1347CFC9E2FC858884E46B5FAB80A1AA342696D66C782A792F05C9576A4EC017D873D13F048A8E2D
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/02-17:35:08.344 1ee8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2025/03/02-17:35:08.689 1ee8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                Size (bytes):358860
                                                                                                                                                                                                                                                                                Entropy (8bit):5.3246122994418075
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RZ:C1gAg1zfvR
                                                                                                                                                                                                                                                                                MD5:30ED6EB8FBF0DAAE6FBBECC85BDE0430
                                                                                                                                                                                                                                                                                SHA1:CA83330C0EF1089D9555767CF6ADF1A2F4028554
                                                                                                                                                                                                                                                                                SHA-256:7D46AAD75D8BCD81B659EE6360584291709D27A365DDE67464AADB9009797815
                                                                                                                                                                                                                                                                                SHA-512:D59C0A7BF51FCFB8F981FD626DB79292A4AFAADAF5B000FE19B936AE36C6AD31B1DE48AE0DF9D8027E31D1DAB60FE9466C8E90B5DAEAEE5C0AB30F209252B554
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):418
                                                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):324
                                                                                                                                                                                                                                                                                Entropy (8bit):5.151149954055485
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOZbAeN+q2P923oH+Tcwt8aPrqIFUtTbAeZZmwFbAeNVkwO923oH+Tcwt8amLJ:7xnIv4YebL3FUtPnZ/lnz5LYebQJ
                                                                                                                                                                                                                                                                                MD5:2F33ADE9CFF6B5E0CA7B62177A7458ED
                                                                                                                                                                                                                                                                                SHA1:156900F4F0A6B28F997AE8C484BB439FD78648FC
                                                                                                                                                                                                                                                                                SHA-256:047633E9371032E81A80BEC79E9FDC628905ED4D17568284595C3CE62C33B5B3
                                                                                                                                                                                                                                                                                SHA-512:2F93705052633A9235925B6CC9E555E2C922005F235A2D084B6BC7752620533D71D2CDCC47A6150362BD3A7095034BC62768D12C375293503356D9DA504B7277
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/02-17:35:01.676 1aa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2025/03/02-17:35:01.676 1aa8 Recovering log #3.2025/03/02-17:35:01.676 1aa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):324
                                                                                                                                                                                                                                                                                Entropy (8bit):5.151149954055485
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOZbAeN+q2P923oH+Tcwt8aPrqIFUtTbAeZZmwFbAeNVkwO923oH+Tcwt8amLJ:7xnIv4YebL3FUtPnZ/lnz5LYebQJ
                                                                                                                                                                                                                                                                                MD5:2F33ADE9CFF6B5E0CA7B62177A7458ED
                                                                                                                                                                                                                                                                                SHA1:156900F4F0A6B28F997AE8C484BB439FD78648FC
                                                                                                                                                                                                                                                                                SHA-256:047633E9371032E81A80BEC79E9FDC628905ED4D17568284595C3CE62C33B5B3
                                                                                                                                                                                                                                                                                SHA-512:2F93705052633A9235925B6CC9E555E2C922005F235A2D084B6BC7752620533D71D2CDCC47A6150362BD3A7095034BC62768D12C375293503356D9DA504B7277
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/02-17:35:01.676 1aa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2025/03/02-17:35:01.676 1aa8 Recovering log #3.2025/03/02-17:35:01.676 1aa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):418
                                                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):328
                                                                                                                                                                                                                                                                                Entropy (8bit):5.1542489035292345
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOZbWk+q2P923oH+Tcwt865IFUtTbUL0XZmwFbUL03VkwO923oH+Tcwt86+ULJ:7xW5v4Yeb/WFUtP5X/l5F5LYeb/+SJ
                                                                                                                                                                                                                                                                                MD5:7B98C4D2B17062FD6CF1F58D5C9D7CE3
                                                                                                                                                                                                                                                                                SHA1:768B745B0BDED4CC3B69DDB69E5019928C2D6401
                                                                                                                                                                                                                                                                                SHA-256:FD965F699F33FD334D27D5A947440E8D09B14D245ED5C63201ADADF0BE4C58A1
                                                                                                                                                                                                                                                                                SHA-512:7379611ADF446414103E07B68FF246B5C4D20D6E7142CB01CFE60360F2115D01FC9D4A938D22AD9DC04932245433F0C049571E091B8693A60941CE91EFDE7DA9
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/02-17:35:01.681 1aa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2025/03/02-17:35:01.683 1aa8 Recovering log #3.2025/03/02-17:35:01.683 1aa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):328
                                                                                                                                                                                                                                                                                Entropy (8bit):5.1542489035292345
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOZbWk+q2P923oH+Tcwt865IFUtTbUL0XZmwFbUL03VkwO923oH+Tcwt86+ULJ:7xW5v4Yeb/WFUtP5X/l5F5LYeb/+SJ
                                                                                                                                                                                                                                                                                MD5:7B98C4D2B17062FD6CF1F58D5C9D7CE3
                                                                                                                                                                                                                                                                                SHA1:768B745B0BDED4CC3B69DDB69E5019928C2D6401
                                                                                                                                                                                                                                                                                SHA-256:FD965F699F33FD334D27D5A947440E8D09B14D245ED5C63201ADADF0BE4C58A1
                                                                                                                                                                                                                                                                                SHA-512:7379611ADF446414103E07B68FF246B5C4D20D6E7142CB01CFE60360F2115D01FC9D4A938D22AD9DC04932245433F0C049571E091B8693A60941CE91EFDE7DA9
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/02-17:35:01.681 1aa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2025/03/02-17:35:01.683 1aa8 Recovering log #3.2025/03/02-17:35:01.683 1aa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):1254
                                                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):324
                                                                                                                                                                                                                                                                                Entropy (8bit):5.177325357012249
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOZIlW/4q2P923oH+Tcwt8NIFUtTIlW/JZmwFIl63NDkwO923oH+Tcwt8+eLJ:7Cldv4YebpFUt8l4/2l6V5LYebqJ
                                                                                                                                                                                                                                                                                MD5:19A7D0F4BFB6463755834801F536BE65
                                                                                                                                                                                                                                                                                SHA1:3EC2D907FD52F5BB723C75C9E9A14C1BF446FDF3
                                                                                                                                                                                                                                                                                SHA-256:60652618E0E569AAFCDBE35ADBAE46C19F9DEABDD85455BF253F204990B24B52
                                                                                                                                                                                                                                                                                SHA-512:B4F3B06009E128E3DA5FCD316DE37F81D89BC963A45126FC07F6D46F9FBB581C483586B16432D4E8C3F840D448BA67E2E8933B0D13B4A4CFE112EBD041E179B3
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/02-17:35:02.439 1b80 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/03/02-17:35:02.439 1b80 Recovering log #3.2025/03/02-17:35:02.440 1b80 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):324
                                                                                                                                                                                                                                                                                Entropy (8bit):5.177325357012249
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOZIlW/4q2P923oH+Tcwt8NIFUtTIlW/JZmwFIl63NDkwO923oH+Tcwt8+eLJ:7Cldv4YebpFUt8l4/2l6V5LYebqJ
                                                                                                                                                                                                                                                                                MD5:19A7D0F4BFB6463755834801F536BE65
                                                                                                                                                                                                                                                                                SHA1:3EC2D907FD52F5BB723C75C9E9A14C1BF446FDF3
                                                                                                                                                                                                                                                                                SHA-256:60652618E0E569AAFCDBE35ADBAE46C19F9DEABDD85455BF253F204990B24B52
                                                                                                                                                                                                                                                                                SHA-512:B4F3B06009E128E3DA5FCD316DE37F81D89BC963A45126FC07F6D46F9FBB581C483586B16432D4E8C3F840D448BA67E2E8933B0D13B4A4CFE112EBD041E179B3
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/02-17:35:02.439 1b80 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/03/02-17:35:02.439 1b80 Recovering log #3.2025/03/02-17:35:02.440 1b80 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):429
                                                                                                                                                                                                                                                                                Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                Size (bytes):8720
                                                                                                                                                                                                                                                                                Entropy (8bit):0.2191763562065486
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:3:q87tFlljq7A/mhWJFuQ3yy7IOWUfWdweytllrE9SFcTp4AGbNCV9RUIEn:qH75fOId0Xi99pEYm
                                                                                                                                                                                                                                                                                MD5:8DE11630C095416D697717EC043EDB37
                                                                                                                                                                                                                                                                                SHA1:68863B327319739CB3C3214F57FA0D9101DC8D47
                                                                                                                                                                                                                                                                                SHA-256:7195999C0A44C7149E2581CA9F9CF7F16703FBAB269AD32E1EDEE3662EF80B0E
                                                                                                                                                                                                                                                                                SHA-512:76DE389B3A1B2A69BA882C21BBFEA9B295C1FDA5F8D1E25FA39E70D2406348EFE61B04D8B3D50EB6743FCE9887EC6B341C457472D135D34427A1271681B5DA6B
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.............4q...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):115717
                                                                                                                                                                                                                                                                                Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):49152
                                                                                                                                                                                                                                                                                Entropy (8bit):3.647735433206235
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:384:aj9P0bjlUgam6I1QkQerGcCP/Kbtn773pLXRKToaADhf:ad+lLle2pCP/m7JRKc39
                                                                                                                                                                                                                                                                                MD5:A62CD3C1A701E177BAA6390584614F85
                                                                                                                                                                                                                                                                                SHA1:E77F71B4F9CFAE5AC7AC357DE3FF9A877D9D5B31
                                                                                                                                                                                                                                                                                SHA-256:2DE222D5006C64CD71E5181C9C8A7CE95FC79CE0ADA07B2EC20AD443B21FFF92
                                                                                                                                                                                                                                                                                SHA-512:9032B8306B327C1FFE10D9B1BE935E88A8AF4D6E36B6EDCB7124DB5C63B7F62039CE28893E9C6E94F13421B061CF44C02D4B32B9B99BD5B53AF8E98D151F9080
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):408
                                                                                                                                                                                                                                                                                Entropy (8bit):5.274958307382076
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:7GB9+v4Yeb8rcHEZrELFUt44NJ/y4N9V5LYeb8rcHEZrEZSJ:7d4Yeb8nZrExg5nXLYeb8nZrEZe
                                                                                                                                                                                                                                                                                MD5:227DE88555C7441D8F31859FB81E3E1E
                                                                                                                                                                                                                                                                                SHA1:61379B96AB59CA228D4B63FE7D79F0CBC08B0DED
                                                                                                                                                                                                                                                                                SHA-256:686C0E462C847A442F4B792A57F50E6898FEC3C25E4E6EC4D38E3957FB887384
                                                                                                                                                                                                                                                                                SHA-512:B71729900637D0D4F88459FE3D59E53D467AD182B2620117F9256B7229796DDA2D74876C0183D6AB2FA534AC09957454AF6D56AC87B8F871B67198EE69E84A61
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/02-17:35:06.664 18dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/03/02-17:35:06.665 18dc Recovering log #3.2025/03/02-17:35:06.665 18dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):408
                                                                                                                                                                                                                                                                                Entropy (8bit):5.274958307382076
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:12:7GB9+v4Yeb8rcHEZrELFUt44NJ/y4N9V5LYeb8rcHEZrEZSJ:7d4Yeb8nZrExg5nXLYeb8nZrEZe
                                                                                                                                                                                                                                                                                MD5:227DE88555C7441D8F31859FB81E3E1E
                                                                                                                                                                                                                                                                                SHA1:61379B96AB59CA228D4B63FE7D79F0CBC08B0DED
                                                                                                                                                                                                                                                                                SHA-256:686C0E462C847A442F4B792A57F50E6898FEC3C25E4E6EC4D38E3957FB887384
                                                                                                                                                                                                                                                                                SHA-512:B71729900637D0D4F88459FE3D59E53D467AD182B2620117F9256B7229796DDA2D74876C0183D6AB2FA534AC09957454AF6D56AC87B8F871B67198EE69E84A61
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/02-17:35:06.664 18dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/03/02-17:35:06.665 18dc Recovering log #3.2025/03/02-17:35:06.665 18dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):1985
                                                                                                                                                                                                                                                                                Entropy (8bit):5.64943918511502
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:48:KZ5U38Mkvv7XRtV03Sx4GyQEnIx7iXRHHS2/48ylsT:KDdvjR9OIBiRTQ8osT
                                                                                                                                                                                                                                                                                MD5:BDBDE0C2EE06322D1562AB830DA864AA
                                                                                                                                                                                                                                                                                SHA1:97D3612B5060C496DF6E89B236E916AAF7335ECB
                                                                                                                                                                                                                                                                                SHA-256:C58C7200447A10AACF63668A7B0E79255882B2C66AD684F8DE55E1DA6FE575F7
                                                                                                                                                                                                                                                                                SHA-512:8570E92CF6B0420F4BCE3A138759E9B0F02B12A01FA44B02DE96AA7149BEA6188C8C0B74FCD3F9E01BA08C1DFF8695EABA869AF5E41641EB2302FBD50EE9B83E
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:.....................VERSION.1..META:https://ntp.msn.com..............!_https://ntp.msn.com..LastKnownPV..1740954910015.._https://ntp.msn.com..MUID!.20D9FECD8DE260CF167EEB6E8CE561CF.%_https://ntp.msn.com..authRecordTrail...[{"time":"2025-03-02T22:35:09.924Z","action":"NUT","result":"SUCCESS","state":{"isSignedIn":false,"accountType":"UNSUPPORTED_SOVEREIGNTY","signedInAccounts":[0],"storage":{"elt":0,"lt":0,"aace":0,"ace":0,"app_anon":0,"anon":0,"app_wid":0},"appType":"edgeChromium","pageType":"dhp"}}].._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1740954910088,"schedule":[39,-1,-1,40,-1,31,-1],"scheduleFixed":[39,-1,-1,40,-1,31,-1],"simpleSchedule":[36,49,32,37,25,17,26]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20250228.429"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedP

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):333
                                                                                                                                                                                                                                                                                Entropy (8bit):5.157944294060279
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOZIhaNwQ+q2P923oH+Tcwt8a2jMGIFUtTIhQ9QgZmwFIhS0QQVkwO923oH+Tcw2:7ChaNIv4Yeb8EFUt8hu5/2hF5LYeb8bJ
                                                                                                                                                                                                                                                                                MD5:1F34046ACFAC820A9BB1C63D87032CE9
                                                                                                                                                                                                                                                                                SHA1:3914AE602BDA9BA55A22771625D611CCF841B8D4
                                                                                                                                                                                                                                                                                SHA-256:F94F3A425017ECDBC15EDACB2E9AECC2B4D255D1768082EB10077706C3C8A864
                                                                                                                                                                                                                                                                                SHA-512:2CDBD7A461F33D72503D4033A899A4BED6287AA66F7AA1D100C60454C06994BE304F1777EED9CE8693ACEE808254B9B1BC8C399AD597DEB54F44B33162A7C024
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/02-17:35:02.067 b88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/03/02-17:35:02.069 b88 Recovering log #3.2025/03/02-17:35:02.073 b88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                Size (bytes):333
                                                                                                                                                                                                                                                                                Entropy (8bit):5.157944294060279
                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                SSDEEP:6:iOZIhaNwQ+q2P923oH+Tcwt8a2jMGIFUtTIhQ9QgZmwFIhS0QQVkwO923oH+Tcw2:7ChaNIv4Yeb8EFUt8hu5/2hF5LYeb8bJ
                                                                                                                                                                                                                                                                                MD5:1F34046ACFAC820A9BB1C63D87032CE9
                                                                                                                                                                                                                                                                                SHA1:3914AE602BDA9BA55A22771625D611CCF841B8D4
                                                                                                                                                                                                                                                                                SHA-256:F94F3A425017ECDBC15EDACB2E9AECC2B4D255D1768082EB10077706C3C8A864
                                                                                                                                                                                                                                                                                SHA-512:2CDBD7A461F33D72503D4033A899A4BED6287AA66F7AA1D100C60454C06994BE304F1777EED9CE8693ACEE808254B9B1BC8C399AD597DEB54F44B33162A7C024
                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                Preview:2025/03/02-17:35:02.067 b88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb